./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash ef69c83623105b68e3213a0f6e5530f40867a5bc091f925c8e4d647572a9cdfc --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:22,320 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:22,321 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:22,356 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:22,357 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:22,360 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:22,361 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:22,367 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:22,368 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:22,374 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:22,374 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:22,375 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:22,376 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:22,378 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:22,379 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:22,381 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:22,384 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:22,385 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:22,386 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:22,388 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:22,391 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:22,395 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:22,396 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:22,397 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:22,399 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:22,401 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:22,401 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:22,402 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:22,403 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:22,404 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:22,404 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:22,405 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:22,406 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:22,407 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:22,408 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:22,409 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:22,409 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:22,410 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:22,410 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:22,410 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:22,411 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:22,412 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:10:22,439 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:22,439 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:22,440 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:22,440 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:22,441 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:22,441 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:22,441 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:22,442 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:22,442 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:22,442 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:22,443 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:22,443 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:10:22,443 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:22,443 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:22,443 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:22,444 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:22,444 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:22,444 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:22,444 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:22,444 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:22,444 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:22,445 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:22,445 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:22,445 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:22,445 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:22,445 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:22,446 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:22,446 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:22,446 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:10:22,446 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:10:22,446 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:22,447 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:22,447 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:22,447 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> ef69c83623105b68e3213a0f6e5530f40867a5bc091f925c8e4d647572a9cdfc [2022-02-20 18:10:22,663 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:22,687 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:22,689 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:22,690 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:22,691 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:22,692 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c [2022-02-20 18:10:22,766 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/175b30666/5e511dec3f534b15a96c6caaf40f2e40/FLAGea3c3ca9f [2022-02-20 18:10:23,154 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:23,154 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c [2022-02-20 18:10:23,162 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/175b30666/5e511dec3f534b15a96c6caaf40f2e40/FLAGea3c3ca9f [2022-02-20 18:10:23,172 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/175b30666/5e511dec3f534b15a96c6caaf40f2e40 [2022-02-20 18:10:23,175 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:23,176 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:23,180 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:23,180 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:23,183 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:23,183 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,184 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1dbef5e7 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23, skipping insertion in model container [2022-02-20 18:10:23,185 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,190 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:23,227 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:23,445 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c[16086,16099] [2022-02-20 18:10:23,461 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:23,477 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:23,576 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c[16086,16099] [2022-02-20 18:10:23,582 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:23,601 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:23,602 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23 WrapperNode [2022-02-20 18:10:23,602 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:23,604 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:23,604 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:23,604 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:23,610 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,624 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,649 INFO L137 Inliner]: procedures = 53, calls = 151, calls flagged for inlining = 23, calls inlined = 19, statements flattened = 230 [2022-02-20 18:10:23,650 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:23,650 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:23,650 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:23,650 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:23,657 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,657 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,659 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,660 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,664 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,677 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,678 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,680 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:23,680 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:23,680 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:23,681 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:23,684 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (1/1) ... [2022-02-20 18:10:23,690 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:23,698 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:23,716 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:23,734 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:23,755 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:23,755 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:23,756 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:23,756 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:23,756 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:23,756 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:23,756 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:23,756 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:23,757 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:23,757 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:10:23,758 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:23,758 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:23,758 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:23,758 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:23,838 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:23,840 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:24,109 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:24,116 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:24,116 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:24,117 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:24 BoogieIcfgContainer [2022-02-20 18:10:24,118 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:24,119 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:24,119 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:24,122 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:24,122 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:23" (1/3) ... [2022-02-20 18:10:24,123 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2cf8f038 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:24, skipping insertion in model container [2022-02-20 18:10:24,123 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:23" (2/3) ... [2022-02-20 18:10:24,124 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2cf8f038 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:24, skipping insertion in model container [2022-02-20 18:10:24,124 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:24" (3/3) ... [2022-02-20 18:10:24,127 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product35.cil.c [2022-02-20 18:10:24,131 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:24,132 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:24,168 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:24,173 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:24,173 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:24,200 INFO L276 IsEmpty]: Start isEmpty. Operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:10:24,204 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:24,204 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:24,204 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:24,205 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:24,209 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:24,226 INFO L85 PathProgramCache]: Analyzing trace with hash -1047467425, now seen corresponding path program 1 times [2022-02-20 18:10:24,234 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:24,234 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1948634489] [2022-02-20 18:10:24,235 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:24,235 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:24,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:24,441 INFO L290 TraceCheckUtils]: 0: Hoare triple {77#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {77#true} is VALID [2022-02-20 18:10:24,446 INFO L290 TraceCheckUtils]: 1: Hoare triple {77#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {77#true} is VALID [2022-02-20 18:10:24,446 INFO L290 TraceCheckUtils]: 2: Hoare triple {77#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {77#true} is VALID [2022-02-20 18:10:24,446 INFO L290 TraceCheckUtils]: 3: Hoare triple {77#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {77#true} is VALID [2022-02-20 18:10:24,447 INFO L290 TraceCheckUtils]: 4: Hoare triple {77#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {77#true} is VALID [2022-02-20 18:10:24,447 INFO L290 TraceCheckUtils]: 5: Hoare triple {77#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {77#true} is VALID [2022-02-20 18:10:24,447 INFO L290 TraceCheckUtils]: 6: Hoare triple {77#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {77#true} is VALID [2022-02-20 18:10:24,448 INFO L290 TraceCheckUtils]: 7: Hoare triple {77#true} assume false; {78#false} is VALID [2022-02-20 18:10:24,449 INFO L272 TraceCheckUtils]: 8: Hoare triple {78#false} call cleanup(); {78#false} is VALID [2022-02-20 18:10:24,449 INFO L290 TraceCheckUtils]: 9: Hoare triple {78#false} havoc ~i~0;havoc ~__cil_tmp2~0; {78#false} is VALID [2022-02-20 18:10:24,450 INFO L272 TraceCheckUtils]: 10: Hoare triple {78#false} call timeShift(); {78#false} is VALID [2022-02-20 18:10:24,451 INFO L290 TraceCheckUtils]: 11: Hoare triple {78#false} assume !(0 != ~pumpRunning~0); {78#false} is VALID [2022-02-20 18:10:24,451 INFO L290 TraceCheckUtils]: 12: Hoare triple {78#false} assume !(0 != ~systemActive~0); {78#false} is VALID [2022-02-20 18:10:24,451 INFO L290 TraceCheckUtils]: 13: Hoare triple {78#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {78#false} is VALID [2022-02-20 18:10:24,451 INFO L290 TraceCheckUtils]: 14: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {78#false} is VALID [2022-02-20 18:10:24,452 INFO L290 TraceCheckUtils]: 15: Hoare triple {78#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {78#false} is VALID [2022-02-20 18:10:24,452 INFO L290 TraceCheckUtils]: 16: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {78#false} is VALID [2022-02-20 18:10:24,452 INFO L290 TraceCheckUtils]: 17: Hoare triple {78#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {78#false} is VALID [2022-02-20 18:10:24,453 INFO L290 TraceCheckUtils]: 18: Hoare triple {78#false} assume !false; {78#false} is VALID [2022-02-20 18:10:24,454 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:24,454 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:24,455 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1948634489] [2022-02-20 18:10:24,455 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1948634489] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:24,456 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:24,456 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:24,458 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [655388681] [2022-02-20 18:10:24,459 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:24,464 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:24,465 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:24,468 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:24,505 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:24,505 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:24,506 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:24,525 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:24,526 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:24,529 INFO L87 Difference]: Start difference. First operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:24,636 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:24,636 INFO L93 Difference]: Finished difference Result 140 states and 193 transitions. [2022-02-20 18:10:24,636 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:24,636 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:24,637 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:24,638 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:24,649 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:24,649 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:24,657 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:24,657 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 193 transitions. [2022-02-20 18:10:24,819 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 193 edges. 193 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:24,836 INFO L225 Difference]: With dead ends: 140 [2022-02-20 18:10:24,836 INFO L226 Difference]: Without dead ends: 65 [2022-02-20 18:10:24,840 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:24,844 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 93 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:24,846 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 93 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:24,862 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 65 states. [2022-02-20 18:10:24,880 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 65 to 65. [2022-02-20 18:10:24,881 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:24,881 INFO L82 GeneralOperation]: Start isEquivalent. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:24,882 INFO L74 IsIncluded]: Start isIncluded. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:24,883 INFO L87 Difference]: Start difference. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:24,889 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:24,893 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:24,893 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:24,894 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:24,894 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:24,895 INFO L74 IsIncluded]: Start isIncluded. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:24,895 INFO L87 Difference]: Start difference. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:24,901 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:24,901 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:24,901 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:24,903 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:24,903 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:24,903 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:24,903 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:24,904 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:24,908 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 65 states to 65 states and 84 transitions. [2022-02-20 18:10:24,909 INFO L78 Accepts]: Start accepts. Automaton has 65 states and 84 transitions. Word has length 19 [2022-02-20 18:10:24,909 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:24,910 INFO L470 AbstractCegarLoop]: Abstraction has 65 states and 84 transitions. [2022-02-20 18:10:24,910 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:24,910 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:24,911 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:24,912 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:24,912 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:24,912 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:10:24,912 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:24,913 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:24,913 INFO L85 PathProgramCache]: Analyzing trace with hash 526246002, now seen corresponding path program 1 times [2022-02-20 18:10:24,914 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:24,914 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2108200456] [2022-02-20 18:10:24,914 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:24,914 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:24,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:24,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {508#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {508#true} is VALID [2022-02-20 18:10:25,000 INFO L290 TraceCheckUtils]: 1: Hoare triple {508#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {508#true} is VALID [2022-02-20 18:10:25,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {508#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {508#true} is VALID [2022-02-20 18:10:25,003 INFO L290 TraceCheckUtils]: 3: Hoare triple {508#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {508#true} is VALID [2022-02-20 18:10:25,003 INFO L290 TraceCheckUtils]: 4: Hoare triple {508#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {508#true} is VALID [2022-02-20 18:10:25,004 INFO L290 TraceCheckUtils]: 5: Hoare triple {508#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {508#true} is VALID [2022-02-20 18:10:25,004 INFO L290 TraceCheckUtils]: 6: Hoare triple {508#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {510#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:25,005 INFO L290 TraceCheckUtils]: 7: Hoare triple {510#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {510#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:25,005 INFO L290 TraceCheckUtils]: 8: Hoare triple {510#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {509#false} is VALID [2022-02-20 18:10:25,006 INFO L272 TraceCheckUtils]: 9: Hoare triple {509#false} call cleanup(); {509#false} is VALID [2022-02-20 18:10:25,006 INFO L290 TraceCheckUtils]: 10: Hoare triple {509#false} havoc ~i~0;havoc ~__cil_tmp2~0; {509#false} is VALID [2022-02-20 18:10:25,006 INFO L272 TraceCheckUtils]: 11: Hoare triple {509#false} call timeShift(); {509#false} is VALID [2022-02-20 18:10:25,006 INFO L290 TraceCheckUtils]: 12: Hoare triple {509#false} assume !(0 != ~pumpRunning~0); {509#false} is VALID [2022-02-20 18:10:25,007 INFO L290 TraceCheckUtils]: 13: Hoare triple {509#false} assume !(0 != ~systemActive~0); {509#false} is VALID [2022-02-20 18:10:25,007 INFO L290 TraceCheckUtils]: 14: Hoare triple {509#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {509#false} is VALID [2022-02-20 18:10:25,008 INFO L290 TraceCheckUtils]: 15: Hoare triple {509#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {509#false} is VALID [2022-02-20 18:10:25,008 INFO L290 TraceCheckUtils]: 16: Hoare triple {509#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {509#false} is VALID [2022-02-20 18:10:25,008 INFO L290 TraceCheckUtils]: 17: Hoare triple {509#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {509#false} is VALID [2022-02-20 18:10:25,008 INFO L290 TraceCheckUtils]: 18: Hoare triple {509#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {509#false} is VALID [2022-02-20 18:10:25,009 INFO L290 TraceCheckUtils]: 19: Hoare triple {509#false} assume !false; {509#false} is VALID [2022-02-20 18:10:25,009 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:25,009 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:25,010 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2108200456] [2022-02-20 18:10:25,010 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2108200456] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:25,010 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:25,010 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:25,011 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [967983963] [2022-02-20 18:10:25,011 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:25,012 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:25,014 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:25,014 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,032 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:25,032 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:25,033 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:25,034 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:25,034 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:25,035 INFO L87 Difference]: Start difference. First operand 65 states and 84 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:25,138 INFO L93 Difference]: Finished difference Result 92 states and 119 transitions. [2022-02-20 18:10:25,138 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:25,139 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:25,139 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:25,140 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,148 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 119 transitions. [2022-02-20 18:10:25,149 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,153 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 119 transitions. [2022-02-20 18:10:25,153 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 119 transitions. [2022-02-20 18:10:25,251 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:25,253 INFO L225 Difference]: With dead ends: 92 [2022-02-20 18:10:25,253 INFO L226 Difference]: Without dead ends: 56 [2022-02-20 18:10:25,254 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:25,255 INFO L933 BasicCegarLoop]: 71 mSDtfsCounter, 17 mSDsluCounter, 50 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 121 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:25,255 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 121 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:25,256 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2022-02-20 18:10:25,261 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 56. [2022-02-20 18:10:25,261 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:25,261 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:25,262 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:25,262 INFO L87 Difference]: Start difference. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:25,265 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:25,265 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:25,265 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:25,266 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:25,266 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:25,266 INFO L74 IsIncluded]: Start isIncluded. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:25,267 INFO L87 Difference]: Start difference. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:25,269 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:25,269 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:25,269 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:25,270 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:25,270 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:25,270 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:25,270 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:25,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:25,273 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 56 states to 56 states and 72 transitions. [2022-02-20 18:10:25,273 INFO L78 Accepts]: Start accepts. Automaton has 56 states and 72 transitions. Word has length 20 [2022-02-20 18:10:25,273 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:25,273 INFO L470 AbstractCegarLoop]: Abstraction has 56 states and 72 transitions. [2022-02-20 18:10:25,273 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,274 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:25,274 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:10:25,274 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:25,275 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:25,275 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:10:25,275 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:25,276 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:25,276 INFO L85 PathProgramCache]: Analyzing trace with hash 561787742, now seen corresponding path program 1 times [2022-02-20 18:10:25,276 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:25,276 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [50802590] [2022-02-20 18:10:25,277 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:25,277 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:25,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:25,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {838#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {840#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:25,387 INFO L290 TraceCheckUtils]: 1: Hoare triple {840#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {840#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:25,388 INFO L290 TraceCheckUtils]: 2: Hoare triple {840#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {840#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:25,388 INFO L290 TraceCheckUtils]: 3: Hoare triple {840#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {841#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:10:25,389 INFO L290 TraceCheckUtils]: 4: Hoare triple {841#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {842#(= |ULTIMATE.start_main_~tmp~4#1| ~systemActive~0)} is VALID [2022-02-20 18:10:25,390 INFO L290 TraceCheckUtils]: 5: Hoare triple {842#(= |ULTIMATE.start_main_~tmp~4#1| ~systemActive~0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,390 INFO L290 TraceCheckUtils]: 6: Hoare triple {843#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,391 INFO L290 TraceCheckUtils]: 7: Hoare triple {843#(not (= 0 ~systemActive~0))} assume !false; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,391 INFO L290 TraceCheckUtils]: 8: Hoare triple {843#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,392 INFO L290 TraceCheckUtils]: 9: Hoare triple {843#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,396 INFO L290 TraceCheckUtils]: 10: Hoare triple {843#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~0#1); {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,397 INFO L290 TraceCheckUtils]: 11: Hoare triple {843#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,397 INFO L290 TraceCheckUtils]: 12: Hoare triple {843#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~0#1); {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,400 INFO L290 TraceCheckUtils]: 13: Hoare triple {843#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,401 INFO L290 TraceCheckUtils]: 14: Hoare triple {843#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___2~0#1; {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,404 INFO L272 TraceCheckUtils]: 15: Hoare triple {843#(not (= 0 ~systemActive~0))} call timeShift(); {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,404 INFO L290 TraceCheckUtils]: 16: Hoare triple {843#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {843#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:25,405 INFO L290 TraceCheckUtils]: 17: Hoare triple {843#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {839#false} is VALID [2022-02-20 18:10:25,406 INFO L290 TraceCheckUtils]: 18: Hoare triple {839#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {839#false} is VALID [2022-02-20 18:10:25,406 INFO L290 TraceCheckUtils]: 19: Hoare triple {839#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {839#false} is VALID [2022-02-20 18:10:25,407 INFO L290 TraceCheckUtils]: 20: Hoare triple {839#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {839#false} is VALID [2022-02-20 18:10:25,407 INFO L290 TraceCheckUtils]: 21: Hoare triple {839#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {839#false} is VALID [2022-02-20 18:10:25,407 INFO L290 TraceCheckUtils]: 22: Hoare triple {839#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {839#false} is VALID [2022-02-20 18:10:25,408 INFO L290 TraceCheckUtils]: 23: Hoare triple {839#false} assume !false; {839#false} is VALID [2022-02-20 18:10:25,409 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:25,409 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:25,409 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [50802590] [2022-02-20 18:10:25,410 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [50802590] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:25,410 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:25,410 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:25,410 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1067721087] [2022-02-20 18:10:25,410 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:25,411 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:25,411 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:25,411 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,436 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:25,436 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:25,436 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:25,437 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:25,437 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:25,437 INFO L87 Difference]: Start difference. First operand 56 states and 72 transitions. Second operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,867 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:25,867 INFO L93 Difference]: Finished difference Result 188 states and 250 transitions. [2022-02-20 18:10:25,867 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:10:25,867 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:25,868 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:25,868 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,872 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 250 transitions. [2022-02-20 18:10:25,872 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:25,878 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 250 transitions. [2022-02-20 18:10:25,879 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 250 transitions. [2022-02-20 18:10:26,074 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 250 edges. 250 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:26,079 INFO L225 Difference]: With dead ends: 188 [2022-02-20 18:10:26,079 INFO L226 Difference]: Without dead ends: 139 [2022-02-20 18:10:26,080 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:26,081 INFO L933 BasicCegarLoop]: 85 mSDtfsCounter, 154 mSDsluCounter, 305 mSDsCounter, 0 mSdLazyCounter, 58 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 154 SdHoareTripleChecker+Valid, 390 SdHoareTripleChecker+Invalid, 69 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 58 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:26,081 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [154 Valid, 390 Invalid, 69 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 58 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:26,082 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 139 states. [2022-02-20 18:10:26,094 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 139 to 129. [2022-02-20 18:10:26,094 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:26,095 INFO L82 GeneralOperation]: Start isEquivalent. First operand 139 states. Second operand has 129 states, 104 states have (on average 1.3846153846153846) internal successors, (144), 115 states have internal predecessors, (144), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 11 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:10:26,096 INFO L74 IsIncluded]: Start isIncluded. First operand 139 states. Second operand has 129 states, 104 states have (on average 1.3846153846153846) internal successors, (144), 115 states have internal predecessors, (144), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 11 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:10:26,096 INFO L87 Difference]: Start difference. First operand 139 states. Second operand has 129 states, 104 states have (on average 1.3846153846153846) internal successors, (144), 115 states have internal predecessors, (144), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 11 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:10:26,101 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:26,102 INFO L93 Difference]: Finished difference Result 139 states and 181 transitions. [2022-02-20 18:10:26,102 INFO L276 IsEmpty]: Start isEmpty. Operand 139 states and 181 transitions. [2022-02-20 18:10:26,103 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:26,107 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:26,108 INFO L74 IsIncluded]: Start isIncluded. First operand has 129 states, 104 states have (on average 1.3846153846153846) internal successors, (144), 115 states have internal predecessors, (144), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 11 states have call predecessors, (14), 13 states have call successors, (14) Second operand 139 states. [2022-02-20 18:10:26,109 INFO L87 Difference]: Start difference. First operand has 129 states, 104 states have (on average 1.3846153846153846) internal successors, (144), 115 states have internal predecessors, (144), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 11 states have call predecessors, (14), 13 states have call successors, (14) Second operand 139 states. [2022-02-20 18:10:26,114 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:26,114 INFO L93 Difference]: Finished difference Result 139 states and 181 transitions. [2022-02-20 18:10:26,115 INFO L276 IsEmpty]: Start isEmpty. Operand 139 states and 181 transitions. [2022-02-20 18:10:26,115 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:26,116 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:26,116 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:26,116 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:26,116 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 129 states, 104 states have (on average 1.3846153846153846) internal successors, (144), 115 states have internal predecessors, (144), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 11 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:10:26,121 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 129 states to 129 states and 171 transitions. [2022-02-20 18:10:26,121 INFO L78 Accepts]: Start accepts. Automaton has 129 states and 171 transitions. Word has length 24 [2022-02-20 18:10:26,121 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:26,122 INFO L470 AbstractCegarLoop]: Abstraction has 129 states and 171 transitions. [2022-02-20 18:10:26,122 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:26,122 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 171 transitions. [2022-02-20 18:10:26,123 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:10:26,123 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:26,123 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:26,123 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:10:26,123 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:26,124 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:26,124 INFO L85 PathProgramCache]: Analyzing trace with hash 2000985071, now seen corresponding path program 1 times [2022-02-20 18:10:26,125 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:26,125 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [445711721] [2022-02-20 18:10:26,125 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:26,125 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:26,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:26,169 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:10:26,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:26,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {1573#true} assume true; {1573#true} is VALID [2022-02-20 18:10:26,173 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1573#true} {1574#false} #212#return; {1574#false} is VALID [2022-02-20 18:10:26,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {1573#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {1575#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {1575#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,175 INFO L290 TraceCheckUtils]: 3: Hoare triple {1575#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,175 INFO L290 TraceCheckUtils]: 4: Hoare triple {1575#(= ~pumpRunning~0 0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,175 INFO L290 TraceCheckUtils]: 5: Hoare triple {1575#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,176 INFO L290 TraceCheckUtils]: 6: Hoare triple {1575#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,176 INFO L290 TraceCheckUtils]: 7: Hoare triple {1575#(= ~pumpRunning~0 0)} assume !false; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,177 INFO L290 TraceCheckUtils]: 8: Hoare triple {1575#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,177 INFO L290 TraceCheckUtils]: 9: Hoare triple {1575#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,178 INFO L290 TraceCheckUtils]: 10: Hoare triple {1575#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~0#1); {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,178 INFO L290 TraceCheckUtils]: 11: Hoare triple {1575#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,178 INFO L290 TraceCheckUtils]: 12: Hoare triple {1575#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,179 INFO L290 TraceCheckUtils]: 13: Hoare triple {1575#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,179 INFO L290 TraceCheckUtils]: 14: Hoare triple {1575#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,180 INFO L272 TraceCheckUtils]: 15: Hoare triple {1575#(= ~pumpRunning~0 0)} call timeShift(); {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,180 INFO L290 TraceCheckUtils]: 16: Hoare triple {1575#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,181 INFO L290 TraceCheckUtils]: 17: Hoare triple {1575#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {1575#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:26,181 INFO L290 TraceCheckUtils]: 18: Hoare triple {1575#(= ~pumpRunning~0 0)} assume !(0 == ~pumpRunning~0); {1574#false} is VALID [2022-02-20 18:10:26,181 INFO L272 TraceCheckUtils]: 19: Hoare triple {1574#false} call processEnvironment__wrappee__base(); {1573#true} is VALID [2022-02-20 18:10:26,181 INFO L290 TraceCheckUtils]: 20: Hoare triple {1573#true} assume true; {1573#true} is VALID [2022-02-20 18:10:26,182 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {1573#true} {1574#false} #212#return; {1574#false} is VALID [2022-02-20 18:10:26,182 INFO L290 TraceCheckUtils]: 22: Hoare triple {1574#false} assume { :end_inline_processEnvironment } true; {1574#false} is VALID [2022-02-20 18:10:26,182 INFO L290 TraceCheckUtils]: 23: Hoare triple {1574#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {1574#false} is VALID [2022-02-20 18:10:26,182 INFO L290 TraceCheckUtils]: 24: Hoare triple {1574#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {1574#false} is VALID [2022-02-20 18:10:26,183 INFO L290 TraceCheckUtils]: 25: Hoare triple {1574#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1574#false} is VALID [2022-02-20 18:10:26,183 INFO L290 TraceCheckUtils]: 26: Hoare triple {1574#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {1574#false} is VALID [2022-02-20 18:10:26,183 INFO L290 TraceCheckUtils]: 27: Hoare triple {1574#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {1574#false} is VALID [2022-02-20 18:10:26,183 INFO L290 TraceCheckUtils]: 28: Hoare triple {1574#false} assume !false; {1574#false} is VALID [2022-02-20 18:10:26,184 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:26,184 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:26,184 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [445711721] [2022-02-20 18:10:26,184 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [445711721] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:26,184 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:26,185 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:26,185 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [240137346] [2022-02-20 18:10:26,185 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:26,185 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:26,186 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:26,186 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:26,208 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:26,209 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:26,209 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:26,210 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:26,210 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:26,210 INFO L87 Difference]: Start difference. First operand 129 states and 171 transitions. Second operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:26,314 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:26,314 INFO L93 Difference]: Finished difference Result 316 states and 428 transitions. [2022-02-20 18:10:26,315 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:26,315 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:26,315 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:26,315 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:26,318 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 185 transitions. [2022-02-20 18:10:26,318 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:26,321 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 185 transitions. [2022-02-20 18:10:26,321 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 185 transitions. [2022-02-20 18:10:26,444 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 185 edges. 185 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:26,451 INFO L225 Difference]: With dead ends: 316 [2022-02-20 18:10:26,451 INFO L226 Difference]: Without dead ends: 194 [2022-02-20 18:10:26,454 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:26,462 INFO L933 BasicCegarLoop]: 73 mSDtfsCounter, 45 mSDsluCounter, 44 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 117 SdHoareTripleChecker+Invalid, 14 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:26,463 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 117 Invalid, 14 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:26,465 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 194 states. [2022-02-20 18:10:26,482 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 194 to 192. [2022-02-20 18:10:26,487 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:26,488 INFO L82 GeneralOperation]: Start isEquivalent. First operand 194 states. Second operand has 192 states, 153 states have (on average 1.3529411764705883) internal successors, (207), 166 states have internal predecessors, (207), 19 states have call successors, (19), 19 states have call predecessors, (19), 19 states have return successors, (25), 19 states have call predecessors, (25), 19 states have call successors, (25) [2022-02-20 18:10:26,490 INFO L74 IsIncluded]: Start isIncluded. First operand 194 states. Second operand has 192 states, 153 states have (on average 1.3529411764705883) internal successors, (207), 166 states have internal predecessors, (207), 19 states have call successors, (19), 19 states have call predecessors, (19), 19 states have return successors, (25), 19 states have call predecessors, (25), 19 states have call successors, (25) [2022-02-20 18:10:26,495 INFO L87 Difference]: Start difference. First operand 194 states. Second operand has 192 states, 153 states have (on average 1.3529411764705883) internal successors, (207), 166 states have internal predecessors, (207), 19 states have call successors, (19), 19 states have call predecessors, (19), 19 states have return successors, (25), 19 states have call predecessors, (25), 19 states have call successors, (25) [2022-02-20 18:10:26,504 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:26,504 INFO L93 Difference]: Finished difference Result 194 states and 252 transitions. [2022-02-20 18:10:26,504 INFO L276 IsEmpty]: Start isEmpty. Operand 194 states and 252 transitions. [2022-02-20 18:10:26,505 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:26,505 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:26,506 INFO L74 IsIncluded]: Start isIncluded. First operand has 192 states, 153 states have (on average 1.3529411764705883) internal successors, (207), 166 states have internal predecessors, (207), 19 states have call successors, (19), 19 states have call predecessors, (19), 19 states have return successors, (25), 19 states have call predecessors, (25), 19 states have call successors, (25) Second operand 194 states. [2022-02-20 18:10:26,508 INFO L87 Difference]: Start difference. First operand has 192 states, 153 states have (on average 1.3529411764705883) internal successors, (207), 166 states have internal predecessors, (207), 19 states have call successors, (19), 19 states have call predecessors, (19), 19 states have return successors, (25), 19 states have call predecessors, (25), 19 states have call successors, (25) Second operand 194 states. [2022-02-20 18:10:26,516 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:26,516 INFO L93 Difference]: Finished difference Result 194 states and 252 transitions. [2022-02-20 18:10:26,516 INFO L276 IsEmpty]: Start isEmpty. Operand 194 states and 252 transitions. [2022-02-20 18:10:26,517 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:26,517 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:26,517 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:26,517 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:26,519 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 192 states, 153 states have (on average 1.3529411764705883) internal successors, (207), 166 states have internal predecessors, (207), 19 states have call successors, (19), 19 states have call predecessors, (19), 19 states have return successors, (25), 19 states have call predecessors, (25), 19 states have call successors, (25) [2022-02-20 18:10:26,526 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 192 states to 192 states and 251 transitions. [2022-02-20 18:10:26,527 INFO L78 Accepts]: Start accepts. Automaton has 192 states and 251 transitions. Word has length 29 [2022-02-20 18:10:26,527 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:26,527 INFO L470 AbstractCegarLoop]: Abstraction has 192 states and 251 transitions. [2022-02-20 18:10:26,528 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:26,528 INFO L276 IsEmpty]: Start isEmpty. Operand 192 states and 251 transitions. [2022-02-20 18:10:26,528 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-02-20 18:10:26,528 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:26,528 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:26,529 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:10:26,529 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:26,530 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:26,530 INFO L85 PathProgramCache]: Analyzing trace with hash -1499921389, now seen corresponding path program 1 times [2022-02-20 18:10:26,531 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:26,531 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1563357] [2022-02-20 18:10:26,531 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:26,531 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:26,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:26,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {2677#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {2679#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:26,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {2679#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {2679#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:26,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {2679#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2679#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:26,617 INFO L290 TraceCheckUtils]: 3: Hoare triple {2679#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {2680#(= |ULTIMATE.start_valid_product_#res#1| ~waterLevel~0)} is VALID [2022-02-20 18:10:26,618 INFO L290 TraceCheckUtils]: 4: Hoare triple {2680#(= |ULTIMATE.start_valid_product_#res#1| ~waterLevel~0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {2681#(= ~waterLevel~0 |ULTIMATE.start_main_~tmp~4#1|)} is VALID [2022-02-20 18:10:26,618 INFO L290 TraceCheckUtils]: 5: Hoare triple {2681#(= ~waterLevel~0 |ULTIMATE.start_main_~tmp~4#1|)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,618 INFO L290 TraceCheckUtils]: 6: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,619 INFO L290 TraceCheckUtils]: 7: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume !false; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,619 INFO L290 TraceCheckUtils]: 8: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume test_~splverifierCounter~0#1 < 4; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,620 INFO L290 TraceCheckUtils]: 9: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,620 INFO L290 TraceCheckUtils]: 10: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp~0#1); {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,623 INFO L290 TraceCheckUtils]: 11: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,623 INFO L290 TraceCheckUtils]: 12: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp___0~0#1); {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,624 INFO L290 TraceCheckUtils]: 13: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,624 INFO L290 TraceCheckUtils]: 14: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,624 INFO L290 TraceCheckUtils]: 15: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,625 INFO L290 TraceCheckUtils]: 16: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume !(0 != ~pumpRunning~0); {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,625 INFO L290 TraceCheckUtils]: 17: Hoare triple {2682#(not (= ~waterLevel~0 0))} ~systemActive~0 := 0; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,626 INFO L290 TraceCheckUtils]: 18: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume { :end_inline_stopSystem } true; {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,627 INFO L272 TraceCheckUtils]: 19: Hoare triple {2682#(not (= ~waterLevel~0 0))} call timeShift(); {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,627 INFO L290 TraceCheckUtils]: 20: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume !(0 != ~pumpRunning~0); {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,629 INFO L290 TraceCheckUtils]: 21: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume !(0 != ~systemActive~0); {2682#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:26,629 INFO L290 TraceCheckUtils]: 22: Hoare triple {2682#(not (= ~waterLevel~0 0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {2683#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:10:26,639 INFO L290 TraceCheckUtils]: 23: Hoare triple {2683#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {2684#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| 0))} is VALID [2022-02-20 18:10:26,640 INFO L290 TraceCheckUtils]: 24: Hoare triple {2684#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {2678#false} is VALID [2022-02-20 18:10:26,640 INFO L290 TraceCheckUtils]: 25: Hoare triple {2678#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {2678#false} is VALID [2022-02-20 18:10:26,640 INFO L290 TraceCheckUtils]: 26: Hoare triple {2678#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {2678#false} is VALID [2022-02-20 18:10:26,640 INFO L290 TraceCheckUtils]: 27: Hoare triple {2678#false} assume !false; {2678#false} is VALID [2022-02-20 18:10:26,641 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:26,641 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:26,641 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1563357] [2022-02-20 18:10:26,641 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1563357] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:26,641 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:26,642 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:26,642 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [702518579] [2022-02-20 18:10:26,642 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:26,642 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.375) internal successors, (27), 7 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 28 [2022-02-20 18:10:26,643 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:26,643 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 3.375) internal successors, (27), 7 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:26,667 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:26,667 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:10:26,668 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:26,668 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:10:26,669 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:26,669 INFO L87 Difference]: Start difference. First operand 192 states and 251 transitions. Second operand has 8 states, 8 states have (on average 3.375) internal successors, (27), 7 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,267 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,267 INFO L93 Difference]: Finished difference Result 716 states and 1030 transitions. [2022-02-20 18:10:27,267 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:27,268 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.375) internal successors, (27), 7 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 28 [2022-02-20 18:10:27,268 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:27,268 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.375) internal successors, (27), 7 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,272 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 269 transitions. [2022-02-20 18:10:27,273 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.375) internal successors, (27), 7 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,277 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 269 transitions. [2022-02-20 18:10:27,277 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 269 transitions. [2022-02-20 18:10:27,459 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 269 edges. 269 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,483 INFO L225 Difference]: With dead ends: 716 [2022-02-20 18:10:27,484 INFO L226 Difference]: Without dead ends: 531 [2022-02-20 18:10:27,485 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=51, Invalid=131, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:10:27,486 INFO L933 BasicCegarLoop]: 74 mSDtfsCounter, 182 mSDsluCounter, 362 mSDsCounter, 0 mSdLazyCounter, 115 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 182 SdHoareTripleChecker+Valid, 436 SdHoareTripleChecker+Invalid, 140 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 115 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:27,486 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [182 Valid, 436 Invalid, 140 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 115 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:27,487 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 531 states. [2022-02-20 18:10:27,521 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 531 to 506. [2022-02-20 18:10:27,521 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:27,523 INFO L82 GeneralOperation]: Start isEquivalent. First operand 531 states. Second operand has 506 states, 405 states have (on average 1.3111111111111111) internal successors, (531), 435 states have internal predecessors, (531), 50 states have call successors, (50), 50 states have call predecessors, (50), 50 states have return successors, (95), 50 states have call predecessors, (95), 50 states have call successors, (95) [2022-02-20 18:10:27,525 INFO L74 IsIncluded]: Start isIncluded. First operand 531 states. Second operand has 506 states, 405 states have (on average 1.3111111111111111) internal successors, (531), 435 states have internal predecessors, (531), 50 states have call successors, (50), 50 states have call predecessors, (50), 50 states have return successors, (95), 50 states have call predecessors, (95), 50 states have call successors, (95) [2022-02-20 18:10:27,527 INFO L87 Difference]: Start difference. First operand 531 states. Second operand has 506 states, 405 states have (on average 1.3111111111111111) internal successors, (531), 435 states have internal predecessors, (531), 50 states have call successors, (50), 50 states have call predecessors, (50), 50 states have return successors, (95), 50 states have call predecessors, (95), 50 states have call successors, (95) [2022-02-20 18:10:27,552 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,552 INFO L93 Difference]: Finished difference Result 531 states and 730 transitions. [2022-02-20 18:10:27,552 INFO L276 IsEmpty]: Start isEmpty. Operand 531 states and 730 transitions. [2022-02-20 18:10:27,554 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,555 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,557 INFO L74 IsIncluded]: Start isIncluded. First operand has 506 states, 405 states have (on average 1.3111111111111111) internal successors, (531), 435 states have internal predecessors, (531), 50 states have call successors, (50), 50 states have call predecessors, (50), 50 states have return successors, (95), 50 states have call predecessors, (95), 50 states have call successors, (95) Second operand 531 states. [2022-02-20 18:10:27,558 INFO L87 Difference]: Start difference. First operand has 506 states, 405 states have (on average 1.3111111111111111) internal successors, (531), 435 states have internal predecessors, (531), 50 states have call successors, (50), 50 states have call predecessors, (50), 50 states have return successors, (95), 50 states have call predecessors, (95), 50 states have call successors, (95) Second operand 531 states. [2022-02-20 18:10:27,603 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,603 INFO L93 Difference]: Finished difference Result 531 states and 730 transitions. [2022-02-20 18:10:27,603 INFO L276 IsEmpty]: Start isEmpty. Operand 531 states and 730 transitions. [2022-02-20 18:10:27,605 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,606 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,606 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:27,606 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:27,608 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 506 states, 405 states have (on average 1.3111111111111111) internal successors, (531), 435 states have internal predecessors, (531), 50 states have call successors, (50), 50 states have call predecessors, (50), 50 states have return successors, (95), 50 states have call predecessors, (95), 50 states have call successors, (95) [2022-02-20 18:10:27,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 506 states to 506 states and 676 transitions. [2022-02-20 18:10:27,629 INFO L78 Accepts]: Start accepts. Automaton has 506 states and 676 transitions. Word has length 28 [2022-02-20 18:10:27,629 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:27,629 INFO L470 AbstractCegarLoop]: Abstraction has 506 states and 676 transitions. [2022-02-20 18:10:27,629 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 3.375) internal successors, (27), 7 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,630 INFO L276 IsEmpty]: Start isEmpty. Operand 506 states and 676 transitions. [2022-02-20 18:10:27,631 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2022-02-20 18:10:27,631 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:27,632 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:27,632 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:10:27,632 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:27,633 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:27,633 INFO L85 PathProgramCache]: Analyzing trace with hash 1981025752, now seen corresponding path program 1 times [2022-02-20 18:10:27,633 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:27,633 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [550945592] [2022-02-20 18:10:27,633 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:27,633 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:27,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:27,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {5477#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5458#true} is VALID [2022-02-20 18:10:27,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {5458#true} assume true; {5458#true} is VALID [2022-02-20 18:10:27,748 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5458#true} {5460#(= ~pumpRunning~0 0)} #214#return; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:10:27,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {5478#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,766 INFO L290 TraceCheckUtils]: 1: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,767 INFO L290 TraceCheckUtils]: 3: Hoare triple {5460#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,767 INFO L290 TraceCheckUtils]: 4: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,768 INFO L290 TraceCheckUtils]: 5: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,768 INFO L290 TraceCheckUtils]: 6: Hoare triple {5460#(= ~pumpRunning~0 0)} assume true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,769 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {5460#(= ~pumpRunning~0 0)} {5460#(= ~pumpRunning~0 0)} #218#return; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,769 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:10:27,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {5477#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5458#true} is VALID [2022-02-20 18:10:27,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {5458#true} assume true; {5458#true} is VALID [2022-02-20 18:10:27,774 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5458#true} {5460#(= ~pumpRunning~0 0)} #214#return; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {5458#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,776 INFO L290 TraceCheckUtils]: 3: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,776 INFO L290 TraceCheckUtils]: 4: Hoare triple {5460#(= ~pumpRunning~0 0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,777 INFO L290 TraceCheckUtils]: 5: Hoare triple {5460#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,777 INFO L290 TraceCheckUtils]: 6: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,777 INFO L290 TraceCheckUtils]: 7: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !false; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,778 INFO L290 TraceCheckUtils]: 8: Hoare triple {5460#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,778 INFO L290 TraceCheckUtils]: 9: Hoare triple {5460#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,779 INFO L290 TraceCheckUtils]: 10: Hoare triple {5460#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~0#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,779 INFO L272 TraceCheckUtils]: 11: Hoare triple {5460#(= ~pumpRunning~0 0)} call waterRise(); {5477#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:27,779 INFO L290 TraceCheckUtils]: 12: Hoare triple {5477#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5458#true} is VALID [2022-02-20 18:10:27,779 INFO L290 TraceCheckUtils]: 13: Hoare triple {5458#true} assume true; {5458#true} is VALID [2022-02-20 18:10:27,780 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5458#true} {5460#(= ~pumpRunning~0 0)} #214#return; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,780 INFO L290 TraceCheckUtils]: 15: Hoare triple {5460#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,781 INFO L290 TraceCheckUtils]: 16: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,781 INFO L290 TraceCheckUtils]: 17: Hoare triple {5460#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,781 INFO L290 TraceCheckUtils]: 18: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,782 INFO L290 TraceCheckUtils]: 19: Hoare triple {5460#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,782 INFO L290 TraceCheckUtils]: 20: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,782 INFO L290 TraceCheckUtils]: 21: Hoare triple {5460#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,783 INFO L290 TraceCheckUtils]: 22: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,783 INFO L272 TraceCheckUtils]: 23: Hoare triple {5460#(= ~pumpRunning~0 0)} call timeShift(); {5478#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:27,784 INFO L290 TraceCheckUtils]: 24: Hoare triple {5478#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,784 INFO L290 TraceCheckUtils]: 25: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,784 INFO L290 TraceCheckUtils]: 26: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,785 INFO L290 TraceCheckUtils]: 27: Hoare triple {5460#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,785 INFO L290 TraceCheckUtils]: 28: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,786 INFO L290 TraceCheckUtils]: 29: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,786 INFO L290 TraceCheckUtils]: 30: Hoare triple {5460#(= ~pumpRunning~0 0)} assume true; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,786 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {5460#(= ~pumpRunning~0 0)} {5460#(= ~pumpRunning~0 0)} #218#return; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,787 INFO L290 TraceCheckUtils]: 32: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !false; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,787 INFO L290 TraceCheckUtils]: 33: Hoare triple {5460#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,788 INFO L290 TraceCheckUtils]: 34: Hoare triple {5460#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,788 INFO L290 TraceCheckUtils]: 35: Hoare triple {5460#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~0#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,788 INFO L272 TraceCheckUtils]: 36: Hoare triple {5460#(= ~pumpRunning~0 0)} call waterRise(); {5477#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:27,789 INFO L290 TraceCheckUtils]: 37: Hoare triple {5477#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5458#true} is VALID [2022-02-20 18:10:27,789 INFO L290 TraceCheckUtils]: 38: Hoare triple {5458#true} assume true; {5458#true} is VALID [2022-02-20 18:10:27,789 INFO L284 TraceCheckUtils]: 39: Hoare quadruple {5458#true} {5460#(= ~pumpRunning~0 0)} #214#return; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,790 INFO L290 TraceCheckUtils]: 40: Hoare triple {5460#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,790 INFO L290 TraceCheckUtils]: 41: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,790 INFO L290 TraceCheckUtils]: 42: Hoare triple {5460#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,791 INFO L290 TraceCheckUtils]: 43: Hoare triple {5460#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,791 INFO L272 TraceCheckUtils]: 44: Hoare triple {5460#(= ~pumpRunning~0 0)} call timeShift(); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,792 INFO L290 TraceCheckUtils]: 45: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,792 INFO L290 TraceCheckUtils]: 46: Hoare triple {5460#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,792 INFO L290 TraceCheckUtils]: 47: Hoare triple {5460#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,793 INFO L290 TraceCheckUtils]: 48: Hoare triple {5460#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {5460#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,793 INFO L290 TraceCheckUtils]: 49: Hoare triple {5460#(= ~pumpRunning~0 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {5475#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:10:27,793 INFO L290 TraceCheckUtils]: 50: Hoare triple {5475#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {5476#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~1#1| 0)} is VALID [2022-02-20 18:10:27,794 INFO L290 TraceCheckUtils]: 51: Hoare triple {5476#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~1#1| 0)} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {5459#false} is VALID [2022-02-20 18:10:27,794 INFO L290 TraceCheckUtils]: 52: Hoare triple {5459#false} assume !false; {5459#false} is VALID [2022-02-20 18:10:27,794 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 17 trivial. 0 not checked. [2022-02-20 18:10:27,794 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:27,794 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [550945592] [2022-02-20 18:10:27,795 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [550945592] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:10:27,795 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [353105715] [2022-02-20 18:10:27,795 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:27,795 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:10:27,795 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:27,796 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:10:27,797 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:10:27,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,880 INFO L263 TraceCheckSpWp]: Trace formula consists of 363 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 18:10:27,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,915 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:28,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {5458#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,351 INFO L290 TraceCheckUtils]: 2: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,351 INFO L290 TraceCheckUtils]: 3: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,351 INFO L290 TraceCheckUtils]: 4: Hoare triple {5482#(<= 1 ~waterLevel~0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,352 INFO L290 TraceCheckUtils]: 5: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,352 INFO L290 TraceCheckUtils]: 6: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,353 INFO L290 TraceCheckUtils]: 7: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume !false; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,353 INFO L290 TraceCheckUtils]: 8: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,353 INFO L290 TraceCheckUtils]: 9: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,354 INFO L290 TraceCheckUtils]: 10: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,354 INFO L272 TraceCheckUtils]: 11: Hoare triple {5482#(<= 1 ~waterLevel~0)} call waterRise(); {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,355 INFO L290 TraceCheckUtils]: 12: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5520#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:10:28,355 INFO L290 TraceCheckUtils]: 13: Hoare triple {5520#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} assume true; {5520#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:10:28,356 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5520#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} {5482#(<= 1 ~waterLevel~0)} #214#return; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,356 INFO L290 TraceCheckUtils]: 15: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,357 INFO L290 TraceCheckUtils]: 16: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,357 INFO L290 TraceCheckUtils]: 17: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,358 INFO L290 TraceCheckUtils]: 18: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,358 INFO L290 TraceCheckUtils]: 19: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,358 INFO L290 TraceCheckUtils]: 20: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,359 INFO L290 TraceCheckUtils]: 21: Hoare triple {5527#(<= 2 ~waterLevel~0)} ~systemActive~0 := 0; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,359 INFO L290 TraceCheckUtils]: 22: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume { :end_inline_stopSystem } true; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,360 INFO L272 TraceCheckUtils]: 23: Hoare triple {5527#(<= 2 ~waterLevel~0)} call timeShift(); {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,360 INFO L290 TraceCheckUtils]: 24: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,360 INFO L290 TraceCheckUtils]: 25: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 != ~systemActive~0); {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,361 INFO L290 TraceCheckUtils]: 26: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,361 INFO L290 TraceCheckUtils]: 27: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,362 INFO L290 TraceCheckUtils]: 28: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,362 INFO L290 TraceCheckUtils]: 29: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,362 INFO L290 TraceCheckUtils]: 30: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume true; {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,363 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} {5527#(<= 2 ~waterLevel~0)} #218#return; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,363 INFO L290 TraceCheckUtils]: 32: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !false; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,364 INFO L290 TraceCheckUtils]: 33: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,364 INFO L290 TraceCheckUtils]: 34: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,365 INFO L290 TraceCheckUtils]: 35: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,365 INFO L272 TraceCheckUtils]: 36: Hoare triple {5527#(<= 2 ~waterLevel~0)} call waterRise(); {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,366 INFO L290 TraceCheckUtils]: 37: Hoare triple {5516#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5597#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:28,366 INFO L290 TraceCheckUtils]: 38: Hoare triple {5597#(< |old(~waterLevel~0)| 2)} assume true; {5597#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:28,367 INFO L284 TraceCheckUtils]: 39: Hoare quadruple {5597#(< |old(~waterLevel~0)| 2)} {5527#(<= 2 ~waterLevel~0)} #214#return; {5459#false} is VALID [2022-02-20 18:10:28,367 INFO L290 TraceCheckUtils]: 40: Hoare triple {5459#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5459#false} is VALID [2022-02-20 18:10:28,367 INFO L290 TraceCheckUtils]: 41: Hoare triple {5459#false} assume !(0 != test_~tmp___0~0#1); {5459#false} is VALID [2022-02-20 18:10:28,367 INFO L290 TraceCheckUtils]: 42: Hoare triple {5459#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5459#false} is VALID [2022-02-20 18:10:28,367 INFO L290 TraceCheckUtils]: 43: Hoare triple {5459#false} assume 0 != test_~tmp___2~0#1; {5459#false} is VALID [2022-02-20 18:10:28,367 INFO L272 TraceCheckUtils]: 44: Hoare triple {5459#false} call timeShift(); {5459#false} is VALID [2022-02-20 18:10:28,368 INFO L290 TraceCheckUtils]: 45: Hoare triple {5459#false} assume !(0 != ~pumpRunning~0); {5459#false} is VALID [2022-02-20 18:10:28,368 INFO L290 TraceCheckUtils]: 46: Hoare triple {5459#false} assume !(0 != ~systemActive~0); {5459#false} is VALID [2022-02-20 18:10:28,368 INFO L290 TraceCheckUtils]: 47: Hoare triple {5459#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {5459#false} is VALID [2022-02-20 18:10:28,368 INFO L290 TraceCheckUtils]: 48: Hoare triple {5459#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {5459#false} is VALID [2022-02-20 18:10:28,368 INFO L290 TraceCheckUtils]: 49: Hoare triple {5459#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {5459#false} is VALID [2022-02-20 18:10:28,368 INFO L290 TraceCheckUtils]: 50: Hoare triple {5459#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {5459#false} is VALID [2022-02-20 18:10:28,369 INFO L290 TraceCheckUtils]: 51: Hoare triple {5459#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {5459#false} is VALID [2022-02-20 18:10:28,369 INFO L290 TraceCheckUtils]: 52: Hoare triple {5459#false} assume !false; {5459#false} is VALID [2022-02-20 18:10:28,369 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 15 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-02-20 18:10:28,369 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:28,968 INFO L290 TraceCheckUtils]: 52: Hoare triple {5459#false} assume !false; {5459#false} is VALID [2022-02-20 18:10:28,970 INFO L290 TraceCheckUtils]: 51: Hoare triple {5459#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {5459#false} is VALID [2022-02-20 18:10:28,973 INFO L290 TraceCheckUtils]: 50: Hoare triple {5459#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {5459#false} is VALID [2022-02-20 18:10:28,973 INFO L290 TraceCheckUtils]: 49: Hoare triple {5459#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {5459#false} is VALID [2022-02-20 18:10:28,973 INFO L290 TraceCheckUtils]: 48: Hoare triple {5459#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {5459#false} is VALID [2022-02-20 18:10:28,974 INFO L290 TraceCheckUtils]: 47: Hoare triple {5459#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {5459#false} is VALID [2022-02-20 18:10:28,974 INFO L290 TraceCheckUtils]: 46: Hoare triple {5459#false} assume !(0 != ~systemActive~0); {5459#false} is VALID [2022-02-20 18:10:28,975 INFO L290 TraceCheckUtils]: 45: Hoare triple {5459#false} assume !(0 != ~pumpRunning~0); {5459#false} is VALID [2022-02-20 18:10:28,975 INFO L272 TraceCheckUtils]: 44: Hoare triple {5459#false} call timeShift(); {5459#false} is VALID [2022-02-20 18:10:28,975 INFO L290 TraceCheckUtils]: 43: Hoare triple {5459#false} assume 0 != test_~tmp___2~0#1; {5459#false} is VALID [2022-02-20 18:10:28,975 INFO L290 TraceCheckUtils]: 42: Hoare triple {5459#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5459#false} is VALID [2022-02-20 18:10:28,976 INFO L290 TraceCheckUtils]: 41: Hoare triple {5459#false} assume !(0 != test_~tmp___0~0#1); {5459#false} is VALID [2022-02-20 18:10:28,976 INFO L290 TraceCheckUtils]: 40: Hoare triple {5459#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5459#false} is VALID [2022-02-20 18:10:28,979 INFO L284 TraceCheckUtils]: 39: Hoare quadruple {5597#(< |old(~waterLevel~0)| 2)} {5527#(<= 2 ~waterLevel~0)} #214#return; {5459#false} is VALID [2022-02-20 18:10:28,979 INFO L290 TraceCheckUtils]: 38: Hoare triple {5597#(< |old(~waterLevel~0)| 2)} assume true; {5597#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:28,980 INFO L290 TraceCheckUtils]: 37: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5597#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:28,980 INFO L272 TraceCheckUtils]: 36: Hoare triple {5527#(<= 2 ~waterLevel~0)} call waterRise(); {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,980 INFO L290 TraceCheckUtils]: 35: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,981 INFO L290 TraceCheckUtils]: 34: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,981 INFO L290 TraceCheckUtils]: 33: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,981 INFO L290 TraceCheckUtils]: 32: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !false; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,982 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} {5527#(<= 2 ~waterLevel~0)} #218#return; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,982 INFO L290 TraceCheckUtils]: 30: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume true; {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,983 INFO L290 TraceCheckUtils]: 29: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,983 INFO L290 TraceCheckUtils]: 28: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,983 INFO L290 TraceCheckUtils]: 27: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,984 INFO L290 TraceCheckUtils]: 26: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,984 INFO L290 TraceCheckUtils]: 25: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 != ~systemActive~0); {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,984 INFO L290 TraceCheckUtils]: 24: Hoare triple {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 != ~pumpRunning~0); {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,985 INFO L272 TraceCheckUtils]: 23: Hoare triple {5527#(<= 2 ~waterLevel~0)} call timeShift(); {5691#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:28,985 INFO L290 TraceCheckUtils]: 22: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume { :end_inline_stopSystem } true; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,986 INFO L290 TraceCheckUtils]: 21: Hoare triple {5527#(<= 2 ~waterLevel~0)} ~systemActive~0 := 0; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,986 INFO L290 TraceCheckUtils]: 20: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,986 INFO L290 TraceCheckUtils]: 19: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,987 INFO L290 TraceCheckUtils]: 18: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,987 INFO L290 TraceCheckUtils]: 17: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,988 INFO L290 TraceCheckUtils]: 16: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,988 INFO L290 TraceCheckUtils]: 15: Hoare triple {5527#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,989 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5761#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} {5482#(<= 1 ~waterLevel~0)} #214#return; {5527#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,989 INFO L290 TraceCheckUtils]: 13: Hoare triple {5761#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} assume true; {5761#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} is VALID [2022-02-20 18:10:28,990 INFO L290 TraceCheckUtils]: 12: Hoare triple {5768#(or (< |old(~waterLevel~0)| 1) (<= 1 ~waterLevel~0))} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5761#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} is VALID [2022-02-20 18:10:28,990 INFO L272 TraceCheckUtils]: 11: Hoare triple {5482#(<= 1 ~waterLevel~0)} call waterRise(); {5768#(or (< |old(~waterLevel~0)| 1) (<= 1 ~waterLevel~0))} is VALID [2022-02-20 18:10:28,991 INFO L290 TraceCheckUtils]: 10: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,991 INFO L290 TraceCheckUtils]: 9: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,991 INFO L290 TraceCheckUtils]: 8: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,992 INFO L290 TraceCheckUtils]: 7: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume !false; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,992 INFO L290 TraceCheckUtils]: 6: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,992 INFO L290 TraceCheckUtils]: 5: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,994 INFO L290 TraceCheckUtils]: 4: Hoare triple {5482#(<= 1 ~waterLevel~0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,994 INFO L290 TraceCheckUtils]: 3: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,995 INFO L290 TraceCheckUtils]: 1: Hoare triple {5482#(<= 1 ~waterLevel~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,997 INFO L290 TraceCheckUtils]: 0: Hoare triple {5458#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {5482#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:28,997 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 15 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:28,997 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [353105715] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:28,998 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:10:28,998 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 6, 7] total 15 [2022-02-20 18:10:28,998 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [934652344] [2022-02-20 18:10:28,998 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:28,999 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 5.933333333333334) internal successors, (89), 12 states have internal predecessors, (89), 4 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 53 [2022-02-20 18:10:29,000 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:29,000 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 15 states have (on average 5.933333333333334) internal successors, (89), 12 states have internal predecessors, (89), 4 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:29,075 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:29,075 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:10:29,076 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:29,076 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:10:29,076 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=48, Invalid=162, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:10:29,077 INFO L87 Difference]: Start difference. First operand 506 states and 676 transitions. Second operand has 15 states, 15 states have (on average 5.933333333333334) internal successors, (89), 12 states have internal predecessors, (89), 4 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:32,295 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:32,295 INFO L93 Difference]: Finished difference Result 1451 states and 1988 transitions. [2022-02-20 18:10:32,295 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 47 states. [2022-02-20 18:10:32,296 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 5.933333333333334) internal successors, (89), 12 states have internal predecessors, (89), 4 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 53 [2022-02-20 18:10:32,296 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:32,296 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 5.933333333333334) internal successors, (89), 12 states have internal predecessors, (89), 4 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:32,309 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 624 transitions. [2022-02-20 18:10:32,309 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 5.933333333333334) internal successors, (89), 12 states have internal predecessors, (89), 4 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:32,319 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 624 transitions. [2022-02-20 18:10:32,319 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 47 states and 624 transitions. [2022-02-20 18:10:32,784 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 624 edges. 624 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:32,866 INFO L225 Difference]: With dead ends: 1451 [2022-02-20 18:10:32,866 INFO L226 Difference]: Without dead ends: 1103 [2022-02-20 18:10:32,869 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 158 GetRequests, 104 SyntacticMatches, 1 SemanticMatches, 53 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 733 ImplicationChecksByTransitivity, 0.6s TimeCoverageRelationStatistics Valid=598, Invalid=2372, Unknown=0, NotChecked=0, Total=2970 [2022-02-20 18:10:32,869 INFO L933 BasicCegarLoop]: 200 mSDtfsCounter, 634 mSDsluCounter, 1072 mSDsCounter, 0 mSdLazyCounter, 781 mSolverCounterSat, 171 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 639 SdHoareTripleChecker+Valid, 1272 SdHoareTripleChecker+Invalid, 952 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 171 IncrementalHoareTripleChecker+Valid, 781 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:32,870 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [639 Valid, 1272 Invalid, 952 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [171 Valid, 781 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-02-20 18:10:32,871 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1103 states. [2022-02-20 18:10:33,083 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1103 to 982. [2022-02-20 18:10:33,084 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:33,087 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1103 states. Second operand has 982 states, 791 states have (on average 1.290771175726928) internal successors, (1021), 855 states have internal predecessors, (1021), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:33,089 INFO L74 IsIncluded]: Start isIncluded. First operand 1103 states. Second operand has 982 states, 791 states have (on average 1.290771175726928) internal successors, (1021), 855 states have internal predecessors, (1021), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:33,091 INFO L87 Difference]: Start difference. First operand 1103 states. Second operand has 982 states, 791 states have (on average 1.290771175726928) internal successors, (1021), 855 states have internal predecessors, (1021), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:33,154 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:33,154 INFO L93 Difference]: Finished difference Result 1103 states and 1451 transitions. [2022-02-20 18:10:33,155 INFO L276 IsEmpty]: Start isEmpty. Operand 1103 states and 1451 transitions. [2022-02-20 18:10:33,160 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:33,160 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:33,163 INFO L74 IsIncluded]: Start isIncluded. First operand has 982 states, 791 states have (on average 1.290771175726928) internal successors, (1021), 855 states have internal predecessors, (1021), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) Second operand 1103 states. [2022-02-20 18:10:33,165 INFO L87 Difference]: Start difference. First operand has 982 states, 791 states have (on average 1.290771175726928) internal successors, (1021), 855 states have internal predecessors, (1021), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) Second operand 1103 states. [2022-02-20 18:10:33,226 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:33,226 INFO L93 Difference]: Finished difference Result 1103 states and 1451 transitions. [2022-02-20 18:10:33,226 INFO L276 IsEmpty]: Start isEmpty. Operand 1103 states and 1451 transitions. [2022-02-20 18:10:33,230 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:33,230 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:33,230 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:33,231 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:33,247 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 982 states, 791 states have (on average 1.290771175726928) internal successors, (1021), 855 states have internal predecessors, (1021), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:33,309 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 982 states to 982 states and 1289 transitions. [2022-02-20 18:10:33,310 INFO L78 Accepts]: Start accepts. Automaton has 982 states and 1289 transitions. Word has length 53 [2022-02-20 18:10:33,310 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:33,310 INFO L470 AbstractCegarLoop]: Abstraction has 982 states and 1289 transitions. [2022-02-20 18:10:33,311 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 5.933333333333334) internal successors, (89), 12 states have internal predecessors, (89), 4 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:33,311 INFO L276 IsEmpty]: Start isEmpty. Operand 982 states and 1289 transitions. [2022-02-20 18:10:33,314 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-02-20 18:10:33,314 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:33,315 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:33,342 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:33,539 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 18:10:33,540 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:33,540 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:33,540 INFO L85 PathProgramCache]: Analyzing trace with hash 1940053207, now seen corresponding path program 1 times [2022-02-20 18:10:33,540 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:33,540 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1614050722] [2022-02-20 18:10:33,540 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:33,541 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:33,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:33,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:10:33,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:33,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {11499#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {11476#true} is VALID [2022-02-20 18:10:33,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {11476#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {11476#true} is VALID [2022-02-20 18:10:33,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {11476#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {11476#true} is VALID [2022-02-20 18:10:33,631 INFO L290 TraceCheckUtils]: 3: Hoare triple {11476#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {11500#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:10:33,632 INFO L290 TraceCheckUtils]: 4: Hoare triple {11500#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {11501#(not (= |timeShift_isHighWaterLevel_~tmp~3#1| 0))} is VALID [2022-02-20 18:10:33,632 INFO L290 TraceCheckUtils]: 5: Hoare triple {11501#(not (= |timeShift_isHighWaterLevel_~tmp~3#1| 0))} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1; {11477#false} is VALID [2022-02-20 18:10:33,632 INFO L290 TraceCheckUtils]: 6: Hoare triple {11477#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {11477#false} is VALID [2022-02-20 18:10:33,632 INFO L290 TraceCheckUtils]: 7: Hoare triple {11477#false} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {11477#false} is VALID [2022-02-20 18:10:33,633 INFO L290 TraceCheckUtils]: 8: Hoare triple {11477#false} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {11477#false} is VALID [2022-02-20 18:10:33,634 INFO L290 TraceCheckUtils]: 9: Hoare triple {11477#false} assume { :end_inline_activatePump } true; {11477#false} is VALID [2022-02-20 18:10:33,634 INFO L290 TraceCheckUtils]: 10: Hoare triple {11477#false} assume { :end_inline_processEnvironment } true; {11477#false} is VALID [2022-02-20 18:10:33,634 INFO L290 TraceCheckUtils]: 11: Hoare triple {11477#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {11477#false} is VALID [2022-02-20 18:10:33,634 INFO L290 TraceCheckUtils]: 12: Hoare triple {11477#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {11477#false} is VALID [2022-02-20 18:10:33,634 INFO L290 TraceCheckUtils]: 13: Hoare triple {11477#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {11477#false} is VALID [2022-02-20 18:10:33,635 INFO L290 TraceCheckUtils]: 14: Hoare triple {11477#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {11477#false} is VALID [2022-02-20 18:10:33,635 INFO L290 TraceCheckUtils]: 15: Hoare triple {11477#false} assume true; {11477#false} is VALID [2022-02-20 18:10:33,635 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11477#false} {11476#true} #218#return; {11477#false} is VALID [2022-02-20 18:10:33,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:10:33,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:33,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {11476#true} assume true; {11476#true} is VALID [2022-02-20 18:10:33,639 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {11476#true} {11477#false} #212#return; {11477#false} is VALID [2022-02-20 18:10:33,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {11476#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {11476#true} is VALID [2022-02-20 18:10:33,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {11476#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {11476#true} is VALID [2022-02-20 18:10:33,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {11476#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11476#true} is VALID [2022-02-20 18:10:33,641 INFO L290 TraceCheckUtils]: 3: Hoare triple {11476#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {11478#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:10:33,641 INFO L290 TraceCheckUtils]: 4: Hoare triple {11478#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {11479#(= |ULTIMATE.start_main_~tmp~4#1| 1)} is VALID [2022-02-20 18:10:33,641 INFO L290 TraceCheckUtils]: 5: Hoare triple {11479#(= |ULTIMATE.start_main_~tmp~4#1| 1)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {11476#true} is VALID [2022-02-20 18:10:33,641 INFO L290 TraceCheckUtils]: 6: Hoare triple {11476#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {11476#true} is VALID [2022-02-20 18:10:33,642 INFO L290 TraceCheckUtils]: 7: Hoare triple {11476#true} assume !false; {11476#true} is VALID [2022-02-20 18:10:33,642 INFO L290 TraceCheckUtils]: 8: Hoare triple {11476#true} assume test_~splverifierCounter~0#1 < 4; {11476#true} is VALID [2022-02-20 18:10:33,642 INFO L290 TraceCheckUtils]: 9: Hoare triple {11476#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {11476#true} is VALID [2022-02-20 18:10:33,642 INFO L290 TraceCheckUtils]: 10: Hoare triple {11476#true} assume !(0 != test_~tmp~0#1); {11476#true} is VALID [2022-02-20 18:10:33,642 INFO L290 TraceCheckUtils]: 11: Hoare triple {11476#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {11476#true} is VALID [2022-02-20 18:10:33,642 INFO L290 TraceCheckUtils]: 12: Hoare triple {11476#true} assume !(0 != test_~tmp___0~0#1); {11476#true} is VALID [2022-02-20 18:10:33,643 INFO L290 TraceCheckUtils]: 13: Hoare triple {11476#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {11476#true} is VALID [2022-02-20 18:10:33,643 INFO L290 TraceCheckUtils]: 14: Hoare triple {11476#true} assume 0 != test_~tmp___2~0#1; {11476#true} is VALID [2022-02-20 18:10:33,643 INFO L272 TraceCheckUtils]: 15: Hoare triple {11476#true} call timeShift(); {11499#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:33,643 INFO L290 TraceCheckUtils]: 16: Hoare triple {11499#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {11476#true} is VALID [2022-02-20 18:10:33,644 INFO L290 TraceCheckUtils]: 17: Hoare triple {11476#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {11476#true} is VALID [2022-02-20 18:10:33,644 INFO L290 TraceCheckUtils]: 18: Hoare triple {11476#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {11476#true} is VALID [2022-02-20 18:10:33,644 INFO L290 TraceCheckUtils]: 19: Hoare triple {11476#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {11500#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:10:33,645 INFO L290 TraceCheckUtils]: 20: Hoare triple {11500#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {11501#(not (= |timeShift_isHighWaterLevel_~tmp~3#1| 0))} is VALID [2022-02-20 18:10:33,645 INFO L290 TraceCheckUtils]: 21: Hoare triple {11501#(not (= |timeShift_isHighWaterLevel_~tmp~3#1| 0))} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1; {11477#false} is VALID [2022-02-20 18:10:33,645 INFO L290 TraceCheckUtils]: 22: Hoare triple {11477#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {11477#false} is VALID [2022-02-20 18:10:33,645 INFO L290 TraceCheckUtils]: 23: Hoare triple {11477#false} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {11477#false} is VALID [2022-02-20 18:10:33,646 INFO L290 TraceCheckUtils]: 24: Hoare triple {11477#false} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {11477#false} is VALID [2022-02-20 18:10:33,646 INFO L290 TraceCheckUtils]: 25: Hoare triple {11477#false} assume { :end_inline_activatePump } true; {11477#false} is VALID [2022-02-20 18:10:33,646 INFO L290 TraceCheckUtils]: 26: Hoare triple {11477#false} assume { :end_inline_processEnvironment } true; {11477#false} is VALID [2022-02-20 18:10:33,646 INFO L290 TraceCheckUtils]: 27: Hoare triple {11477#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {11477#false} is VALID [2022-02-20 18:10:33,646 INFO L290 TraceCheckUtils]: 28: Hoare triple {11477#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {11477#false} is VALID [2022-02-20 18:10:33,646 INFO L290 TraceCheckUtils]: 29: Hoare triple {11477#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {11477#false} is VALID [2022-02-20 18:10:33,646 INFO L290 TraceCheckUtils]: 30: Hoare triple {11477#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {11477#false} is VALID [2022-02-20 18:10:33,647 INFO L290 TraceCheckUtils]: 31: Hoare triple {11477#false} assume true; {11477#false} is VALID [2022-02-20 18:10:33,647 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {11477#false} {11476#true} #218#return; {11477#false} is VALID [2022-02-20 18:10:33,647 INFO L290 TraceCheckUtils]: 33: Hoare triple {11477#false} assume !false; {11477#false} is VALID [2022-02-20 18:10:33,647 INFO L290 TraceCheckUtils]: 34: Hoare triple {11477#false} assume test_~splverifierCounter~0#1 < 4; {11477#false} is VALID [2022-02-20 18:10:33,647 INFO L290 TraceCheckUtils]: 35: Hoare triple {11477#false} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {11477#false} is VALID [2022-02-20 18:10:33,647 INFO L290 TraceCheckUtils]: 36: Hoare triple {11477#false} assume !(0 != test_~tmp~0#1); {11477#false} is VALID [2022-02-20 18:10:33,648 INFO L290 TraceCheckUtils]: 37: Hoare triple {11477#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {11477#false} is VALID [2022-02-20 18:10:33,648 INFO L290 TraceCheckUtils]: 38: Hoare triple {11477#false} assume !(0 != test_~tmp___0~0#1); {11477#false} is VALID [2022-02-20 18:10:33,648 INFO L290 TraceCheckUtils]: 39: Hoare triple {11477#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {11477#false} is VALID [2022-02-20 18:10:33,648 INFO L290 TraceCheckUtils]: 40: Hoare triple {11477#false} assume 0 != test_~tmp___2~0#1; {11477#false} is VALID [2022-02-20 18:10:33,648 INFO L272 TraceCheckUtils]: 41: Hoare triple {11477#false} call timeShift(); {11477#false} is VALID [2022-02-20 18:10:33,648 INFO L290 TraceCheckUtils]: 42: Hoare triple {11477#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {11477#false} is VALID [2022-02-20 18:10:33,649 INFO L290 TraceCheckUtils]: 43: Hoare triple {11477#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {11477#false} is VALID [2022-02-20 18:10:33,649 INFO L290 TraceCheckUtils]: 44: Hoare triple {11477#false} assume { :end_inline_lowerWaterLevel } true; {11477#false} is VALID [2022-02-20 18:10:33,649 INFO L290 TraceCheckUtils]: 45: Hoare triple {11477#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {11477#false} is VALID [2022-02-20 18:10:33,649 INFO L290 TraceCheckUtils]: 46: Hoare triple {11477#false} assume !(0 == ~pumpRunning~0); {11477#false} is VALID [2022-02-20 18:10:33,649 INFO L272 TraceCheckUtils]: 47: Hoare triple {11477#false} call processEnvironment__wrappee__base(); {11476#true} is VALID [2022-02-20 18:10:33,649 INFO L290 TraceCheckUtils]: 48: Hoare triple {11476#true} assume true; {11476#true} is VALID [2022-02-20 18:10:33,650 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {11476#true} {11477#false} #212#return; {11477#false} is VALID [2022-02-20 18:10:33,650 INFO L290 TraceCheckUtils]: 50: Hoare triple {11477#false} assume { :end_inline_processEnvironment } true; {11477#false} is VALID [2022-02-20 18:10:33,650 INFO L290 TraceCheckUtils]: 51: Hoare triple {11477#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {11477#false} is VALID [2022-02-20 18:10:33,650 INFO L290 TraceCheckUtils]: 52: Hoare triple {11477#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {11477#false} is VALID [2022-02-20 18:10:33,650 INFO L290 TraceCheckUtils]: 53: Hoare triple {11477#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {11477#false} is VALID [2022-02-20 18:10:33,650 INFO L290 TraceCheckUtils]: 54: Hoare triple {11477#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {11477#false} is VALID [2022-02-20 18:10:33,652 INFO L290 TraceCheckUtils]: 55: Hoare triple {11477#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {11477#false} is VALID [2022-02-20 18:10:33,654 INFO L290 TraceCheckUtils]: 56: Hoare triple {11477#false} assume !false; {11477#false} is VALID [2022-02-20 18:10:33,655 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:33,655 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:33,655 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1614050722] [2022-02-20 18:10:33,655 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1614050722] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:33,656 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:33,656 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:33,656 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2112662890] [2022-02-20 18:10:33,656 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:33,657 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 7.0) internal successors, (49), 6 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:33,657 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:33,657 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 7.0) internal successors, (49), 6 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:33,693 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 54 edges. 54 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:33,693 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:10:33,693 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:33,694 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:10:33,694 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:33,694 INFO L87 Difference]: Start difference. First operand 982 states and 1289 transitions. Second operand has 7 states, 7 states have (on average 7.0) internal successors, (49), 6 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:34,699 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:34,700 INFO L93 Difference]: Finished difference Result 2091 states and 2817 transitions. [2022-02-20 18:10:34,700 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:34,700 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 7.0) internal successors, (49), 6 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:34,701 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:34,701 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 7.0) internal successors, (49), 6 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:34,704 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 237 transitions. [2022-02-20 18:10:34,704 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 7.0) internal successors, (49), 6 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:34,706 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 237 transitions. [2022-02-20 18:10:34,707 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 237 transitions. [2022-02-20 18:10:34,893 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 237 edges. 237 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:34,966 INFO L225 Difference]: With dead ends: 2091 [2022-02-20 18:10:34,966 INFO L226 Difference]: Without dead ends: 1116 [2022-02-20 18:10:34,970 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=35, Invalid=97, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:10:34,971 INFO L933 BasicCegarLoop]: 87 mSDtfsCounter, 142 mSDsluCounter, 281 mSDsCounter, 0 mSdLazyCounter, 162 mSolverCounterSat, 26 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 368 SdHoareTripleChecker+Invalid, 188 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 26 IncrementalHoareTripleChecker+Valid, 162 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:34,971 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 368 Invalid, 188 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [26 Valid, 162 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:34,972 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1116 states. [2022-02-20 18:10:35,180 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1116 to 982. [2022-02-20 18:10:35,180 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:35,183 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1116 states. Second operand has 982 states, 791 states have (on average 1.2756005056890012) internal successors, (1009), 855 states have internal predecessors, (1009), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:35,185 INFO L74 IsIncluded]: Start isIncluded. First operand 1116 states. Second operand has 982 states, 791 states have (on average 1.2756005056890012) internal successors, (1009), 855 states have internal predecessors, (1009), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:35,187 INFO L87 Difference]: Start difference. First operand 1116 states. Second operand has 982 states, 791 states have (on average 1.2756005056890012) internal successors, (1009), 855 states have internal predecessors, (1009), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:35,246 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:35,247 INFO L93 Difference]: Finished difference Result 1116 states and 1473 transitions. [2022-02-20 18:10:35,247 INFO L276 IsEmpty]: Start isEmpty. Operand 1116 states and 1473 transitions. [2022-02-20 18:10:35,251 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:35,251 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:35,254 INFO L74 IsIncluded]: Start isIncluded. First operand has 982 states, 791 states have (on average 1.2756005056890012) internal successors, (1009), 855 states have internal predecessors, (1009), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) Second operand 1116 states. [2022-02-20 18:10:35,256 INFO L87 Difference]: Start difference. First operand has 982 states, 791 states have (on average 1.2756005056890012) internal successors, (1009), 855 states have internal predecessors, (1009), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) Second operand 1116 states. [2022-02-20 18:10:35,316 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:35,317 INFO L93 Difference]: Finished difference Result 1116 states and 1473 transitions. [2022-02-20 18:10:35,317 INFO L276 IsEmpty]: Start isEmpty. Operand 1116 states and 1473 transitions. [2022-02-20 18:10:35,321 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:35,321 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:35,321 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:35,321 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:35,324 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 982 states, 791 states have (on average 1.2756005056890012) internal successors, (1009), 855 states have internal predecessors, (1009), 88 states have call successors, (88), 86 states have call predecessors, (88), 102 states have return successors, (180), 83 states have call predecessors, (180), 88 states have call successors, (180) [2022-02-20 18:10:35,392 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 982 states to 982 states and 1277 transitions. [2022-02-20 18:10:35,393 INFO L78 Accepts]: Start accepts. Automaton has 982 states and 1277 transitions. Word has length 57 [2022-02-20 18:10:35,393 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:35,393 INFO L470 AbstractCegarLoop]: Abstraction has 982 states and 1277 transitions. [2022-02-20 18:10:35,393 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 7.0) internal successors, (49), 6 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:35,393 INFO L276 IsEmpty]: Start isEmpty. Operand 982 states and 1277 transitions. [2022-02-20 18:10:35,395 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-02-20 18:10:35,396 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:35,396 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:35,396 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:10:35,396 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:35,397 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:35,397 INFO L85 PathProgramCache]: Analyzing trace with hash -1960547303, now seen corresponding path program 1 times [2022-02-20 18:10:35,397 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:35,397 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1099957863] [2022-02-20 18:10:35,397 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:35,398 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:35,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:35,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:10:35,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:35,501 INFO L290 TraceCheckUtils]: 0: Hoare triple {18073#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {18052#true} is VALID [2022-02-20 18:10:35,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {18052#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {18052#true} is VALID [2022-02-20 18:10:35,502 INFO L290 TraceCheckUtils]: 2: Hoare triple {18052#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {18052#true} is VALID [2022-02-20 18:10:35,502 INFO L290 TraceCheckUtils]: 3: Hoare triple {18052#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {18052#true} is VALID [2022-02-20 18:10:35,502 INFO L290 TraceCheckUtils]: 4: Hoare triple {18052#true} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {18052#true} is VALID [2022-02-20 18:10:35,503 INFO L290 TraceCheckUtils]: 5: Hoare triple {18052#true} assume 0 != isHighWaterLevel_~tmp~3#1;isHighWaterLevel_~tmp___0~2#1 := 0; {18074#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:35,503 INFO L290 TraceCheckUtils]: 6: Hoare triple {18074#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {18075#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:10:35,503 INFO L290 TraceCheckUtils]: 7: Hoare triple {18075#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {18076#(= |timeShift_processEnvironment_~tmp~2#1| 0)} is VALID [2022-02-20 18:10:35,504 INFO L290 TraceCheckUtils]: 8: Hoare triple {18076#(= |timeShift_processEnvironment_~tmp~2#1| 0)} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {18053#false} is VALID [2022-02-20 18:10:35,504 INFO L290 TraceCheckUtils]: 9: Hoare triple {18053#false} assume { :end_inline_activatePump } true; {18053#false} is VALID [2022-02-20 18:10:35,504 INFO L290 TraceCheckUtils]: 10: Hoare triple {18053#false} assume { :end_inline_processEnvironment } true; {18053#false} is VALID [2022-02-20 18:10:35,504 INFO L290 TraceCheckUtils]: 11: Hoare triple {18053#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {18053#false} is VALID [2022-02-20 18:10:35,504 INFO L290 TraceCheckUtils]: 12: Hoare triple {18053#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {18053#false} is VALID [2022-02-20 18:10:35,505 INFO L290 TraceCheckUtils]: 13: Hoare triple {18053#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {18053#false} is VALID [2022-02-20 18:10:35,505 INFO L290 TraceCheckUtils]: 14: Hoare triple {18053#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {18053#false} is VALID [2022-02-20 18:10:35,505 INFO L290 TraceCheckUtils]: 15: Hoare triple {18053#false} assume true; {18053#false} is VALID [2022-02-20 18:10:35,505 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18053#false} {18052#true} #218#return; {18053#false} is VALID [2022-02-20 18:10:35,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:10:35,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:35,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {18052#true} assume true; {18052#true} is VALID [2022-02-20 18:10:35,508 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {18052#true} {18053#false} #212#return; {18053#false} is VALID [2022-02-20 18:10:35,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {18052#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {18052#true} is VALID [2022-02-20 18:10:35,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {18052#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {18052#true} is VALID [2022-02-20 18:10:35,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {18052#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18052#true} is VALID [2022-02-20 18:10:35,509 INFO L290 TraceCheckUtils]: 3: Hoare triple {18052#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {18052#true} is VALID [2022-02-20 18:10:35,509 INFO L290 TraceCheckUtils]: 4: Hoare triple {18052#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {18052#true} is VALID [2022-02-20 18:10:35,509 INFO L290 TraceCheckUtils]: 5: Hoare triple {18052#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {18052#true} is VALID [2022-02-20 18:10:35,509 INFO L290 TraceCheckUtils]: 6: Hoare triple {18052#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {18052#true} is VALID [2022-02-20 18:10:35,509 INFO L290 TraceCheckUtils]: 7: Hoare triple {18052#true} assume !false; {18052#true} is VALID [2022-02-20 18:10:35,509 INFO L290 TraceCheckUtils]: 8: Hoare triple {18052#true} assume test_~splverifierCounter~0#1 < 4; {18052#true} is VALID [2022-02-20 18:10:35,510 INFO L290 TraceCheckUtils]: 9: Hoare triple {18052#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {18052#true} is VALID [2022-02-20 18:10:35,510 INFO L290 TraceCheckUtils]: 10: Hoare triple {18052#true} assume !(0 != test_~tmp~0#1); {18052#true} is VALID [2022-02-20 18:10:35,510 INFO L290 TraceCheckUtils]: 11: Hoare triple {18052#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {18052#true} is VALID [2022-02-20 18:10:35,510 INFO L290 TraceCheckUtils]: 12: Hoare triple {18052#true} assume !(0 != test_~tmp___0~0#1); {18052#true} is VALID [2022-02-20 18:10:35,510 INFO L290 TraceCheckUtils]: 13: Hoare triple {18052#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {18052#true} is VALID [2022-02-20 18:10:35,510 INFO L290 TraceCheckUtils]: 14: Hoare triple {18052#true} assume 0 != test_~tmp___2~0#1; {18052#true} is VALID [2022-02-20 18:10:35,511 INFO L272 TraceCheckUtils]: 15: Hoare triple {18052#true} call timeShift(); {18073#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:35,511 INFO L290 TraceCheckUtils]: 16: Hoare triple {18073#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {18052#true} is VALID [2022-02-20 18:10:35,511 INFO L290 TraceCheckUtils]: 17: Hoare triple {18052#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {18052#true} is VALID [2022-02-20 18:10:35,511 INFO L290 TraceCheckUtils]: 18: Hoare triple {18052#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {18052#true} is VALID [2022-02-20 18:10:35,511 INFO L290 TraceCheckUtils]: 19: Hoare triple {18052#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {18052#true} is VALID [2022-02-20 18:10:35,512 INFO L290 TraceCheckUtils]: 20: Hoare triple {18052#true} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {18052#true} is VALID [2022-02-20 18:10:35,512 INFO L290 TraceCheckUtils]: 21: Hoare triple {18052#true} assume 0 != isHighWaterLevel_~tmp~3#1;isHighWaterLevel_~tmp___0~2#1 := 0; {18074#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:35,512 INFO L290 TraceCheckUtils]: 22: Hoare triple {18074#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {18075#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:10:35,513 INFO L290 TraceCheckUtils]: 23: Hoare triple {18075#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {18076#(= |timeShift_processEnvironment_~tmp~2#1| 0)} is VALID [2022-02-20 18:10:35,513 INFO L290 TraceCheckUtils]: 24: Hoare triple {18076#(= |timeShift_processEnvironment_~tmp~2#1| 0)} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {18053#false} is VALID [2022-02-20 18:10:35,513 INFO L290 TraceCheckUtils]: 25: Hoare triple {18053#false} assume { :end_inline_activatePump } true; {18053#false} is VALID [2022-02-20 18:10:35,513 INFO L290 TraceCheckUtils]: 26: Hoare triple {18053#false} assume { :end_inline_processEnvironment } true; {18053#false} is VALID [2022-02-20 18:10:35,513 INFO L290 TraceCheckUtils]: 27: Hoare triple {18053#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {18053#false} is VALID [2022-02-20 18:10:35,514 INFO L290 TraceCheckUtils]: 28: Hoare triple {18053#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {18053#false} is VALID [2022-02-20 18:10:35,514 INFO L290 TraceCheckUtils]: 29: Hoare triple {18053#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {18053#false} is VALID [2022-02-20 18:10:35,514 INFO L290 TraceCheckUtils]: 30: Hoare triple {18053#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {18053#false} is VALID [2022-02-20 18:10:35,514 INFO L290 TraceCheckUtils]: 31: Hoare triple {18053#false} assume true; {18053#false} is VALID [2022-02-20 18:10:35,514 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {18053#false} {18052#true} #218#return; {18053#false} is VALID [2022-02-20 18:10:35,514 INFO L290 TraceCheckUtils]: 33: Hoare triple {18053#false} assume !false; {18053#false} is VALID [2022-02-20 18:10:35,515 INFO L290 TraceCheckUtils]: 34: Hoare triple {18053#false} assume test_~splverifierCounter~0#1 < 4; {18053#false} is VALID [2022-02-20 18:10:35,515 INFO L290 TraceCheckUtils]: 35: Hoare triple {18053#false} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {18053#false} is VALID [2022-02-20 18:10:35,515 INFO L290 TraceCheckUtils]: 36: Hoare triple {18053#false} assume !(0 != test_~tmp~0#1); {18053#false} is VALID [2022-02-20 18:10:35,515 INFO L290 TraceCheckUtils]: 37: Hoare triple {18053#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {18053#false} is VALID [2022-02-20 18:10:35,515 INFO L290 TraceCheckUtils]: 38: Hoare triple {18053#false} assume !(0 != test_~tmp___0~0#1); {18053#false} is VALID [2022-02-20 18:10:35,515 INFO L290 TraceCheckUtils]: 39: Hoare triple {18053#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {18053#false} is VALID [2022-02-20 18:10:35,515 INFO L290 TraceCheckUtils]: 40: Hoare triple {18053#false} assume 0 != test_~tmp___2~0#1; {18053#false} is VALID [2022-02-20 18:10:35,516 INFO L272 TraceCheckUtils]: 41: Hoare triple {18053#false} call timeShift(); {18053#false} is VALID [2022-02-20 18:10:35,516 INFO L290 TraceCheckUtils]: 42: Hoare triple {18053#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {18053#false} is VALID [2022-02-20 18:10:35,516 INFO L290 TraceCheckUtils]: 43: Hoare triple {18053#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {18053#false} is VALID [2022-02-20 18:10:35,516 INFO L290 TraceCheckUtils]: 44: Hoare triple {18053#false} assume { :end_inline_lowerWaterLevel } true; {18053#false} is VALID [2022-02-20 18:10:35,516 INFO L290 TraceCheckUtils]: 45: Hoare triple {18053#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {18053#false} is VALID [2022-02-20 18:10:35,516 INFO L290 TraceCheckUtils]: 46: Hoare triple {18053#false} assume !(0 == ~pumpRunning~0); {18053#false} is VALID [2022-02-20 18:10:35,517 INFO L272 TraceCheckUtils]: 47: Hoare triple {18053#false} call processEnvironment__wrappee__base(); {18052#true} is VALID [2022-02-20 18:10:35,517 INFO L290 TraceCheckUtils]: 48: Hoare triple {18052#true} assume true; {18052#true} is VALID [2022-02-20 18:10:35,517 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {18052#true} {18053#false} #212#return; {18053#false} is VALID [2022-02-20 18:10:35,517 INFO L290 TraceCheckUtils]: 50: Hoare triple {18053#false} assume { :end_inline_processEnvironment } true; {18053#false} is VALID [2022-02-20 18:10:35,517 INFO L290 TraceCheckUtils]: 51: Hoare triple {18053#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {18053#false} is VALID [2022-02-20 18:10:35,517 INFO L290 TraceCheckUtils]: 52: Hoare triple {18053#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {18053#false} is VALID [2022-02-20 18:10:35,517 INFO L290 TraceCheckUtils]: 53: Hoare triple {18053#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {18053#false} is VALID [2022-02-20 18:10:35,518 INFO L290 TraceCheckUtils]: 54: Hoare triple {18053#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {18053#false} is VALID [2022-02-20 18:10:35,518 INFO L290 TraceCheckUtils]: 55: Hoare triple {18053#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {18053#false} is VALID [2022-02-20 18:10:35,518 INFO L290 TraceCheckUtils]: 56: Hoare triple {18053#false} assume !false; {18053#false} is VALID [2022-02-20 18:10:35,518 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:35,518 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:35,519 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1099957863] [2022-02-20 18:10:35,519 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1099957863] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:35,519 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:35,519 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:10:35,519 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1311392763] [2022-02-20 18:10:35,519 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:35,520 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 8.166666666666666) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:35,520 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:35,520 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 8.166666666666666) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:35,552 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 54 edges. 54 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:35,552 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:35,552 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:35,553 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:35,553 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:35,554 INFO L87 Difference]: Start difference. First operand 982 states and 1277 transitions. Second operand has 6 states, 6 states have (on average 8.166666666666666) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:36,352 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:36,352 INFO L93 Difference]: Finished difference Result 1901 states and 2519 transitions. [2022-02-20 18:10:36,352 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:36,352 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 8.166666666666666) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:36,352 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:36,353 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 8.166666666666666) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:36,355 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 215 transitions. [2022-02-20 18:10:36,355 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 8.166666666666666) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:36,357 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 215 transitions. [2022-02-20 18:10:36,357 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 215 transitions. [2022-02-20 18:10:36,487 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 215 edges. 215 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:36,537 INFO L225 Difference]: With dead ends: 1901 [2022-02-20 18:10:36,538 INFO L226 Difference]: Without dead ends: 926 [2022-02-20 18:10:36,540 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 12 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=45, Invalid=87, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:10:36,541 INFO L933 BasicCegarLoop]: 78 mSDtfsCounter, 107 mSDsluCounter, 232 mSDsCounter, 0 mSdLazyCounter, 122 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 109 SdHoareTripleChecker+Valid, 310 SdHoareTripleChecker+Invalid, 140 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 122 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:36,541 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [109 Valid, 310 Invalid, 140 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 122 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:36,542 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 926 states. [2022-02-20 18:10:36,721 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 926 to 892. [2022-02-20 18:10:36,721 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:36,728 INFO L82 GeneralOperation]: Start isEquivalent. First operand 926 states. Second operand has 892 states, 717 states have (on average 1.2580195258019526) internal successors, (902), 767 states have internal predecessors, (902), 82 states have call successors, (82), 80 states have call predecessors, (82), 92 states have return successors, (151), 79 states have call predecessors, (151), 82 states have call successors, (151) [2022-02-20 18:10:36,730 INFO L74 IsIncluded]: Start isIncluded. First operand 926 states. Second operand has 892 states, 717 states have (on average 1.2580195258019526) internal successors, (902), 767 states have internal predecessors, (902), 82 states have call successors, (82), 80 states have call predecessors, (82), 92 states have return successors, (151), 79 states have call predecessors, (151), 82 states have call successors, (151) [2022-02-20 18:10:36,734 INFO L87 Difference]: Start difference. First operand 926 states. Second operand has 892 states, 717 states have (on average 1.2580195258019526) internal successors, (902), 767 states have internal predecessors, (902), 82 states have call successors, (82), 80 states have call predecessors, (82), 92 states have return successors, (151), 79 states have call predecessors, (151), 82 states have call successors, (151) [2022-02-20 18:10:36,776 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:36,776 INFO L93 Difference]: Finished difference Result 926 states and 1190 transitions. [2022-02-20 18:10:36,776 INFO L276 IsEmpty]: Start isEmpty. Operand 926 states and 1190 transitions. [2022-02-20 18:10:36,779 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:36,779 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:36,781 INFO L74 IsIncluded]: Start isIncluded. First operand has 892 states, 717 states have (on average 1.2580195258019526) internal successors, (902), 767 states have internal predecessors, (902), 82 states have call successors, (82), 80 states have call predecessors, (82), 92 states have return successors, (151), 79 states have call predecessors, (151), 82 states have call successors, (151) Second operand 926 states. [2022-02-20 18:10:36,782 INFO L87 Difference]: Start difference. First operand has 892 states, 717 states have (on average 1.2580195258019526) internal successors, (902), 767 states have internal predecessors, (902), 82 states have call successors, (82), 80 states have call predecessors, (82), 92 states have return successors, (151), 79 states have call predecessors, (151), 82 states have call successors, (151) Second operand 926 states. [2022-02-20 18:10:36,824 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:36,824 INFO L93 Difference]: Finished difference Result 926 states and 1190 transitions. [2022-02-20 18:10:36,824 INFO L276 IsEmpty]: Start isEmpty. Operand 926 states and 1190 transitions. [2022-02-20 18:10:36,827 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:36,827 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:36,828 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:36,828 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:36,829 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 892 states, 717 states have (on average 1.2580195258019526) internal successors, (902), 767 states have internal predecessors, (902), 82 states have call successors, (82), 80 states have call predecessors, (82), 92 states have return successors, (151), 79 states have call predecessors, (151), 82 states have call successors, (151) [2022-02-20 18:10:36,881 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 892 states to 892 states and 1135 transitions. [2022-02-20 18:10:36,883 INFO L78 Accepts]: Start accepts. Automaton has 892 states and 1135 transitions. Word has length 57 [2022-02-20 18:10:36,883 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:36,883 INFO L470 AbstractCegarLoop]: Abstraction has 892 states and 1135 transitions. [2022-02-20 18:10:36,883 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 8.166666666666666) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:36,884 INFO L276 IsEmpty]: Start isEmpty. Operand 892 states and 1135 transitions. [2022-02-20 18:10:36,885 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2022-02-20 18:10:36,885 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:36,886 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:36,886 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:10:36,886 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:36,886 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:36,886 INFO L85 PathProgramCache]: Analyzing trace with hash 1821830511, now seen corresponding path program 1 times [2022-02-20 18:10:36,887 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:36,887 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [614864017] [2022-02-20 18:10:36,887 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:36,887 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:36,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:36,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:36,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:36,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {23862#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {23834#true} is VALID [2022-02-20 18:10:36,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {23834#true} assume true; {23834#true} is VALID [2022-02-20 18:10:36,974 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {23834#true} {23834#true} #214#return; {23834#true} is VALID [2022-02-20 18:10:36,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:10:36,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {23863#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {23834#true} is VALID [2022-02-20 18:10:37,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {23834#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {23834#true} is VALID [2022-02-20 18:10:37,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {23834#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {23834#true} is VALID [2022-02-20 18:10:37,001 INFO L290 TraceCheckUtils]: 3: Hoare triple {23834#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~11#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,002 INFO L290 TraceCheckUtils]: 4: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,002 INFO L290 TraceCheckUtils]: 5: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,002 INFO L290 TraceCheckUtils]: 6: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,003 INFO L290 TraceCheckUtils]: 7: Hoare triple {23856#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,003 INFO L290 TraceCheckUtils]: 8: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,003 INFO L290 TraceCheckUtils]: 9: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,004 INFO L290 TraceCheckUtils]: 10: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,004 INFO L290 TraceCheckUtils]: 11: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,005 INFO L290 TraceCheckUtils]: 12: Hoare triple {23856#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,005 INFO L290 TraceCheckUtils]: 13: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,005 INFO L290 TraceCheckUtils]: 14: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,006 INFO L290 TraceCheckUtils]: 15: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,006 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {23856#(<= 2 ~waterLevel~0)} {23834#true} #218#return; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,006 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2022-02-20 18:10:37,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {23834#true} assume true; {23834#true} is VALID [2022-02-20 18:10:37,009 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {23834#true} {23857#(<= 1 ~waterLevel~0)} #212#return; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {23834#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {23834#true} is VALID [2022-02-20 18:10:37,010 INFO L290 TraceCheckUtils]: 1: Hoare triple {23834#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {23834#true} is VALID [2022-02-20 18:10:37,010 INFO L290 TraceCheckUtils]: 2: Hoare triple {23834#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23834#true} is VALID [2022-02-20 18:10:37,010 INFO L290 TraceCheckUtils]: 3: Hoare triple {23834#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {23834#true} is VALID [2022-02-20 18:10:37,010 INFO L290 TraceCheckUtils]: 4: Hoare triple {23834#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {23834#true} is VALID [2022-02-20 18:10:37,010 INFO L290 TraceCheckUtils]: 5: Hoare triple {23834#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {23834#true} is VALID [2022-02-20 18:10:37,010 INFO L290 TraceCheckUtils]: 6: Hoare triple {23834#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {23834#true} is VALID [2022-02-20 18:10:37,010 INFO L290 TraceCheckUtils]: 7: Hoare triple {23834#true} assume !false; {23834#true} is VALID [2022-02-20 18:10:37,011 INFO L290 TraceCheckUtils]: 8: Hoare triple {23834#true} assume test_~splverifierCounter~0#1 < 4; {23834#true} is VALID [2022-02-20 18:10:37,011 INFO L290 TraceCheckUtils]: 9: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {23834#true} is VALID [2022-02-20 18:10:37,011 INFO L290 TraceCheckUtils]: 10: Hoare triple {23834#true} assume 0 != test_~tmp~0#1; {23834#true} is VALID [2022-02-20 18:10:37,011 INFO L272 TraceCheckUtils]: 11: Hoare triple {23834#true} call waterRise(); {23862#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:37,011 INFO L290 TraceCheckUtils]: 12: Hoare triple {23862#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {23834#true} is VALID [2022-02-20 18:10:37,012 INFO L290 TraceCheckUtils]: 13: Hoare triple {23834#true} assume true; {23834#true} is VALID [2022-02-20 18:10:37,012 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {23834#true} {23834#true} #214#return; {23834#true} is VALID [2022-02-20 18:10:37,012 INFO L290 TraceCheckUtils]: 15: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {23834#true} is VALID [2022-02-20 18:10:37,012 INFO L290 TraceCheckUtils]: 16: Hoare triple {23834#true} assume !(0 != test_~tmp___0~0#1); {23834#true} is VALID [2022-02-20 18:10:37,012 INFO L290 TraceCheckUtils]: 17: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {23834#true} is VALID [2022-02-20 18:10:37,012 INFO L290 TraceCheckUtils]: 18: Hoare triple {23834#true} assume 0 != test_~tmp___2~0#1; {23834#true} is VALID [2022-02-20 18:10:37,013 INFO L272 TraceCheckUtils]: 19: Hoare triple {23834#true} call timeShift(); {23863#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:37,013 INFO L290 TraceCheckUtils]: 20: Hoare triple {23863#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {23834#true} is VALID [2022-02-20 18:10:37,013 INFO L290 TraceCheckUtils]: 21: Hoare triple {23834#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {23834#true} is VALID [2022-02-20 18:10:37,013 INFO L290 TraceCheckUtils]: 22: Hoare triple {23834#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {23834#true} is VALID [2022-02-20 18:10:37,014 INFO L290 TraceCheckUtils]: 23: Hoare triple {23834#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~11#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,014 INFO L290 TraceCheckUtils]: 24: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,014 INFO L290 TraceCheckUtils]: 25: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,015 INFO L290 TraceCheckUtils]: 26: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,015 INFO L290 TraceCheckUtils]: 27: Hoare triple {23856#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,015 INFO L290 TraceCheckUtils]: 28: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,016 INFO L290 TraceCheckUtils]: 29: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,016 INFO L290 TraceCheckUtils]: 30: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,016 INFO L290 TraceCheckUtils]: 31: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,017 INFO L290 TraceCheckUtils]: 32: Hoare triple {23856#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,017 INFO L290 TraceCheckUtils]: 33: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,017 INFO L290 TraceCheckUtils]: 34: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,018 INFO L290 TraceCheckUtils]: 35: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,018 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {23856#(<= 2 ~waterLevel~0)} {23834#true} #218#return; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,019 INFO L290 TraceCheckUtils]: 37: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !false; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,019 INFO L290 TraceCheckUtils]: 38: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,019 INFO L290 TraceCheckUtils]: 39: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,020 INFO L290 TraceCheckUtils]: 40: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~0#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,020 INFO L290 TraceCheckUtils]: 41: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,020 INFO L290 TraceCheckUtils]: 42: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,021 INFO L290 TraceCheckUtils]: 43: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,021 INFO L290 TraceCheckUtils]: 44: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,021 INFO L272 TraceCheckUtils]: 45: Hoare triple {23856#(<= 2 ~waterLevel~0)} call timeShift(); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,022 INFO L290 TraceCheckUtils]: 46: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,022 INFO L290 TraceCheckUtils]: 47: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,022 INFO L290 TraceCheckUtils]: 48: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,023 INFO L290 TraceCheckUtils]: 49: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,023 INFO L290 TraceCheckUtils]: 50: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,023 INFO L272 TraceCheckUtils]: 51: Hoare triple {23857#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {23834#true} is VALID [2022-02-20 18:10:37,023 INFO L290 TraceCheckUtils]: 52: Hoare triple {23834#true} assume true; {23834#true} is VALID [2022-02-20 18:10:37,024 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {23834#true} {23857#(<= 1 ~waterLevel~0)} #212#return; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,024 INFO L290 TraceCheckUtils]: 54: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,025 INFO L290 TraceCheckUtils]: 55: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {23860#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:10:37,025 INFO L290 TraceCheckUtils]: 56: Hoare triple {23860#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {23861#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| 0))} is VALID [2022-02-20 18:10:37,025 INFO L290 TraceCheckUtils]: 57: Hoare triple {23861#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {23835#false} is VALID [2022-02-20 18:10:37,026 INFO L290 TraceCheckUtils]: 58: Hoare triple {23835#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {23835#false} is VALID [2022-02-20 18:10:37,026 INFO L290 TraceCheckUtils]: 59: Hoare triple {23835#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {23835#false} is VALID [2022-02-20 18:10:37,026 INFO L290 TraceCheckUtils]: 60: Hoare triple {23835#false} assume !false; {23835#false} is VALID [2022-02-20 18:10:37,026 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 11 proven. 5 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:37,026 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:37,026 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [614864017] [2022-02-20 18:10:37,027 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [614864017] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:10:37,027 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [37090077] [2022-02-20 18:10:37,027 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:37,027 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:10:37,027 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:37,029 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:10:37,051 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:10:37,116 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,118 INFO L263 TraceCheckSpWp]: Trace formula consists of 379 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:10:37,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,133 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:37,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {23834#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {23834#true} is VALID [2022-02-20 18:10:37,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {23834#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {23834#true} is VALID [2022-02-20 18:10:37,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {23834#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23834#true} is VALID [2022-02-20 18:10:37,381 INFO L290 TraceCheckUtils]: 3: Hoare triple {23834#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {23834#true} is VALID [2022-02-20 18:10:37,381 INFO L290 TraceCheckUtils]: 4: Hoare triple {23834#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {23834#true} is VALID [2022-02-20 18:10:37,381 INFO L290 TraceCheckUtils]: 5: Hoare triple {23834#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {23834#true} is VALID [2022-02-20 18:10:37,381 INFO L290 TraceCheckUtils]: 6: Hoare triple {23834#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {23834#true} is VALID [2022-02-20 18:10:37,381 INFO L290 TraceCheckUtils]: 7: Hoare triple {23834#true} assume !false; {23834#true} is VALID [2022-02-20 18:10:37,382 INFO L290 TraceCheckUtils]: 8: Hoare triple {23834#true} assume test_~splverifierCounter~0#1 < 4; {23834#true} is VALID [2022-02-20 18:10:37,382 INFO L290 TraceCheckUtils]: 9: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {23834#true} is VALID [2022-02-20 18:10:37,382 INFO L290 TraceCheckUtils]: 10: Hoare triple {23834#true} assume 0 != test_~tmp~0#1; {23834#true} is VALID [2022-02-20 18:10:37,382 INFO L272 TraceCheckUtils]: 11: Hoare triple {23834#true} call waterRise(); {23834#true} is VALID [2022-02-20 18:10:37,382 INFO L290 TraceCheckUtils]: 12: Hoare triple {23834#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {23834#true} is VALID [2022-02-20 18:10:37,382 INFO L290 TraceCheckUtils]: 13: Hoare triple {23834#true} assume true; {23834#true} is VALID [2022-02-20 18:10:37,383 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {23834#true} {23834#true} #214#return; {23834#true} is VALID [2022-02-20 18:10:37,383 INFO L290 TraceCheckUtils]: 15: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {23834#true} is VALID [2022-02-20 18:10:37,383 INFO L290 TraceCheckUtils]: 16: Hoare triple {23834#true} assume !(0 != test_~tmp___0~0#1); {23834#true} is VALID [2022-02-20 18:10:37,383 INFO L290 TraceCheckUtils]: 17: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {23834#true} is VALID [2022-02-20 18:10:37,383 INFO L290 TraceCheckUtils]: 18: Hoare triple {23834#true} assume 0 != test_~tmp___2~0#1; {23834#true} is VALID [2022-02-20 18:10:37,383 INFO L272 TraceCheckUtils]: 19: Hoare triple {23834#true} call timeShift(); {23834#true} is VALID [2022-02-20 18:10:37,383 INFO L290 TraceCheckUtils]: 20: Hoare triple {23834#true} assume !(0 != ~pumpRunning~0); {23834#true} is VALID [2022-02-20 18:10:37,384 INFO L290 TraceCheckUtils]: 21: Hoare triple {23834#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {23834#true} is VALID [2022-02-20 18:10:37,384 INFO L290 TraceCheckUtils]: 22: Hoare triple {23834#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {23834#true} is VALID [2022-02-20 18:10:37,384 INFO L290 TraceCheckUtils]: 23: Hoare triple {23834#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~11#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,385 INFO L290 TraceCheckUtils]: 24: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,385 INFO L290 TraceCheckUtils]: 25: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,386 INFO L290 TraceCheckUtils]: 26: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,386 INFO L290 TraceCheckUtils]: 27: Hoare triple {23856#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,386 INFO L290 TraceCheckUtils]: 28: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,387 INFO L290 TraceCheckUtils]: 29: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,387 INFO L290 TraceCheckUtils]: 30: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,388 INFO L290 TraceCheckUtils]: 31: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,388 INFO L290 TraceCheckUtils]: 32: Hoare triple {23856#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,389 INFO L290 TraceCheckUtils]: 33: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,389 INFO L290 TraceCheckUtils]: 34: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,389 INFO L290 TraceCheckUtils]: 35: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,390 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {23856#(<= 2 ~waterLevel~0)} {23834#true} #218#return; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,390 INFO L290 TraceCheckUtils]: 37: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !false; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,391 INFO L290 TraceCheckUtils]: 38: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,391 INFO L290 TraceCheckUtils]: 39: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,392 INFO L290 TraceCheckUtils]: 40: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~0#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,392 INFO L290 TraceCheckUtils]: 41: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,392 INFO L290 TraceCheckUtils]: 42: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,393 INFO L290 TraceCheckUtils]: 43: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,393 INFO L290 TraceCheckUtils]: 44: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,394 INFO L272 TraceCheckUtils]: 45: Hoare triple {23856#(<= 2 ~waterLevel~0)} call timeShift(); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,394 INFO L290 TraceCheckUtils]: 46: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,395 INFO L290 TraceCheckUtils]: 47: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,395 INFO L290 TraceCheckUtils]: 48: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,395 INFO L290 TraceCheckUtils]: 49: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,396 INFO L290 TraceCheckUtils]: 50: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,396 INFO L272 TraceCheckUtils]: 51: Hoare triple {23857#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,397 INFO L290 TraceCheckUtils]: 52: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume true; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,397 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {23857#(<= 1 ~waterLevel~0)} {23857#(<= 1 ~waterLevel~0)} #212#return; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,397 INFO L290 TraceCheckUtils]: 54: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,398 INFO L290 TraceCheckUtils]: 55: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {24032#(<= 1 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:10:37,398 INFO L290 TraceCheckUtils]: 56: Hoare triple {24032#(<= 1 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {24036#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1|)} is VALID [2022-02-20 18:10:37,399 INFO L290 TraceCheckUtils]: 57: Hoare triple {24036#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1|)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {23835#false} is VALID [2022-02-20 18:10:37,399 INFO L290 TraceCheckUtils]: 58: Hoare triple {23835#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {23835#false} is VALID [2022-02-20 18:10:37,399 INFO L290 TraceCheckUtils]: 59: Hoare triple {23835#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {23835#false} is VALID [2022-02-20 18:10:37,399 INFO L290 TraceCheckUtils]: 60: Hoare triple {23835#false} assume !false; {23835#false} is VALID [2022-02-20 18:10:37,400 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 4 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:37,400 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:37,643 INFO L290 TraceCheckUtils]: 60: Hoare triple {23835#false} assume !false; {23835#false} is VALID [2022-02-20 18:10:37,644 INFO L290 TraceCheckUtils]: 59: Hoare triple {23835#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {23835#false} is VALID [2022-02-20 18:10:37,644 INFO L290 TraceCheckUtils]: 58: Hoare triple {23835#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {23835#false} is VALID [2022-02-20 18:10:37,644 INFO L290 TraceCheckUtils]: 57: Hoare triple {24036#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1|)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {23835#false} is VALID [2022-02-20 18:10:37,644 INFO L290 TraceCheckUtils]: 56: Hoare triple {24032#(<= 1 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {24036#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1|)} is VALID [2022-02-20 18:10:37,645 INFO L290 TraceCheckUtils]: 55: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {24032#(<= 1 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:10:37,645 INFO L290 TraceCheckUtils]: 54: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,645 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {23834#true} {23857#(<= 1 ~waterLevel~0)} #212#return; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,646 INFO L290 TraceCheckUtils]: 52: Hoare triple {23834#true} assume true; {23834#true} is VALID [2022-02-20 18:10:37,646 INFO L272 TraceCheckUtils]: 51: Hoare triple {23857#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {23834#true} is VALID [2022-02-20 18:10:37,654 INFO L290 TraceCheckUtils]: 50: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,655 INFO L290 TraceCheckUtils]: 49: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,655 INFO L290 TraceCheckUtils]: 48: Hoare triple {23857#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,656 INFO L290 TraceCheckUtils]: 47: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {23857#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,656 INFO L290 TraceCheckUtils]: 46: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,656 INFO L272 TraceCheckUtils]: 45: Hoare triple {23856#(<= 2 ~waterLevel~0)} call timeShift(); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,657 INFO L290 TraceCheckUtils]: 44: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,657 INFO L290 TraceCheckUtils]: 43: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,657 INFO L290 TraceCheckUtils]: 42: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,657 INFO L290 TraceCheckUtils]: 41: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,658 INFO L290 TraceCheckUtils]: 40: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~0#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,658 INFO L290 TraceCheckUtils]: 39: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,658 INFO L290 TraceCheckUtils]: 38: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,659 INFO L290 TraceCheckUtils]: 37: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !false; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,659 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {23856#(<= 2 ~waterLevel~0)} {23834#true} #218#return; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,659 INFO L290 TraceCheckUtils]: 35: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,663 INFO L290 TraceCheckUtils]: 34: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,663 INFO L290 TraceCheckUtils]: 33: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~1#1); {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,664 INFO L290 TraceCheckUtils]: 32: Hoare triple {23856#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret8#1 && __utac_acc__Specification4_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,664 INFO L290 TraceCheckUtils]: 31: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,665 INFO L290 TraceCheckUtils]: 30: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,665 INFO L290 TraceCheckUtils]: 29: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,665 INFO L290 TraceCheckUtils]: 28: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,666 INFO L290 TraceCheckUtils]: 27: Hoare triple {23856#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret10#1 && processEnvironment_#t~ret10#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,666 INFO L290 TraceCheckUtils]: 26: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,667 INFO L290 TraceCheckUtils]: 25: Hoare triple {23856#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,667 INFO L290 TraceCheckUtils]: 24: Hoare triple {23856#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret20#1 && isHighWaterLevel_#t~ret20#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,668 INFO L290 TraceCheckUtils]: 23: Hoare triple {23834#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~11#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {23856#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:37,668 INFO L290 TraceCheckUtils]: 22: Hoare triple {23834#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {23834#true} is VALID [2022-02-20 18:10:37,668 INFO L290 TraceCheckUtils]: 21: Hoare triple {23834#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {23834#true} is VALID [2022-02-20 18:10:37,668 INFO L290 TraceCheckUtils]: 20: Hoare triple {23834#true} assume !(0 != ~pumpRunning~0); {23834#true} is VALID [2022-02-20 18:10:37,668 INFO L272 TraceCheckUtils]: 19: Hoare triple {23834#true} call timeShift(); {23834#true} is VALID [2022-02-20 18:10:37,668 INFO L290 TraceCheckUtils]: 18: Hoare triple {23834#true} assume 0 != test_~tmp___2~0#1; {23834#true} is VALID [2022-02-20 18:10:37,669 INFO L290 TraceCheckUtils]: 17: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {23834#true} is VALID [2022-02-20 18:10:37,669 INFO L290 TraceCheckUtils]: 16: Hoare triple {23834#true} assume !(0 != test_~tmp___0~0#1); {23834#true} is VALID [2022-02-20 18:10:37,669 INFO L290 TraceCheckUtils]: 15: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {23834#true} is VALID [2022-02-20 18:10:37,669 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {23834#true} {23834#true} #214#return; {23834#true} is VALID [2022-02-20 18:10:37,669 INFO L290 TraceCheckUtils]: 13: Hoare triple {23834#true} assume true; {23834#true} is VALID [2022-02-20 18:10:37,669 INFO L290 TraceCheckUtils]: 12: Hoare triple {23834#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {23834#true} is VALID [2022-02-20 18:10:37,670 INFO L272 TraceCheckUtils]: 11: Hoare triple {23834#true} call waterRise(); {23834#true} is VALID [2022-02-20 18:10:37,670 INFO L290 TraceCheckUtils]: 10: Hoare triple {23834#true} assume 0 != test_~tmp~0#1; {23834#true} is VALID [2022-02-20 18:10:37,670 INFO L290 TraceCheckUtils]: 9: Hoare triple {23834#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {23834#true} is VALID [2022-02-20 18:10:37,670 INFO L290 TraceCheckUtils]: 8: Hoare triple {23834#true} assume test_~splverifierCounter~0#1 < 4; {23834#true} is VALID [2022-02-20 18:10:37,670 INFO L290 TraceCheckUtils]: 7: Hoare triple {23834#true} assume !false; {23834#true} is VALID [2022-02-20 18:10:37,670 INFO L290 TraceCheckUtils]: 6: Hoare triple {23834#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {23834#true} is VALID [2022-02-20 18:10:37,671 INFO L290 TraceCheckUtils]: 5: Hoare triple {23834#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {23834#true} is VALID [2022-02-20 18:10:37,671 INFO L290 TraceCheckUtils]: 4: Hoare triple {23834#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {23834#true} is VALID [2022-02-20 18:10:37,671 INFO L290 TraceCheckUtils]: 3: Hoare triple {23834#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {23834#true} is VALID [2022-02-20 18:10:37,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {23834#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23834#true} is VALID [2022-02-20 18:10:37,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {23834#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {23834#true} is VALID [2022-02-20 18:10:37,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {23834#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {23834#true} is VALID [2022-02-20 18:10:37,672 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 4 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:37,672 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [37090077] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:37,672 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:10:37,672 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 6, 6] total 10 [2022-02-20 18:10:37,672 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1909884069] [2022-02-20 18:10:37,673 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:37,673 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 6.0) internal successors, (60), 8 states have internal predecessors, (60), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 61 [2022-02-20 18:10:37,674 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:37,674 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 6.0) internal successors, (60), 8 states have internal predecessors, (60), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:37,724 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 71 edges. 71 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:37,725 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:10:37,725 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:37,725 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:10:37,725 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:10:37,726 INFO L87 Difference]: Start difference. First operand 892 states and 1135 transitions. Second operand has 10 states, 10 states have (on average 6.0) internal successors, (60), 8 states have internal predecessors, (60), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:38,921 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,921 INFO L93 Difference]: Finished difference Result 1693 states and 2177 transitions. [2022-02-20 18:10:38,921 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-02-20 18:10:38,921 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 6.0) internal successors, (60), 8 states have internal predecessors, (60), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 61 [2022-02-20 18:10:38,922 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:38,922 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 6.0) internal successors, (60), 8 states have internal predecessors, (60), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:38,929 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 333 transitions. [2022-02-20 18:10:38,929 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 6.0) internal successors, (60), 8 states have internal predecessors, (60), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:38,932 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 333 transitions. [2022-02-20 18:10:38,933 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states and 333 transitions. [2022-02-20 18:10:39,205 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 333 edges. 333 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:39,257 INFO L225 Difference]: With dead ends: 1693 [2022-02-20 18:10:39,257 INFO L226 Difference]: Without dead ends: 911 [2022-02-20 18:10:39,259 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 125 SyntacticMatches, 3 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 112 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=161, Invalid=391, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:10:39,260 INFO L933 BasicCegarLoop]: 106 mSDtfsCounter, 218 mSDsluCounter, 418 mSDsCounter, 0 mSdLazyCounter, 240 mSolverCounterSat, 41 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 224 SdHoareTripleChecker+Valid, 524 SdHoareTripleChecker+Invalid, 281 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 41 IncrementalHoareTripleChecker+Valid, 240 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:39,260 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [224 Valid, 524 Invalid, 281 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [41 Valid, 240 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:39,261 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 911 states. [2022-02-20 18:10:39,451 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 911 to 813. [2022-02-20 18:10:39,451 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:39,453 INFO L82 GeneralOperation]: Start isEquivalent. First operand 911 states. Second operand has 813 states, 650 states have (on average 1.2338461538461538) internal successors, (802), 699 states have internal predecessors, (802), 76 states have call successors, (76), 74 states have call predecessors, (76), 86 states have return successors, (143), 68 states have call predecessors, (143), 76 states have call successors, (143) [2022-02-20 18:10:39,454 INFO L74 IsIncluded]: Start isIncluded. First operand 911 states. Second operand has 813 states, 650 states have (on average 1.2338461538461538) internal successors, (802), 699 states have internal predecessors, (802), 76 states have call successors, (76), 74 states have call predecessors, (76), 86 states have return successors, (143), 68 states have call predecessors, (143), 76 states have call successors, (143) [2022-02-20 18:10:39,455 INFO L87 Difference]: Start difference. First operand 911 states. Second operand has 813 states, 650 states have (on average 1.2338461538461538) internal successors, (802), 699 states have internal predecessors, (802), 76 states have call successors, (76), 74 states have call predecessors, (76), 86 states have return successors, (143), 68 states have call predecessors, (143), 76 states have call successors, (143) [2022-02-20 18:10:39,495 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,495 INFO L93 Difference]: Finished difference Result 911 states and 1150 transitions. [2022-02-20 18:10:39,495 INFO L276 IsEmpty]: Start isEmpty. Operand 911 states and 1150 transitions. [2022-02-20 18:10:39,498 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,498 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,499 INFO L74 IsIncluded]: Start isIncluded. First operand has 813 states, 650 states have (on average 1.2338461538461538) internal successors, (802), 699 states have internal predecessors, (802), 76 states have call successors, (76), 74 states have call predecessors, (76), 86 states have return successors, (143), 68 states have call predecessors, (143), 76 states have call successors, (143) Second operand 911 states. [2022-02-20 18:10:39,500 INFO L87 Difference]: Start difference. First operand has 813 states, 650 states have (on average 1.2338461538461538) internal successors, (802), 699 states have internal predecessors, (802), 76 states have call successors, (76), 74 states have call predecessors, (76), 86 states have return successors, (143), 68 states have call predecessors, (143), 76 states have call successors, (143) Second operand 911 states. [2022-02-20 18:10:39,541 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,541 INFO L93 Difference]: Finished difference Result 911 states and 1150 transitions. [2022-02-20 18:10:39,541 INFO L276 IsEmpty]: Start isEmpty. Operand 911 states and 1150 transitions. [2022-02-20 18:10:39,544 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,544 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,544 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:39,544 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:39,546 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 813 states, 650 states have (on average 1.2338461538461538) internal successors, (802), 699 states have internal predecessors, (802), 76 states have call successors, (76), 74 states have call predecessors, (76), 86 states have return successors, (143), 68 states have call predecessors, (143), 76 states have call successors, (143) [2022-02-20 18:10:39,591 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 813 states to 813 states and 1021 transitions. [2022-02-20 18:10:39,591 INFO L78 Accepts]: Start accepts. Automaton has 813 states and 1021 transitions. Word has length 61 [2022-02-20 18:10:39,592 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:39,592 INFO L470 AbstractCegarLoop]: Abstraction has 813 states and 1021 transitions. [2022-02-20 18:10:39,592 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 6.0) internal successors, (60), 8 states have internal predecessors, (60), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:39,592 INFO L276 IsEmpty]: Start isEmpty. Operand 813 states and 1021 transitions. [2022-02-20 18:10:39,594 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-02-20 18:10:39,594 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:39,594 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:39,620 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:39,807 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable8 [2022-02-20 18:10:39,808 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:39,808 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:39,808 INFO L85 PathProgramCache]: Analyzing trace with hash 1956651692, now seen corresponding path program 2 times [2022-02-20 18:10:39,808 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:39,808 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1543107551] [2022-02-20 18:10:39,809 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:39,809 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:39,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:39,845 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:10:39,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:39,895 INFO L138 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2022-02-20 18:10:39,895 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:10:39,896 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:39,898 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2022-02-20 18:10:39,900 INFO L732 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:39,902 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:39,952 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:10:39,953 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:10:39,960 INFO L158 Benchmark]: Toolchain (without parser) took 16784.18ms. Allocated memory was 102.8MB in the beginning and 205.5MB in the end (delta: 102.8MB). Free memory was 67.8MB in the beginning and 77.2MB in the end (delta: -9.4MB). Peak memory consumption was 94.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:39,960 INFO L158 Benchmark]: CDTParser took 0.18ms. Allocated memory is still 81.8MB. Free memory was 42.7MB in the beginning and 42.6MB in the end (delta: 83.9kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:39,961 INFO L158 Benchmark]: CACSL2BoogieTranslator took 422.71ms. Allocated memory is still 102.8MB. Free memory was 67.6MB in the beginning and 66.4MB in the end (delta: 1.2MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:39,961 INFO L158 Benchmark]: Boogie Procedure Inliner took 45.86ms. Allocated memory is still 102.8MB. Free memory was 66.4MB in the beginning and 63.7MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:39,961 INFO L158 Benchmark]: Boogie Preprocessor took 29.54ms. Allocated memory is still 102.8MB. Free memory was 63.7MB in the beginning and 62.2MB in the end (delta: 1.5MB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:39,961 INFO L158 Benchmark]: RCFGBuilder took 437.36ms. Allocated memory is still 102.8MB. Free memory was 62.2MB in the beginning and 43.3MB in the end (delta: 19.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:39,965 INFO L158 Benchmark]: TraceAbstraction took 15840.15ms. Allocated memory was 102.8MB in the beginning and 205.5MB in the end (delta: 102.8MB). Free memory was 42.7MB in the beginning and 77.2MB in the end (delta: -34.5MB). Peak memory consumption was 69.8MB. Max. memory is 16.1GB. [2022-02-20 18:10:39,967 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.18ms. Allocated memory is still 81.8MB. Free memory was 42.7MB in the beginning and 42.6MB in the end (delta: 83.9kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 422.71ms. Allocated memory is still 102.8MB. Free memory was 67.6MB in the beginning and 66.4MB in the end (delta: 1.2MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 45.86ms. Allocated memory is still 102.8MB. Free memory was 66.4MB in the beginning and 63.7MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 29.54ms. Allocated memory is still 102.8MB. Free memory was 63.7MB in the beginning and 62.2MB in the end (delta: 1.5MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 437.36ms. Allocated memory is still 102.8MB. Free memory was 62.2MB in the beginning and 43.3MB in the end (delta: 19.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 15840.15ms. Allocated memory was 102.8MB in the beginning and 205.5MB in the end (delta: 102.8MB). Free memory was 42.7MB in the beginning and 77.2MB in the end (delta: -34.5MB). Peak memory consumption was 69.8MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:10:39,999 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash ef69c83623105b68e3213a0f6e5530f40867a5bc091f925c8e4d647572a9cdfc --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:41,865 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:41,867 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:41,898 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:41,899 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:41,900 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:41,901 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:41,902 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:41,904 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:41,904 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:41,905 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:41,906 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:41,907 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:41,907 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:41,908 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:41,909 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:41,910 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:41,910 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:41,912 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:41,913 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:41,914 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:41,915 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:41,916 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:41,917 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:41,919 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:41,919 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:41,920 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:41,920 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:41,921 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:41,921 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:41,922 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:41,922 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:41,923 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:41,924 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:41,925 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:41,925 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:41,925 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:41,926 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:41,926 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:41,926 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:41,927 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:41,928 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf [2022-02-20 18:10:41,957 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:41,957 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:41,957 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:41,958 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:41,958 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:41,958 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:41,959 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:41,959 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:41,959 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:41,960 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:41,960 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:41,960 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:41,960 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:41,960 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:41,960 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:41,961 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:41,961 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 18:10:41,961 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-02-20 18:10:41,961 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-02-20 18:10:41,961 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:41,961 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:41,962 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:41,962 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:41,962 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:41,962 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:41,962 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:41,963 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:41,963 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:41,963 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:41,963 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:41,963 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-02-20 18:10:41,963 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-02-20 18:10:41,964 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:41,964 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:41,964 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:41,964 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-02-20 18:10:41,964 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> ef69c83623105b68e3213a0f6e5530f40867a5bc091f925c8e4d647572a9cdfc [2022-02-20 18:10:42,243 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:42,265 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:42,268 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:42,269 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:42,269 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:42,270 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c [2022-02-20 18:10:42,327 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9406f9f68/6da63a02b59a4015a908d641c15a42c8/FLAG0f20eef75 [2022-02-20 18:10:42,800 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:42,804 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c [2022-02-20 18:10:42,817 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9406f9f68/6da63a02b59a4015a908d641c15a42c8/FLAG0f20eef75 [2022-02-20 18:10:43,309 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9406f9f68/6da63a02b59a4015a908d641c15a42c8 [2022-02-20 18:10:43,311 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:43,312 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:43,313 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:43,314 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:43,316 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:43,317 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,318 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@31bd6993 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43, skipping insertion in model container [2022-02-20 18:10:43,318 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,328 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:43,365 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:43,652 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c[16086,16099] [2022-02-20 18:10:43,664 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:43,685 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-02-20 18:10:43,696 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:43,751 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c[16086,16099] [2022-02-20 18:10:43,764 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:43,768 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:43,835 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product35.cil.c[16086,16099] [2022-02-20 18:10:43,840 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:43,869 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:43,869 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43 WrapperNode [2022-02-20 18:10:43,869 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:43,870 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:43,870 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:43,870 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:43,876 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,901 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,941 INFO L137 Inliner]: procedures = 55, calls = 151, calls flagged for inlining = 23, calls inlined = 19, statements flattened = 221 [2022-02-20 18:10:43,942 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:43,943 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:43,943 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:43,943 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:43,950 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,950 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,970 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,971 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,976 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,980 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,981 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:43,999 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:44,000 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:44,000 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:44,001 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:44,001 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (1/1) ... [2022-02-20 18:10:44,008 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:44,016 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:44,026 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:44,032 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:44,070 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:44,070 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:44,070 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:44,070 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:44,071 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:44,071 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:44,071 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:44,071 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:44,071 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:44,071 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE1 [2022-02-20 18:10:44,072 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:44,072 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:44,072 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:44,072 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:44,176 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:44,177 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:44,461 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:44,469 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:44,470 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:44,472 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:44 BoogieIcfgContainer [2022-02-20 18:10:44,472 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:44,475 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:44,475 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:44,492 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:44,492 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:43" (1/3) ... [2022-02-20 18:10:44,492 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4f8fa40d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:44, skipping insertion in model container [2022-02-20 18:10:44,492 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:43" (2/3) ... [2022-02-20 18:10:44,493 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4f8fa40d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:44, skipping insertion in model container [2022-02-20 18:10:44,493 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:44" (3/3) ... [2022-02-20 18:10:44,494 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product35.cil.c [2022-02-20 18:10:44,497 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:44,498 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:44,549 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:44,554 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:44,554 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:44,576 INFO L276 IsEmpty]: Start isEmpty. Operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:10:44,583 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:44,583 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:44,584 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:44,584 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:44,588 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:44,589 INFO L85 PathProgramCache]: Analyzing trace with hash -1047467425, now seen corresponding path program 1 times [2022-02-20 18:10:44,601 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:44,602 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1739495424] [2022-02-20 18:10:44,602 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:44,603 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:44,603 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:44,607 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:44,638 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-02-20 18:10:44,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:44,716 INFO L263 TraceCheckSpWp]: Trace formula consists of 144 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:10:44,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:44,729 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:44,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {77#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {77#true} is VALID [2022-02-20 18:10:44,820 INFO L290 TraceCheckUtils]: 1: Hoare triple {77#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {77#true} is VALID [2022-02-20 18:10:44,820 INFO L290 TraceCheckUtils]: 2: Hoare triple {77#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {77#true} is VALID [2022-02-20 18:10:44,820 INFO L290 TraceCheckUtils]: 3: Hoare triple {77#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {77#true} is VALID [2022-02-20 18:10:44,821 INFO L290 TraceCheckUtils]: 4: Hoare triple {77#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {77#true} is VALID [2022-02-20 18:10:44,821 INFO L290 TraceCheckUtils]: 5: Hoare triple {77#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {77#true} is VALID [2022-02-20 18:10:44,821 INFO L290 TraceCheckUtils]: 6: Hoare triple {77#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {77#true} is VALID [2022-02-20 18:10:44,822 INFO L290 TraceCheckUtils]: 7: Hoare triple {77#true} assume false; {78#false} is VALID [2022-02-20 18:10:44,822 INFO L272 TraceCheckUtils]: 8: Hoare triple {78#false} call cleanup(); {78#false} is VALID [2022-02-20 18:10:44,822 INFO L290 TraceCheckUtils]: 9: Hoare triple {78#false} havoc ~i~0;havoc ~__cil_tmp2~0; {78#false} is VALID [2022-02-20 18:10:44,823 INFO L272 TraceCheckUtils]: 10: Hoare triple {78#false} call timeShift(); {78#false} is VALID [2022-02-20 18:10:44,823 INFO L290 TraceCheckUtils]: 11: Hoare triple {78#false} assume !(0bv32 != ~pumpRunning~0); {78#false} is VALID [2022-02-20 18:10:44,823 INFO L290 TraceCheckUtils]: 12: Hoare triple {78#false} assume !(0bv32 != ~systemActive~0); {78#false} is VALID [2022-02-20 18:10:44,823 INFO L290 TraceCheckUtils]: 13: Hoare triple {78#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {78#false} is VALID [2022-02-20 18:10:44,824 INFO L290 TraceCheckUtils]: 14: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {78#false} is VALID [2022-02-20 18:10:44,824 INFO L290 TraceCheckUtils]: 15: Hoare triple {78#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {78#false} is VALID [2022-02-20 18:10:44,824 INFO L290 TraceCheckUtils]: 16: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {78#false} is VALID [2022-02-20 18:10:44,825 INFO L290 TraceCheckUtils]: 17: Hoare triple {78#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {78#false} is VALID [2022-02-20 18:10:44,825 INFO L290 TraceCheckUtils]: 18: Hoare triple {78#false} assume !false; {78#false} is VALID [2022-02-20 18:10:44,830 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:44,831 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:44,831 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:44,831 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1739495424] [2022-02-20 18:10:44,832 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1739495424] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:44,832 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:44,832 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:44,833 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [443738317] [2022-02-20 18:10:44,834 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:44,838 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:44,840 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:44,843 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:44,874 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:44,874 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:44,874 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:44,901 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:44,902 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:44,904 INFO L87 Difference]: Start difference. First operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,014 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,014 INFO L93 Difference]: Finished difference Result 140 states and 193 transitions. [2022-02-20 18:10:45,014 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:45,015 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:45,015 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:45,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,046 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:45,059 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,086 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:45,087 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 193 transitions. [2022-02-20 18:10:45,263 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 193 edges. 193 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:45,273 INFO L225 Difference]: With dead ends: 140 [2022-02-20 18:10:45,273 INFO L226 Difference]: Without dead ends: 65 [2022-02-20 18:10:45,276 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:45,279 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 93 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:45,279 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 93 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:45,296 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 65 states. [2022-02-20 18:10:45,309 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 65 to 65. [2022-02-20 18:10:45,310 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:45,311 INFO L82 GeneralOperation]: Start isEquivalent. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:45,312 INFO L74 IsIncluded]: Start isIncluded. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:45,312 INFO L87 Difference]: Start difference. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:45,318 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,319 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:45,319 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:45,320 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,320 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,321 INFO L74 IsIncluded]: Start isIncluded. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:45,321 INFO L87 Difference]: Start difference. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:45,327 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,327 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:45,332 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:45,338 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,338 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,339 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:45,339 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:45,341 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:45,351 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 65 states to 65 states and 84 transitions. [2022-02-20 18:10:45,354 INFO L78 Accepts]: Start accepts. Automaton has 65 states and 84 transitions. Word has length 19 [2022-02-20 18:10:45,354 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:45,355 INFO L470 AbstractCegarLoop]: Abstraction has 65 states and 84 transitions. [2022-02-20 18:10:45,355 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,355 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:45,356 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:45,356 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:45,356 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:45,367 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:45,565 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:45,566 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:45,566 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:45,567 INFO L85 PathProgramCache]: Analyzing trace with hash 526246002, now seen corresponding path program 1 times [2022-02-20 18:10:45,567 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:45,567 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2143903206] [2022-02-20 18:10:45,567 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:45,568 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:45,568 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:45,569 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:45,571 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-02-20 18:10:45,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:45,622 INFO L263 TraceCheckSpWp]: Trace formula consists of 145 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:10:45,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:45,632 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:45,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {562#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {562#true} is VALID [2022-02-20 18:10:45,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {562#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {562#true} is VALID [2022-02-20 18:10:45,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {562#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {562#true} is VALID [2022-02-20 18:10:45,696 INFO L290 TraceCheckUtils]: 3: Hoare triple {562#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {562#true} is VALID [2022-02-20 18:10:45,696 INFO L290 TraceCheckUtils]: 4: Hoare triple {562#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {562#true} is VALID [2022-02-20 18:10:45,696 INFO L290 TraceCheckUtils]: 5: Hoare triple {562#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {562#true} is VALID [2022-02-20 18:10:45,697 INFO L290 TraceCheckUtils]: 6: Hoare triple {562#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:10:45,697 INFO L290 TraceCheckUtils]: 7: Hoare triple {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !false; {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:10:45,698 INFO L290 TraceCheckUtils]: 8: Hoare triple {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !~bvslt32(test_~splverifierCounter~0#1, 4bv32); {563#false} is VALID [2022-02-20 18:10:45,698 INFO L272 TraceCheckUtils]: 9: Hoare triple {563#false} call cleanup(); {563#false} is VALID [2022-02-20 18:10:45,698 INFO L290 TraceCheckUtils]: 10: Hoare triple {563#false} havoc ~i~0;havoc ~__cil_tmp2~0; {563#false} is VALID [2022-02-20 18:10:45,699 INFO L272 TraceCheckUtils]: 11: Hoare triple {563#false} call timeShift(); {563#false} is VALID [2022-02-20 18:10:45,699 INFO L290 TraceCheckUtils]: 12: Hoare triple {563#false} assume !(0bv32 != ~pumpRunning~0); {563#false} is VALID [2022-02-20 18:10:45,699 INFO L290 TraceCheckUtils]: 13: Hoare triple {563#false} assume !(0bv32 != ~systemActive~0); {563#false} is VALID [2022-02-20 18:10:45,712 INFO L290 TraceCheckUtils]: 14: Hoare triple {563#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {563#false} is VALID [2022-02-20 18:10:45,712 INFO L290 TraceCheckUtils]: 15: Hoare triple {563#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {563#false} is VALID [2022-02-20 18:10:45,712 INFO L290 TraceCheckUtils]: 16: Hoare triple {563#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {563#false} is VALID [2022-02-20 18:10:45,712 INFO L290 TraceCheckUtils]: 17: Hoare triple {563#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {563#false} is VALID [2022-02-20 18:10:45,713 INFO L290 TraceCheckUtils]: 18: Hoare triple {563#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {563#false} is VALID [2022-02-20 18:10:45,713 INFO L290 TraceCheckUtils]: 19: Hoare triple {563#false} assume !false; {563#false} is VALID [2022-02-20 18:10:45,713 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:45,713 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:45,713 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:45,714 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2143903206] [2022-02-20 18:10:45,714 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2143903206] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:45,714 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:45,714 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:45,714 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1508491947] [2022-02-20 18:10:45,715 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:45,716 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:45,716 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:45,716 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,738 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:45,738 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:45,738 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:45,739 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:45,739 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:45,740 INFO L87 Difference]: Start difference. First operand 65 states and 84 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,835 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,835 INFO L93 Difference]: Finished difference Result 92 states and 119 transitions. [2022-02-20 18:10:45,836 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:45,836 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:45,836 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:45,836 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,841 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 119 transitions. [2022-02-20 18:10:45,841 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,844 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 119 transitions. [2022-02-20 18:10:45,844 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 119 transitions. [2022-02-20 18:10:45,963 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:45,965 INFO L225 Difference]: With dead ends: 92 [2022-02-20 18:10:45,965 INFO L226 Difference]: Without dead ends: 56 [2022-02-20 18:10:45,966 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:45,967 INFO L933 BasicCegarLoop]: 71 mSDtfsCounter, 17 mSDsluCounter, 50 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 121 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:45,967 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 121 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:45,968 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2022-02-20 18:10:45,973 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 56. [2022-02-20 18:10:45,973 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:45,973 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:45,974 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:45,974 INFO L87 Difference]: Start difference. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:45,977 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,977 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:45,977 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:45,978 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,978 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,978 INFO L74 IsIncluded]: Start isIncluded. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:45,979 INFO L87 Difference]: Start difference. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:45,981 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,981 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:45,981 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:45,982 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,982 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,982 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:45,982 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:45,983 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:45,985 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 56 states to 56 states and 72 transitions. [2022-02-20 18:10:45,985 INFO L78 Accepts]: Start accepts. Automaton has 56 states and 72 transitions. Word has length 20 [2022-02-20 18:10:45,985 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:45,985 INFO L470 AbstractCegarLoop]: Abstraction has 56 states and 72 transitions. [2022-02-20 18:10:45,986 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:45,986 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:45,986 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:10:45,987 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:45,987 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:45,998 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Ended with exit code 0 [2022-02-20 18:10:46,195 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:46,196 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:46,196 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:46,196 INFO L85 PathProgramCache]: Analyzing trace with hash 561787742, now seen corresponding path program 1 times [2022-02-20 18:10:46,197 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:46,197 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1279290876] [2022-02-20 18:10:46,197 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:46,198 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:46,198 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:46,202 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:46,207 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-02-20 18:10:46,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:46,265 INFO L263 TraceCheckSpWp]: Trace formula consists of 145 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:10:46,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:46,278 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:46,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {949#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,383 INFO L290 TraceCheckUtils]: 1: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,384 INFO L290 TraceCheckUtils]: 2: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,384 INFO L290 TraceCheckUtils]: 3: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,385 INFO L290 TraceCheckUtils]: 4: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,385 INFO L290 TraceCheckUtils]: 5: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,386 INFO L290 TraceCheckUtils]: 6: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,387 INFO L290 TraceCheckUtils]: 7: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume !false; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,387 INFO L290 TraceCheckUtils]: 8: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,388 INFO L290 TraceCheckUtils]: 9: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,389 INFO L290 TraceCheckUtils]: 10: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~0#1); {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,392 INFO L290 TraceCheckUtils]: 11: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,392 INFO L290 TraceCheckUtils]: 12: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~0#1); {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,393 INFO L290 TraceCheckUtils]: 13: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,393 INFO L290 TraceCheckUtils]: 14: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,394 INFO L272 TraceCheckUtils]: 15: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} call timeShift(); {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,394 INFO L290 TraceCheckUtils]: 16: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {954#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,395 INFO L290 TraceCheckUtils]: 17: Hoare triple {954#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~systemActive~0); {950#false} is VALID [2022-02-20 18:10:46,395 INFO L290 TraceCheckUtils]: 18: Hoare triple {950#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {950#false} is VALID [2022-02-20 18:10:46,395 INFO L290 TraceCheckUtils]: 19: Hoare triple {950#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {950#false} is VALID [2022-02-20 18:10:46,395 INFO L290 TraceCheckUtils]: 20: Hoare triple {950#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {950#false} is VALID [2022-02-20 18:10:46,396 INFO L290 TraceCheckUtils]: 21: Hoare triple {950#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {950#false} is VALID [2022-02-20 18:10:46,396 INFO L290 TraceCheckUtils]: 22: Hoare triple {950#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {950#false} is VALID [2022-02-20 18:10:46,396 INFO L290 TraceCheckUtils]: 23: Hoare triple {950#false} assume !false; {950#false} is VALID [2022-02-20 18:10:46,396 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:46,397 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:46,397 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:46,397 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1279290876] [2022-02-20 18:10:46,397 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1279290876] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:46,398 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:46,398 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:46,398 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [903243533] [2022-02-20 18:10:46,398 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:46,399 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:46,399 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:46,399 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:46,422 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:46,422 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:46,423 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:46,423 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:46,423 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:46,424 INFO L87 Difference]: Start difference. First operand 56 states and 72 transitions. Second operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:46,565 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:46,565 INFO L93 Difference]: Finished difference Result 153 states and 202 transitions. [2022-02-20 18:10:46,566 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:46,566 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:46,566 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:46,566 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:46,572 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 202 transitions. [2022-02-20 18:10:46,572 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:46,576 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 202 transitions. [2022-02-20 18:10:46,576 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 202 transitions. [2022-02-20 18:10:46,767 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 202 edges. 202 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:46,772 INFO L225 Difference]: With dead ends: 153 [2022-02-20 18:10:46,772 INFO L226 Difference]: Without dead ends: 104 [2022-02-20 18:10:46,773 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 23 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:46,774 INFO L933 BasicCegarLoop]: 86 mSDtfsCounter, 52 mSDsluCounter, 62 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 52 SdHoareTripleChecker+Valid, 148 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:46,774 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [52 Valid, 148 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:46,775 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 104 states. [2022-02-20 18:10:46,784 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 104 to 99. [2022-02-20 18:10:46,784 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:46,785 INFO L82 GeneralOperation]: Start isEquivalent. First operand 104 states. Second operand has 99 states, 80 states have (on average 1.375) internal successors, (110), 89 states have internal predecessors, (110), 10 states have call successors, (10), 8 states have call predecessors, (10), 8 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:46,785 INFO L74 IsIncluded]: Start isIncluded. First operand 104 states. Second operand has 99 states, 80 states have (on average 1.375) internal successors, (110), 89 states have internal predecessors, (110), 10 states have call successors, (10), 8 states have call predecessors, (10), 8 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:46,786 INFO L87 Difference]: Start difference. First operand 104 states. Second operand has 99 states, 80 states have (on average 1.375) internal successors, (110), 89 states have internal predecessors, (110), 10 states have call successors, (10), 8 states have call predecessors, (10), 8 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:46,790 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:46,790 INFO L93 Difference]: Finished difference Result 104 states and 135 transitions. [2022-02-20 18:10:46,790 INFO L276 IsEmpty]: Start isEmpty. Operand 104 states and 135 transitions. [2022-02-20 18:10:46,791 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:46,791 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:46,791 INFO L74 IsIncluded]: Start isIncluded. First operand has 99 states, 80 states have (on average 1.375) internal successors, (110), 89 states have internal predecessors, (110), 10 states have call successors, (10), 8 states have call predecessors, (10), 8 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 104 states. [2022-02-20 18:10:46,792 INFO L87 Difference]: Start difference. First operand has 99 states, 80 states have (on average 1.375) internal successors, (110), 89 states have internal predecessors, (110), 10 states have call successors, (10), 8 states have call predecessors, (10), 8 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 104 states. [2022-02-20 18:10:46,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:46,796 INFO L93 Difference]: Finished difference Result 104 states and 135 transitions. [2022-02-20 18:10:46,796 INFO L276 IsEmpty]: Start isEmpty. Operand 104 states and 135 transitions. [2022-02-20 18:10:46,797 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:46,797 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:46,797 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:46,797 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:46,798 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 99 states, 80 states have (on average 1.375) internal successors, (110), 89 states have internal predecessors, (110), 10 states have call successors, (10), 8 states have call predecessors, (10), 8 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:46,801 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 99 states to 99 states and 130 transitions. [2022-02-20 18:10:46,801 INFO L78 Accepts]: Start accepts. Automaton has 99 states and 130 transitions. Word has length 24 [2022-02-20 18:10:46,801 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:46,802 INFO L470 AbstractCegarLoop]: Abstraction has 99 states and 130 transitions. [2022-02-20 18:10:46,802 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:46,802 INFO L276 IsEmpty]: Start isEmpty. Operand 99 states and 130 transitions. [2022-02-20 18:10:46,803 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:10:46,803 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:46,803 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:46,814 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:47,011 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,012 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:47,013 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:47,013 INFO L85 PathProgramCache]: Analyzing trace with hash 2000985071, now seen corresponding path program 1 times [2022-02-20 18:10:47,013 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:47,013 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1011772441] [2022-02-20 18:10:47,014 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:47,014 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,014 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:47,015 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:47,016 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-02-20 18:10:47,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:47,063 INFO L263 TraceCheckSpWp]: Trace formula consists of 152 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:47,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:47,073 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:47,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {1588#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,160 INFO L290 TraceCheckUtils]: 1: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,160 INFO L290 TraceCheckUtils]: 2: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,161 INFO L290 TraceCheckUtils]: 3: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,161 INFO L290 TraceCheckUtils]: 4: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,161 INFO L290 TraceCheckUtils]: 5: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,162 INFO L290 TraceCheckUtils]: 6: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,162 INFO L290 TraceCheckUtils]: 7: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume !false; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,163 INFO L290 TraceCheckUtils]: 8: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,164 INFO L290 TraceCheckUtils]: 9: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,165 INFO L290 TraceCheckUtils]: 10: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp~0#1); {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,166 INFO L290 TraceCheckUtils]: 11: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,166 INFO L290 TraceCheckUtils]: 12: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp___0~0#1); {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,166 INFO L290 TraceCheckUtils]: 13: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,167 INFO L290 TraceCheckUtils]: 14: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___2~0#1; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,168 INFO L272 TraceCheckUtils]: 15: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} call timeShift(); {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,168 INFO L290 TraceCheckUtils]: 16: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,169 INFO L290 TraceCheckUtils]: 17: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {1593#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:47,169 INFO L290 TraceCheckUtils]: 18: Hoare triple {1593#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 == ~pumpRunning~0); {1589#false} is VALID [2022-02-20 18:10:47,171 INFO L272 TraceCheckUtils]: 19: Hoare triple {1589#false} call processEnvironment__wrappee__base(); {1589#false} is VALID [2022-02-20 18:10:47,172 INFO L290 TraceCheckUtils]: 20: Hoare triple {1589#false} assume true; {1589#false} is VALID [2022-02-20 18:10:47,172 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {1589#false} {1589#false} #212#return; {1589#false} is VALID [2022-02-20 18:10:47,172 INFO L290 TraceCheckUtils]: 22: Hoare triple {1589#false} assume { :end_inline_processEnvironment } true; {1589#false} is VALID [2022-02-20 18:10:47,172 INFO L290 TraceCheckUtils]: 23: Hoare triple {1589#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {1589#false} is VALID [2022-02-20 18:10:47,172 INFO L290 TraceCheckUtils]: 24: Hoare triple {1589#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {1589#false} is VALID [2022-02-20 18:10:47,173 INFO L290 TraceCheckUtils]: 25: Hoare triple {1589#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1589#false} is VALID [2022-02-20 18:10:47,173 INFO L290 TraceCheckUtils]: 26: Hoare triple {1589#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {1589#false} is VALID [2022-02-20 18:10:47,173 INFO L290 TraceCheckUtils]: 27: Hoare triple {1589#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {1589#false} is VALID [2022-02-20 18:10:47,173 INFO L290 TraceCheckUtils]: 28: Hoare triple {1589#false} assume !false; {1589#false} is VALID [2022-02-20 18:10:47,174 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:47,174 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:47,174 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:47,174 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1011772441] [2022-02-20 18:10:47,175 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1011772441] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:47,176 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:47,176 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:47,177 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1513144179] [2022-02-20 18:10:47,177 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:47,178 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:47,178 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:47,178 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,207 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:47,208 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:47,208 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:47,209 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:47,209 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:47,209 INFO L87 Difference]: Start difference. First operand 99 states and 130 transitions. Second operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,343 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,344 INFO L93 Difference]: Finished difference Result 258 states and 347 transitions. [2022-02-20 18:10:47,344 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:47,344 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:47,345 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:47,345 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,349 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 186 transitions. [2022-02-20 18:10:47,350 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,354 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 186 transitions. [2022-02-20 18:10:47,355 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 186 transitions. [2022-02-20 18:10:47,510 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 186 edges. 186 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:47,518 INFO L225 Difference]: With dead ends: 258 [2022-02-20 18:10:47,518 INFO L226 Difference]: Without dead ends: 166 [2022-02-20 18:10:47,523 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:47,528 INFO L933 BasicCegarLoop]: 73 mSDtfsCounter, 45 mSDsluCounter, 45 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 118 SdHoareTripleChecker+Invalid, 14 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:47,528 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 118 Invalid, 14 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:47,531 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 166 states. [2022-02-20 18:10:47,554 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 166 to 164. [2022-02-20 18:10:47,554 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:47,555 INFO L82 GeneralOperation]: Start isEquivalent. First operand 166 states. Second operand has 164 states, 131 states have (on average 1.3587786259541985) internal successors, (178), 142 states have internal predecessors, (178), 16 states have call successors, (16), 16 states have call predecessors, (16), 16 states have return successors, (20), 16 states have call predecessors, (20), 16 states have call successors, (20) [2022-02-20 18:10:47,556 INFO L74 IsIncluded]: Start isIncluded. First operand 166 states. Second operand has 164 states, 131 states have (on average 1.3587786259541985) internal successors, (178), 142 states have internal predecessors, (178), 16 states have call successors, (16), 16 states have call predecessors, (16), 16 states have return successors, (20), 16 states have call predecessors, (20), 16 states have call successors, (20) [2022-02-20 18:10:47,557 INFO L87 Difference]: Start difference. First operand 166 states. Second operand has 164 states, 131 states have (on average 1.3587786259541985) internal successors, (178), 142 states have internal predecessors, (178), 16 states have call successors, (16), 16 states have call predecessors, (16), 16 states have return successors, (20), 16 states have call predecessors, (20), 16 states have call successors, (20) [2022-02-20 18:10:47,566 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,566 INFO L93 Difference]: Finished difference Result 166 states and 215 transitions. [2022-02-20 18:10:47,566 INFO L276 IsEmpty]: Start isEmpty. Operand 166 states and 215 transitions. [2022-02-20 18:10:47,567 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:47,567 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:47,567 INFO L74 IsIncluded]: Start isIncluded. First operand has 164 states, 131 states have (on average 1.3587786259541985) internal successors, (178), 142 states have internal predecessors, (178), 16 states have call successors, (16), 16 states have call predecessors, (16), 16 states have return successors, (20), 16 states have call predecessors, (20), 16 states have call successors, (20) Second operand 166 states. [2022-02-20 18:10:47,568 INFO L87 Difference]: Start difference. First operand has 164 states, 131 states have (on average 1.3587786259541985) internal successors, (178), 142 states have internal predecessors, (178), 16 states have call successors, (16), 16 states have call predecessors, (16), 16 states have return successors, (20), 16 states have call predecessors, (20), 16 states have call successors, (20) Second operand 166 states. [2022-02-20 18:10:47,574 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,574 INFO L93 Difference]: Finished difference Result 166 states and 215 transitions. [2022-02-20 18:10:47,574 INFO L276 IsEmpty]: Start isEmpty. Operand 166 states and 215 transitions. [2022-02-20 18:10:47,575 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:47,575 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:47,575 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:47,575 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:47,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 164 states, 131 states have (on average 1.3587786259541985) internal successors, (178), 142 states have internal predecessors, (178), 16 states have call successors, (16), 16 states have call predecessors, (16), 16 states have return successors, (20), 16 states have call predecessors, (20), 16 states have call successors, (20) [2022-02-20 18:10:47,582 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 164 states to 164 states and 214 transitions. [2022-02-20 18:10:47,583 INFO L78 Accepts]: Start accepts. Automaton has 164 states and 214 transitions. Word has length 29 [2022-02-20 18:10:47,583 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:47,583 INFO L470 AbstractCegarLoop]: Abstraction has 164 states and 214 transitions. [2022-02-20 18:10:47,584 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,584 INFO L276 IsEmpty]: Start isEmpty. Operand 164 states and 214 transitions. [2022-02-20 18:10:47,584 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-02-20 18:10:47,584 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:47,585 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:47,593 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:47,793 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,793 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:47,793 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:47,794 INFO L85 PathProgramCache]: Analyzing trace with hash -1499921389, now seen corresponding path program 1 times [2022-02-20 18:10:47,794 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:47,794 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1306130917] [2022-02-20 18:10:47,794 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:47,794 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,795 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:47,795 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:47,796 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-02-20 18:10:47,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:47,851 INFO L263 TraceCheckSpWp]: Trace formula consists of 150 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:10:47,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:47,862 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:48,000 INFO L290 TraceCheckUtils]: 0: Hoare triple {2601#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,002 INFO L290 TraceCheckUtils]: 3: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,002 INFO L290 TraceCheckUtils]: 4: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,003 INFO L290 TraceCheckUtils]: 5: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,004 INFO L290 TraceCheckUtils]: 6: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,004 INFO L290 TraceCheckUtils]: 7: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume !false; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,005 INFO L290 TraceCheckUtils]: 8: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,005 INFO L290 TraceCheckUtils]: 9: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,006 INFO L290 TraceCheckUtils]: 10: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~0#1); {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,006 INFO L290 TraceCheckUtils]: 11: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,009 INFO L290 TraceCheckUtils]: 12: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~0#1); {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,009 INFO L290 TraceCheckUtils]: 13: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,010 INFO L290 TraceCheckUtils]: 14: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,011 INFO L290 TraceCheckUtils]: 15: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,011 INFO L290 TraceCheckUtils]: 16: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,012 INFO L290 TraceCheckUtils]: 17: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} ~systemActive~0 := 0bv32; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,012 INFO L290 TraceCheckUtils]: 18: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_stopSystem } true; {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,014 INFO L272 TraceCheckUtils]: 19: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} call timeShift(); {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,014 INFO L290 TraceCheckUtils]: 20: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,023 INFO L290 TraceCheckUtils]: 21: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~systemActive~0); {2606#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,024 INFO L290 TraceCheckUtils]: 22: Hoare triple {2606#(= ~waterLevel~0 (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {2673#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:48,024 INFO L290 TraceCheckUtils]: 23: Hoare triple {2673#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {2677#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv1 32))} is VALID [2022-02-20 18:10:48,025 INFO L290 TraceCheckUtils]: 24: Hoare triple {2677#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv1 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {2602#false} is VALID [2022-02-20 18:10:48,025 INFO L290 TraceCheckUtils]: 25: Hoare triple {2602#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {2602#false} is VALID [2022-02-20 18:10:48,026 INFO L290 TraceCheckUtils]: 26: Hoare triple {2602#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {2602#false} is VALID [2022-02-20 18:10:48,026 INFO L290 TraceCheckUtils]: 27: Hoare triple {2602#false} assume !false; {2602#false} is VALID [2022-02-20 18:10:48,026 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:48,026 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:48,026 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:48,027 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1306130917] [2022-02-20 18:10:48,027 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1306130917] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:48,027 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:48,027 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:48,027 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1601317784] [2022-02-20 18:10:48,027 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:48,028 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 28 [2022-02-20 18:10:48,028 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:48,028 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:48,056 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:48,056 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:48,056 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:48,057 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:48,057 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:48,057 INFO L87 Difference]: Start difference. First operand 164 states and 214 transitions. Second operand has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:48,307 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:48,307 INFO L93 Difference]: Finished difference Result 448 states and 612 transitions. [2022-02-20 18:10:48,307 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:48,307 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 28 [2022-02-20 18:10:48,308 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:48,308 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:48,310 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 196 transitions. [2022-02-20 18:10:48,311 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:48,313 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 196 transitions. [2022-02-20 18:10:48,313 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 196 transitions. [2022-02-20 18:10:48,462 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 196 edges. 196 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:48,470 INFO L225 Difference]: With dead ends: 448 [2022-02-20 18:10:48,471 INFO L226 Difference]: Without dead ends: 291 [2022-02-20 18:10:48,471 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 24 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:48,472 INFO L933 BasicCegarLoop]: 70 mSDtfsCounter, 40 mSDsluCounter, 200 mSDsCounter, 0 mSdLazyCounter, 25 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 40 SdHoareTripleChecker+Valid, 270 SdHoareTripleChecker+Invalid, 29 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 25 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:48,472 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [40 Valid, 270 Invalid, 29 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 25 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:48,473 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 291 states. [2022-02-20 18:10:48,495 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 291 to 291. [2022-02-20 18:10:48,495 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:48,496 INFO L82 GeneralOperation]: Start isEquivalent. First operand 291 states. Second operand has 291 states, 234 states have (on average 1.3205128205128205) internal successors, (309), 249 states have internal predecessors, (309), 30 states have call successors, (30), 30 states have call predecessors, (30), 26 states have return successors, (42), 26 states have call predecessors, (42), 30 states have call successors, (42) [2022-02-20 18:10:48,497 INFO L74 IsIncluded]: Start isIncluded. First operand 291 states. Second operand has 291 states, 234 states have (on average 1.3205128205128205) internal successors, (309), 249 states have internal predecessors, (309), 30 states have call successors, (30), 30 states have call predecessors, (30), 26 states have return successors, (42), 26 states have call predecessors, (42), 30 states have call successors, (42) [2022-02-20 18:10:48,502 INFO L87 Difference]: Start difference. First operand 291 states. Second operand has 291 states, 234 states have (on average 1.3205128205128205) internal successors, (309), 249 states have internal predecessors, (309), 30 states have call successors, (30), 30 states have call predecessors, (30), 26 states have return successors, (42), 26 states have call predecessors, (42), 30 states have call successors, (42) [2022-02-20 18:10:48,512 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:48,513 INFO L93 Difference]: Finished difference Result 291 states and 381 transitions. [2022-02-20 18:10:48,513 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 381 transitions. [2022-02-20 18:10:48,514 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:48,514 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:48,515 INFO L74 IsIncluded]: Start isIncluded. First operand has 291 states, 234 states have (on average 1.3205128205128205) internal successors, (309), 249 states have internal predecessors, (309), 30 states have call successors, (30), 30 states have call predecessors, (30), 26 states have return successors, (42), 26 states have call predecessors, (42), 30 states have call successors, (42) Second operand 291 states. [2022-02-20 18:10:48,517 INFO L87 Difference]: Start difference. First operand has 291 states, 234 states have (on average 1.3205128205128205) internal successors, (309), 249 states have internal predecessors, (309), 30 states have call successors, (30), 30 states have call predecessors, (30), 26 states have return successors, (42), 26 states have call predecessors, (42), 30 states have call successors, (42) Second operand 291 states. [2022-02-20 18:10:48,527 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:48,527 INFO L93 Difference]: Finished difference Result 291 states and 381 transitions. [2022-02-20 18:10:48,527 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 381 transitions. [2022-02-20 18:10:48,528 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:48,528 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:48,529 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:48,529 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:48,530 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 291 states, 234 states have (on average 1.3205128205128205) internal successors, (309), 249 states have internal predecessors, (309), 30 states have call successors, (30), 30 states have call predecessors, (30), 26 states have return successors, (42), 26 states have call predecessors, (42), 30 states have call successors, (42) [2022-02-20 18:10:48,540 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 291 states to 291 states and 381 transitions. [2022-02-20 18:10:48,541 INFO L78 Accepts]: Start accepts. Automaton has 291 states and 381 transitions. Word has length 28 [2022-02-20 18:10:48,541 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:48,541 INFO L470 AbstractCegarLoop]: Abstraction has 291 states and 381 transitions. [2022-02-20 18:10:48,541 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:48,541 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 381 transitions. [2022-02-20 18:10:48,542 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:10:48,542 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:48,542 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:48,552 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:48,751 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:48,751 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:48,752 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:48,752 INFO L85 PathProgramCache]: Analyzing trace with hash -1927098759, now seen corresponding path program 1 times [2022-02-20 18:10:48,752 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:48,752 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1124700404] [2022-02-20 18:10:48,752 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:48,752 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:48,752 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:48,753 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:48,754 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Waiting until timeout for monitored process [2022-02-20 18:10:48,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:48,802 INFO L263 TraceCheckSpWp]: Trace formula consists of 157 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:10:48,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:48,812 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:49,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {4312#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,017 INFO L290 TraceCheckUtils]: 3: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,017 INFO L290 TraceCheckUtils]: 4: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,018 INFO L290 TraceCheckUtils]: 5: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,018 INFO L290 TraceCheckUtils]: 6: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,018 INFO L290 TraceCheckUtils]: 7: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume !false; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,020 INFO L290 TraceCheckUtils]: 8: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,021 INFO L290 TraceCheckUtils]: 9: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,021 INFO L290 TraceCheckUtils]: 10: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~0#1; {4317#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:49,021 INFO L272 TraceCheckUtils]: 11: Hoare triple {4317#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {4351#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:49,022 INFO L290 TraceCheckUtils]: 12: Hoare triple {4351#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {4355#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:49,032 INFO L290 TraceCheckUtils]: 13: Hoare triple {4355#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} assume true; {4355#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:49,032 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {4355#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} {4317#(= ~waterLevel~0 (_ bv1 32))} #214#return; {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,033 INFO L290 TraceCheckUtils]: 15: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,033 INFO L290 TraceCheckUtils]: 16: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~0#1); {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,033 INFO L290 TraceCheckUtils]: 17: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,034 INFO L290 TraceCheckUtils]: 18: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,034 INFO L290 TraceCheckUtils]: 19: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,035 INFO L290 TraceCheckUtils]: 20: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,035 INFO L290 TraceCheckUtils]: 21: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} ~systemActive~0 := 0bv32; {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,035 INFO L290 TraceCheckUtils]: 22: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :end_inline_stopSystem } true; {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,036 INFO L272 TraceCheckUtils]: 23: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,036 INFO L290 TraceCheckUtils]: 24: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,036 INFO L290 TraceCheckUtils]: 25: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != ~systemActive~0); {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:49,037 INFO L290 TraceCheckUtils]: 26: Hoare triple {4362#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {4399#(= |timeShift_getWaterLevel_#res#1| (_ bv2 32))} is VALID [2022-02-20 18:10:49,037 INFO L290 TraceCheckUtils]: 27: Hoare triple {4399#(= |timeShift_getWaterLevel_#res#1| (_ bv2 32))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {4403#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv2 32))} is VALID [2022-02-20 18:10:49,037 INFO L290 TraceCheckUtils]: 28: Hoare triple {4403#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv2 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {4313#false} is VALID [2022-02-20 18:10:49,038 INFO L290 TraceCheckUtils]: 29: Hoare triple {4313#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {4313#false} is VALID [2022-02-20 18:10:49,038 INFO L290 TraceCheckUtils]: 30: Hoare triple {4313#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {4313#false} is VALID [2022-02-20 18:10:49,038 INFO L290 TraceCheckUtils]: 31: Hoare triple {4313#false} assume !false; {4313#false} is VALID [2022-02-20 18:10:49,038 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:49,038 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:49,038 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:49,038 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1124700404] [2022-02-20 18:10:49,039 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1124700404] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:49,039 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:49,039 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:49,039 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1911404067] [2022-02-20 18:10:49,039 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:49,040 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.625) internal successors, (29), 6 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:10:49,040 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:49,040 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 3.625) internal successors, (29), 6 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:49,083 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:49,083 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:10:49,083 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:49,084 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:10:49,084 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:49,084 INFO L87 Difference]: Start difference. First operand 291 states and 381 transitions. Second operand has 8 states, 8 states have (on average 3.625) internal successors, (29), 6 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:50,172 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:50,173 INFO L93 Difference]: Finished difference Result 864 states and 1161 transitions. [2022-02-20 18:10:50,173 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:50,173 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.625) internal successors, (29), 6 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:10:50,174 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:50,174 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.625) internal successors, (29), 6 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:50,178 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 324 transitions. [2022-02-20 18:10:50,179 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.625) internal successors, (29), 6 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:50,183 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 324 transitions. [2022-02-20 18:10:50,183 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 324 transitions. [2022-02-20 18:10:50,459 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 324 edges. 324 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:50,495 INFO L225 Difference]: With dead ends: 864 [2022-02-20 18:10:50,495 INFO L226 Difference]: Without dead ends: 707 [2022-02-20 18:10:50,496 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 36 GetRequests, 24 SyntacticMatches, 1 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=39, Invalid=117, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:10:50,497 INFO L933 BasicCegarLoop]: 131 mSDtfsCounter, 198 mSDsluCounter, 544 mSDsCounter, 0 mSdLazyCounter, 232 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 204 SdHoareTripleChecker+Valid, 675 SdHoareTripleChecker+Invalid, 261 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 232 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:50,497 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [204 Valid, 675 Invalid, 261 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 232 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:10:50,498 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 707 states. [2022-02-20 18:10:50,535 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 707 to 683. [2022-02-20 18:10:50,535 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:50,537 INFO L82 GeneralOperation]: Start isEquivalent. First operand 707 states. Second operand has 683 states, 556 states have (on average 1.3075539568345325) internal successors, (727), 599 states have internal predecessors, (727), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:50,539 INFO L74 IsIncluded]: Start isIncluded. First operand 707 states. Second operand has 683 states, 556 states have (on average 1.3075539568345325) internal successors, (727), 599 states have internal predecessors, (727), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:50,540 INFO L87 Difference]: Start difference. First operand 707 states. Second operand has 683 states, 556 states have (on average 1.3075539568345325) internal successors, (727), 599 states have internal predecessors, (727), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:50,572 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:50,572 INFO L93 Difference]: Finished difference Result 707 states and 908 transitions. [2022-02-20 18:10:50,572 INFO L276 IsEmpty]: Start isEmpty. Operand 707 states and 908 transitions. [2022-02-20 18:10:50,574 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:50,575 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:50,577 INFO L74 IsIncluded]: Start isIncluded. First operand has 683 states, 556 states have (on average 1.3075539568345325) internal successors, (727), 599 states have internal predecessors, (727), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) Second operand 707 states. [2022-02-20 18:10:50,578 INFO L87 Difference]: Start difference. First operand has 683 states, 556 states have (on average 1.3075539568345325) internal successors, (727), 599 states have internal predecessors, (727), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) Second operand 707 states. [2022-02-20 18:10:50,607 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:50,607 INFO L93 Difference]: Finished difference Result 707 states and 908 transitions. [2022-02-20 18:10:50,607 INFO L276 IsEmpty]: Start isEmpty. Operand 707 states and 908 transitions. [2022-02-20 18:10:50,609 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:50,609 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:50,609 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:50,610 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:50,611 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 683 states, 556 states have (on average 1.3075539568345325) internal successors, (727), 599 states have internal predecessors, (727), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:50,645 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 683 states to 683 states and 883 transitions. [2022-02-20 18:10:50,646 INFO L78 Accepts]: Start accepts. Automaton has 683 states and 883 transitions. Word has length 32 [2022-02-20 18:10:50,646 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:50,646 INFO L470 AbstractCegarLoop]: Abstraction has 683 states and 883 transitions. [2022-02-20 18:10:50,647 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 3.625) internal successors, (29), 6 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:50,647 INFO L276 IsEmpty]: Start isEmpty. Operand 683 states and 883 transitions. [2022-02-20 18:10:50,648 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-02-20 18:10:50,648 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:50,649 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:50,658 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:50,857 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:50,858 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:50,858 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:50,858 INFO L85 PathProgramCache]: Analyzing trace with hash 1940053207, now seen corresponding path program 1 times [2022-02-20 18:10:50,859 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:50,859 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [233766503] [2022-02-20 18:10:50,859 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:50,859 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:50,859 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:50,860 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:50,862 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-02-20 18:10:50,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:50,916 INFO L263 TraceCheckSpWp]: Trace formula consists of 191 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:50,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:50,937 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:51,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {8008#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {8008#true} is VALID [2022-02-20 18:10:51,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {8008#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {8008#true} is VALID [2022-02-20 18:10:51,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {8008#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8008#true} is VALID [2022-02-20 18:10:51,084 INFO L290 TraceCheckUtils]: 3: Hoare triple {8008#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {8008#true} is VALID [2022-02-20 18:10:51,085 INFO L290 TraceCheckUtils]: 4: Hoare triple {8008#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {8008#true} is VALID [2022-02-20 18:10:51,085 INFO L290 TraceCheckUtils]: 5: Hoare triple {8008#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {8008#true} is VALID [2022-02-20 18:10:51,085 INFO L290 TraceCheckUtils]: 6: Hoare triple {8008#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {8008#true} is VALID [2022-02-20 18:10:51,085 INFO L290 TraceCheckUtils]: 7: Hoare triple {8008#true} assume !false; {8008#true} is VALID [2022-02-20 18:10:51,085 INFO L290 TraceCheckUtils]: 8: Hoare triple {8008#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {8008#true} is VALID [2022-02-20 18:10:51,085 INFO L290 TraceCheckUtils]: 9: Hoare triple {8008#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {8008#true} is VALID [2022-02-20 18:10:51,086 INFO L290 TraceCheckUtils]: 10: Hoare triple {8008#true} assume !(0bv32 != test_~tmp~0#1); {8008#true} is VALID [2022-02-20 18:10:51,086 INFO L290 TraceCheckUtils]: 11: Hoare triple {8008#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {8008#true} is VALID [2022-02-20 18:10:51,086 INFO L290 TraceCheckUtils]: 12: Hoare triple {8008#true} assume !(0bv32 != test_~tmp___0~0#1); {8008#true} is VALID [2022-02-20 18:10:51,086 INFO L290 TraceCheckUtils]: 13: Hoare triple {8008#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {8008#true} is VALID [2022-02-20 18:10:51,086 INFO L290 TraceCheckUtils]: 14: Hoare triple {8008#true} assume 0bv32 != test_~tmp___2~0#1; {8008#true} is VALID [2022-02-20 18:10:51,100 INFO L272 TraceCheckUtils]: 15: Hoare triple {8008#true} call timeShift(); {8008#true} is VALID [2022-02-20 18:10:51,100 INFO L290 TraceCheckUtils]: 16: Hoare triple {8008#true} assume !(0bv32 != ~pumpRunning~0); {8008#true} is VALID [2022-02-20 18:10:51,100 INFO L290 TraceCheckUtils]: 17: Hoare triple {8008#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {8008#true} is VALID [2022-02-20 18:10:51,100 INFO L290 TraceCheckUtils]: 18: Hoare triple {8008#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {8008#true} is VALID [2022-02-20 18:10:51,101 INFO L290 TraceCheckUtils]: 19: Hoare triple {8008#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {8070#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} is VALID [2022-02-20 18:10:51,102 INFO L290 TraceCheckUtils]: 20: Hoare triple {8070#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {8074#(= |timeShift_isHighWaterLevel_~tmp~3#1| (_ bv1 32))} is VALID [2022-02-20 18:10:51,102 INFO L290 TraceCheckUtils]: 21: Hoare triple {8074#(= |timeShift_isHighWaterLevel_~tmp~3#1| (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {8009#false} is VALID [2022-02-20 18:10:51,102 INFO L290 TraceCheckUtils]: 22: Hoare triple {8009#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {8009#false} is VALID [2022-02-20 18:10:51,103 INFO L290 TraceCheckUtils]: 23: Hoare triple {8009#false} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {8009#false} is VALID [2022-02-20 18:10:51,103 INFO L290 TraceCheckUtils]: 24: Hoare triple {8009#false} assume 0bv32 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {8009#false} is VALID [2022-02-20 18:10:51,103 INFO L290 TraceCheckUtils]: 25: Hoare triple {8009#false} assume { :end_inline_activatePump } true; {8009#false} is VALID [2022-02-20 18:10:51,103 INFO L290 TraceCheckUtils]: 26: Hoare triple {8009#false} assume { :end_inline_processEnvironment } true; {8009#false} is VALID [2022-02-20 18:10:51,103 INFO L290 TraceCheckUtils]: 27: Hoare triple {8009#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {8009#false} is VALID [2022-02-20 18:10:51,103 INFO L290 TraceCheckUtils]: 28: Hoare triple {8009#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {8009#false} is VALID [2022-02-20 18:10:51,104 INFO L290 TraceCheckUtils]: 29: Hoare triple {8009#false} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1); {8009#false} is VALID [2022-02-20 18:10:51,104 INFO L290 TraceCheckUtils]: 30: Hoare triple {8009#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {8009#false} is VALID [2022-02-20 18:10:51,104 INFO L290 TraceCheckUtils]: 31: Hoare triple {8009#false} assume true; {8009#false} is VALID [2022-02-20 18:10:51,104 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {8009#false} {8008#true} #218#return; {8009#false} is VALID [2022-02-20 18:10:51,104 INFO L290 TraceCheckUtils]: 33: Hoare triple {8009#false} assume !false; {8009#false} is VALID [2022-02-20 18:10:51,105 INFO L290 TraceCheckUtils]: 34: Hoare triple {8009#false} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {8009#false} is VALID [2022-02-20 18:10:51,105 INFO L290 TraceCheckUtils]: 35: Hoare triple {8009#false} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {8009#false} is VALID [2022-02-20 18:10:51,105 INFO L290 TraceCheckUtils]: 36: Hoare triple {8009#false} assume !(0bv32 != test_~tmp~0#1); {8009#false} is VALID [2022-02-20 18:10:51,105 INFO L290 TraceCheckUtils]: 37: Hoare triple {8009#false} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {8009#false} is VALID [2022-02-20 18:10:51,105 INFO L290 TraceCheckUtils]: 38: Hoare triple {8009#false} assume !(0bv32 != test_~tmp___0~0#1); {8009#false} is VALID [2022-02-20 18:10:51,105 INFO L290 TraceCheckUtils]: 39: Hoare triple {8009#false} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {8009#false} is VALID [2022-02-20 18:10:51,106 INFO L290 TraceCheckUtils]: 40: Hoare triple {8009#false} assume 0bv32 != test_~tmp___2~0#1; {8009#false} is VALID [2022-02-20 18:10:51,106 INFO L272 TraceCheckUtils]: 41: Hoare triple {8009#false} call timeShift(); {8009#false} is VALID [2022-02-20 18:10:51,106 INFO L290 TraceCheckUtils]: 42: Hoare triple {8009#false} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {8009#false} is VALID [2022-02-20 18:10:51,106 INFO L290 TraceCheckUtils]: 43: Hoare triple {8009#false} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {8009#false} is VALID [2022-02-20 18:10:51,106 INFO L290 TraceCheckUtils]: 44: Hoare triple {8009#false} assume { :end_inline_lowerWaterLevel } true; {8009#false} is VALID [2022-02-20 18:10:51,107 INFO L290 TraceCheckUtils]: 45: Hoare triple {8009#false} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {8009#false} is VALID [2022-02-20 18:10:51,107 INFO L290 TraceCheckUtils]: 46: Hoare triple {8009#false} assume !(0bv32 == ~pumpRunning~0); {8009#false} is VALID [2022-02-20 18:10:51,107 INFO L272 TraceCheckUtils]: 47: Hoare triple {8009#false} call processEnvironment__wrappee__base(); {8009#false} is VALID [2022-02-20 18:10:51,107 INFO L290 TraceCheckUtils]: 48: Hoare triple {8009#false} assume true; {8009#false} is VALID [2022-02-20 18:10:51,107 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {8009#false} {8009#false} #212#return; {8009#false} is VALID [2022-02-20 18:10:51,107 INFO L290 TraceCheckUtils]: 50: Hoare triple {8009#false} assume { :end_inline_processEnvironment } true; {8009#false} is VALID [2022-02-20 18:10:51,108 INFO L290 TraceCheckUtils]: 51: Hoare triple {8009#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {8009#false} is VALID [2022-02-20 18:10:51,108 INFO L290 TraceCheckUtils]: 52: Hoare triple {8009#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {8009#false} is VALID [2022-02-20 18:10:51,108 INFO L290 TraceCheckUtils]: 53: Hoare triple {8009#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {8009#false} is VALID [2022-02-20 18:10:51,108 INFO L290 TraceCheckUtils]: 54: Hoare triple {8009#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {8009#false} is VALID [2022-02-20 18:10:51,108 INFO L290 TraceCheckUtils]: 55: Hoare triple {8009#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {8009#false} is VALID [2022-02-20 18:10:51,109 INFO L290 TraceCheckUtils]: 56: Hoare triple {8009#false} assume !false; {8009#false} is VALID [2022-02-20 18:10:51,109 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:51,109 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:51,109 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:51,110 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [233766503] [2022-02-20 18:10:51,110 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [233766503] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:51,110 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:51,110 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:51,110 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1109519961] [2022-02-20 18:10:51,110 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:51,111 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 12.25) internal successors, (49), 4 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:51,111 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:51,111 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 12.25) internal successors, (49), 4 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:51,150 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 54 edges. 54 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:51,151 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:10:51,151 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:51,151 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:10:51,152 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:10:51,152 INFO L87 Difference]: Start difference. First operand 683 states and 883 transitions. Second operand has 4 states, 4 states have (on average 12.25) internal successors, (49), 4 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:51,475 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:51,475 INFO L93 Difference]: Finished difference Result 1493 states and 1980 transitions. [2022-02-20 18:10:51,475 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:10:51,476 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 12.25) internal successors, (49), 4 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:51,476 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:51,476 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 12.25) internal successors, (49), 4 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:51,478 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 160 transitions. [2022-02-20 18:10:51,478 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 12.25) internal successors, (49), 4 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:51,480 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 160 transitions. [2022-02-20 18:10:51,480 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 160 transitions. [2022-02-20 18:10:51,579 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 160 edges. 160 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:51,628 INFO L225 Difference]: With dead ends: 1493 [2022-02-20 18:10:51,628 INFO L226 Difference]: Without dead ends: 817 [2022-02-20 18:10:51,630 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 54 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:51,631 INFO L933 BasicCegarLoop]: 82 mSDtfsCounter, 35 mSDsluCounter, 138 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 35 SdHoareTripleChecker+Valid, 220 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:51,631 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [35 Valid, 220 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:51,632 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 817 states. [2022-02-20 18:10:51,664 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 817 to 691. [2022-02-20 18:10:51,664 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:51,666 INFO L82 GeneralOperation]: Start isEquivalent. First operand 817 states. Second operand has 691 states, 564 states have (on average 1.2925531914893618) internal successors, (729), 607 states have internal predecessors, (729), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:51,667 INFO L74 IsIncluded]: Start isIncluded. First operand 817 states. Second operand has 691 states, 564 states have (on average 1.2925531914893618) internal successors, (729), 607 states have internal predecessors, (729), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:51,669 INFO L87 Difference]: Start difference. First operand 817 states. Second operand has 691 states, 564 states have (on average 1.2925531914893618) internal successors, (729), 607 states have internal predecessors, (729), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:51,711 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:51,711 INFO L93 Difference]: Finished difference Result 817 states and 1054 transitions. [2022-02-20 18:10:51,711 INFO L276 IsEmpty]: Start isEmpty. Operand 817 states and 1054 transitions. [2022-02-20 18:10:51,713 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:51,713 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:51,715 INFO L74 IsIncluded]: Start isIncluded. First operand has 691 states, 564 states have (on average 1.2925531914893618) internal successors, (729), 607 states have internal predecessors, (729), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) Second operand 817 states. [2022-02-20 18:10:51,717 INFO L87 Difference]: Start difference. First operand has 691 states, 564 states have (on average 1.2925531914893618) internal successors, (729), 607 states have internal predecessors, (729), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) Second operand 817 states. [2022-02-20 18:10:51,753 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:51,754 INFO L93 Difference]: Finished difference Result 817 states and 1054 transitions. [2022-02-20 18:10:51,754 INFO L276 IsEmpty]: Start isEmpty. Operand 817 states and 1054 transitions. [2022-02-20 18:10:51,756 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:51,756 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:51,756 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:51,757 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:51,758 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 691 states, 564 states have (on average 1.2925531914893618) internal successors, (729), 607 states have internal predecessors, (729), 62 states have call successors, (62), 56 states have call predecessors, (62), 64 states have return successors, (94), 58 states have call predecessors, (94), 62 states have call successors, (94) [2022-02-20 18:10:51,791 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 691 states to 691 states and 885 transitions. [2022-02-20 18:10:51,792 INFO L78 Accepts]: Start accepts. Automaton has 691 states and 885 transitions. Word has length 57 [2022-02-20 18:10:51,792 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:51,793 INFO L470 AbstractCegarLoop]: Abstraction has 691 states and 885 transitions. [2022-02-20 18:10:51,793 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 12.25) internal successors, (49), 4 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:51,793 INFO L276 IsEmpty]: Start isEmpty. Operand 691 states and 885 transitions. [2022-02-20 18:10:51,794 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-02-20 18:10:51,794 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:51,795 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:51,810 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:52,010 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:52,010 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:52,011 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:52,011 INFO L85 PathProgramCache]: Analyzing trace with hash -1960547303, now seen corresponding path program 1 times [2022-02-20 18:10:52,011 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:52,011 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [924498231] [2022-02-20 18:10:52,011 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:52,011 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:52,012 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:52,014 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:52,016 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-02-20 18:10:52,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:52,071 INFO L263 TraceCheckSpWp]: Trace formula consists of 191 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 18:10:52,086 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:52,088 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:52,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {12891#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {12891#true} is VALID [2022-02-20 18:10:52,223 INFO L290 TraceCheckUtils]: 1: Hoare triple {12891#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {12891#true} is VALID [2022-02-20 18:10:52,224 INFO L290 TraceCheckUtils]: 2: Hoare triple {12891#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12891#true} is VALID [2022-02-20 18:10:52,224 INFO L290 TraceCheckUtils]: 3: Hoare triple {12891#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {12891#true} is VALID [2022-02-20 18:10:52,224 INFO L290 TraceCheckUtils]: 4: Hoare triple {12891#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {12891#true} is VALID [2022-02-20 18:10:52,224 INFO L290 TraceCheckUtils]: 5: Hoare triple {12891#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {12891#true} is VALID [2022-02-20 18:10:52,224 INFO L290 TraceCheckUtils]: 6: Hoare triple {12891#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {12891#true} is VALID [2022-02-20 18:10:52,224 INFO L290 TraceCheckUtils]: 7: Hoare triple {12891#true} assume !false; {12891#true} is VALID [2022-02-20 18:10:52,225 INFO L290 TraceCheckUtils]: 8: Hoare triple {12891#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {12891#true} is VALID [2022-02-20 18:10:52,225 INFO L290 TraceCheckUtils]: 9: Hoare triple {12891#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12891#true} is VALID [2022-02-20 18:10:52,225 INFO L290 TraceCheckUtils]: 10: Hoare triple {12891#true} assume !(0bv32 != test_~tmp~0#1); {12891#true} is VALID [2022-02-20 18:10:52,225 INFO L290 TraceCheckUtils]: 11: Hoare triple {12891#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12891#true} is VALID [2022-02-20 18:10:52,225 INFO L290 TraceCheckUtils]: 12: Hoare triple {12891#true} assume !(0bv32 != test_~tmp___0~0#1); {12891#true} is VALID [2022-02-20 18:10:52,225 INFO L290 TraceCheckUtils]: 13: Hoare triple {12891#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12891#true} is VALID [2022-02-20 18:10:52,226 INFO L290 TraceCheckUtils]: 14: Hoare triple {12891#true} assume 0bv32 != test_~tmp___2~0#1; {12891#true} is VALID [2022-02-20 18:10:52,226 INFO L272 TraceCheckUtils]: 15: Hoare triple {12891#true} call timeShift(); {12891#true} is VALID [2022-02-20 18:10:52,226 INFO L290 TraceCheckUtils]: 16: Hoare triple {12891#true} assume !(0bv32 != ~pumpRunning~0); {12891#true} is VALID [2022-02-20 18:10:52,226 INFO L290 TraceCheckUtils]: 17: Hoare triple {12891#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {12891#true} is VALID [2022-02-20 18:10:52,226 INFO L290 TraceCheckUtils]: 18: Hoare triple {12891#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {12891#true} is VALID [2022-02-20 18:10:52,227 INFO L290 TraceCheckUtils]: 19: Hoare triple {12891#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {12891#true} is VALID [2022-02-20 18:10:52,227 INFO L290 TraceCheckUtils]: 20: Hoare triple {12891#true} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {12891#true} is VALID [2022-02-20 18:10:52,227 INFO L290 TraceCheckUtils]: 21: Hoare triple {12891#true} assume 0bv32 != isHighWaterLevel_~tmp~3#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {12959#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} is VALID [2022-02-20 18:10:52,228 INFO L290 TraceCheckUtils]: 22: Hoare triple {12959#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {12963#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:52,231 INFO L290 TraceCheckUtils]: 23: Hoare triple {12963#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {12967#(= |timeShift_processEnvironment_~tmp~2#1| (_ bv0 32))} is VALID [2022-02-20 18:10:52,232 INFO L290 TraceCheckUtils]: 24: Hoare triple {12967#(= |timeShift_processEnvironment_~tmp~2#1| (_ bv0 32))} assume 0bv32 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {12892#false} is VALID [2022-02-20 18:10:52,232 INFO L290 TraceCheckUtils]: 25: Hoare triple {12892#false} assume { :end_inline_activatePump } true; {12892#false} is VALID [2022-02-20 18:10:52,232 INFO L290 TraceCheckUtils]: 26: Hoare triple {12892#false} assume { :end_inline_processEnvironment } true; {12892#false} is VALID [2022-02-20 18:10:52,232 INFO L290 TraceCheckUtils]: 27: Hoare triple {12892#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {12892#false} is VALID [2022-02-20 18:10:52,232 INFO L290 TraceCheckUtils]: 28: Hoare triple {12892#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {12892#false} is VALID [2022-02-20 18:10:52,233 INFO L290 TraceCheckUtils]: 29: Hoare triple {12892#false} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1); {12892#false} is VALID [2022-02-20 18:10:52,233 INFO L290 TraceCheckUtils]: 30: Hoare triple {12892#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {12892#false} is VALID [2022-02-20 18:10:52,233 INFO L290 TraceCheckUtils]: 31: Hoare triple {12892#false} assume true; {12892#false} is VALID [2022-02-20 18:10:52,233 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {12892#false} {12891#true} #218#return; {12892#false} is VALID [2022-02-20 18:10:52,233 INFO L290 TraceCheckUtils]: 33: Hoare triple {12892#false} assume !false; {12892#false} is VALID [2022-02-20 18:10:52,233 INFO L290 TraceCheckUtils]: 34: Hoare triple {12892#false} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {12892#false} is VALID [2022-02-20 18:10:52,234 INFO L290 TraceCheckUtils]: 35: Hoare triple {12892#false} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12892#false} is VALID [2022-02-20 18:10:52,234 INFO L290 TraceCheckUtils]: 36: Hoare triple {12892#false} assume !(0bv32 != test_~tmp~0#1); {12892#false} is VALID [2022-02-20 18:10:52,234 INFO L290 TraceCheckUtils]: 37: Hoare triple {12892#false} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12892#false} is VALID [2022-02-20 18:10:52,234 INFO L290 TraceCheckUtils]: 38: Hoare triple {12892#false} assume !(0bv32 != test_~tmp___0~0#1); {12892#false} is VALID [2022-02-20 18:10:52,234 INFO L290 TraceCheckUtils]: 39: Hoare triple {12892#false} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12892#false} is VALID [2022-02-20 18:10:52,234 INFO L290 TraceCheckUtils]: 40: Hoare triple {12892#false} assume 0bv32 != test_~tmp___2~0#1; {12892#false} is VALID [2022-02-20 18:10:52,235 INFO L272 TraceCheckUtils]: 41: Hoare triple {12892#false} call timeShift(); {12892#false} is VALID [2022-02-20 18:10:52,235 INFO L290 TraceCheckUtils]: 42: Hoare triple {12892#false} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {12892#false} is VALID [2022-02-20 18:10:52,235 INFO L290 TraceCheckUtils]: 43: Hoare triple {12892#false} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {12892#false} is VALID [2022-02-20 18:10:52,235 INFO L290 TraceCheckUtils]: 44: Hoare triple {12892#false} assume { :end_inline_lowerWaterLevel } true; {12892#false} is VALID [2022-02-20 18:10:52,235 INFO L290 TraceCheckUtils]: 45: Hoare triple {12892#false} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {12892#false} is VALID [2022-02-20 18:10:52,235 INFO L290 TraceCheckUtils]: 46: Hoare triple {12892#false} assume !(0bv32 == ~pumpRunning~0); {12892#false} is VALID [2022-02-20 18:10:52,236 INFO L272 TraceCheckUtils]: 47: Hoare triple {12892#false} call processEnvironment__wrappee__base(); {12892#false} is VALID [2022-02-20 18:10:52,236 INFO L290 TraceCheckUtils]: 48: Hoare triple {12892#false} assume true; {12892#false} is VALID [2022-02-20 18:10:52,236 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {12892#false} {12892#false} #212#return; {12892#false} is VALID [2022-02-20 18:10:52,236 INFO L290 TraceCheckUtils]: 50: Hoare triple {12892#false} assume { :end_inline_processEnvironment } true; {12892#false} is VALID [2022-02-20 18:10:52,236 INFO L290 TraceCheckUtils]: 51: Hoare triple {12892#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {12892#false} is VALID [2022-02-20 18:10:52,237 INFO L290 TraceCheckUtils]: 52: Hoare triple {12892#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {12892#false} is VALID [2022-02-20 18:10:52,237 INFO L290 TraceCheckUtils]: 53: Hoare triple {12892#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {12892#false} is VALID [2022-02-20 18:10:52,237 INFO L290 TraceCheckUtils]: 54: Hoare triple {12892#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {12892#false} is VALID [2022-02-20 18:10:52,237 INFO L290 TraceCheckUtils]: 55: Hoare triple {12892#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {12892#false} is VALID [2022-02-20 18:10:52,237 INFO L290 TraceCheckUtils]: 56: Hoare triple {12892#false} assume !false; {12892#false} is VALID [2022-02-20 18:10:52,238 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:52,238 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:52,238 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:52,238 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [924498231] [2022-02-20 18:10:52,238 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [924498231] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:52,238 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:52,238 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:52,239 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1084062602] [2022-02-20 18:10:52,239 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:52,239 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:52,240 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:52,240 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:52,274 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 54 edges. 54 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:52,274 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:52,274 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:52,274 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:52,274 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:52,275 INFO L87 Difference]: Start difference. First operand 691 states and 885 transitions. Second operand has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:52,649 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:52,650 INFO L93 Difference]: Finished difference Result 1411 states and 1823 transitions. [2022-02-20 18:10:52,650 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:10:52,650 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 57 [2022-02-20 18:10:52,650 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:52,651 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:52,653 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 168 transitions. [2022-02-20 18:10:52,653 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:52,655 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 168 transitions. [2022-02-20 18:10:52,655 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 168 transitions. [2022-02-20 18:10:52,783 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 168 edges. 168 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:52,823 INFO L225 Difference]: With dead ends: 1411 [2022-02-20 18:10:52,827 INFO L226 Difference]: Without dead ends: 727 [2022-02-20 18:10:52,829 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 58 GetRequests, 53 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:52,830 INFO L933 BasicCegarLoop]: 81 mSDtfsCounter, 50 mSDsluCounter, 228 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 51 SdHoareTripleChecker+Valid, 309 SdHoareTripleChecker+Invalid, 17 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:52,830 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [51 Valid, 309 Invalid, 17 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:52,831 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 727 states. [2022-02-20 18:10:52,858 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 727 to 639. [2022-02-20 18:10:52,858 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:52,864 INFO L82 GeneralOperation]: Start isEquivalent. First operand 727 states. Second operand has 639 states, 522 states have (on average 1.2720306513409962) internal successors, (664), 559 states have internal predecessors, (664), 58 states have call successors, (58), 52 states have call predecessors, (58), 58 states have return successors, (78), 54 states have call predecessors, (78), 58 states have call successors, (78) [2022-02-20 18:10:52,865 INFO L74 IsIncluded]: Start isIncluded. First operand 727 states. Second operand has 639 states, 522 states have (on average 1.2720306513409962) internal successors, (664), 559 states have internal predecessors, (664), 58 states have call successors, (58), 52 states have call predecessors, (58), 58 states have return successors, (78), 54 states have call predecessors, (78), 58 states have call successors, (78) [2022-02-20 18:10:52,867 INFO L87 Difference]: Start difference. First operand 727 states. Second operand has 639 states, 522 states have (on average 1.2720306513409962) internal successors, (664), 559 states have internal predecessors, (664), 58 states have call successors, (58), 52 states have call predecessors, (58), 58 states have return successors, (78), 54 states have call predecessors, (78), 58 states have call successors, (78) [2022-02-20 18:10:52,894 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:52,894 INFO L93 Difference]: Finished difference Result 727 states and 913 transitions. [2022-02-20 18:10:52,894 INFO L276 IsEmpty]: Start isEmpty. Operand 727 states and 913 transitions. [2022-02-20 18:10:52,896 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:52,896 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:52,899 INFO L74 IsIncluded]: Start isIncluded. First operand has 639 states, 522 states have (on average 1.2720306513409962) internal successors, (664), 559 states have internal predecessors, (664), 58 states have call successors, (58), 52 states have call predecessors, (58), 58 states have return successors, (78), 54 states have call predecessors, (78), 58 states have call successors, (78) Second operand 727 states. [2022-02-20 18:10:52,900 INFO L87 Difference]: Start difference. First operand has 639 states, 522 states have (on average 1.2720306513409962) internal successors, (664), 559 states have internal predecessors, (664), 58 states have call successors, (58), 52 states have call predecessors, (58), 58 states have return successors, (78), 54 states have call predecessors, (78), 58 states have call successors, (78) Second operand 727 states. [2022-02-20 18:10:52,928 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:52,929 INFO L93 Difference]: Finished difference Result 727 states and 913 transitions. [2022-02-20 18:10:52,929 INFO L276 IsEmpty]: Start isEmpty. Operand 727 states and 913 transitions. [2022-02-20 18:10:52,931 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:52,931 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:52,932 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:52,932 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:52,933 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 639 states, 522 states have (on average 1.2720306513409962) internal successors, (664), 559 states have internal predecessors, (664), 58 states have call successors, (58), 52 states have call predecessors, (58), 58 states have return successors, (78), 54 states have call predecessors, (78), 58 states have call successors, (78) [2022-02-20 18:10:52,966 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 639 states to 639 states and 800 transitions. [2022-02-20 18:10:52,966 INFO L78 Accepts]: Start accepts. Automaton has 639 states and 800 transitions. Word has length 57 [2022-02-20 18:10:52,966 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:52,967 INFO L470 AbstractCegarLoop]: Abstraction has 639 states and 800 transitions. [2022-02-20 18:10:52,967 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:52,967 INFO L276 IsEmpty]: Start isEmpty. Operand 639 states and 800 transitions. [2022-02-20 18:10:52,969 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2022-02-20 18:10:52,969 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:52,969 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:52,981 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:53,180 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:53,181 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:53,181 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:53,182 INFO L85 PathProgramCache]: Analyzing trace with hash 1821830511, now seen corresponding path program 1 times [2022-02-20 18:10:53,182 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:53,182 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1345938680] [2022-02-20 18:10:53,182 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:53,182 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:53,182 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:53,208 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:53,211 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-02-20 18:10:53,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:53,259 INFO L263 TraceCheckSpWp]: Trace formula consists of 198 conjuncts, 13 conjunts are in the unsatisfiable core [2022-02-20 18:10:53,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:53,275 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:53,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {17398#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,525 INFO L290 TraceCheckUtils]: 2: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,525 INFO L290 TraceCheckUtils]: 3: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,525 INFO L290 TraceCheckUtils]: 4: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,526 INFO L290 TraceCheckUtils]: 5: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,526 INFO L290 TraceCheckUtils]: 6: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,527 INFO L290 TraceCheckUtils]: 7: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume !false; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,527 INFO L290 TraceCheckUtils]: 8: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,527 INFO L290 TraceCheckUtils]: 9: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,528 INFO L290 TraceCheckUtils]: 10: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~0#1; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,528 INFO L272 TraceCheckUtils]: 11: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,529 INFO L290 TraceCheckUtils]: 12: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {17441#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,543 INFO L290 TraceCheckUtils]: 13: Hoare triple {17441#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} assume true; {17441#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,544 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {17441#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} {17403#(= ~waterLevel~0 (_ bv1 32))} #214#return; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,545 INFO L290 TraceCheckUtils]: 15: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,545 INFO L290 TraceCheckUtils]: 16: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~0#1); {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,545 INFO L290 TraceCheckUtils]: 17: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,546 INFO L290 TraceCheckUtils]: 18: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,546 INFO L272 TraceCheckUtils]: 19: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,547 INFO L290 TraceCheckUtils]: 20: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != ~pumpRunning~0); {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,547 INFO L290 TraceCheckUtils]: 21: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,548 INFO L290 TraceCheckUtils]: 22: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,548 INFO L290 TraceCheckUtils]: 23: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,549 INFO L290 TraceCheckUtils]: 24: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,549 INFO L290 TraceCheckUtils]: 25: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,550 INFO L290 TraceCheckUtils]: 26: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,550 INFO L290 TraceCheckUtils]: 27: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,551 INFO L290 TraceCheckUtils]: 28: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,551 INFO L290 TraceCheckUtils]: 29: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_activatePump } true; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,551 INFO L290 TraceCheckUtils]: 30: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_processEnvironment } true; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,552 INFO L290 TraceCheckUtils]: 31: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,552 INFO L290 TraceCheckUtils]: 32: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,553 INFO L290 TraceCheckUtils]: 33: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1); {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,553 INFO L290 TraceCheckUtils]: 34: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,554 INFO L290 TraceCheckUtils]: 35: Hoare triple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume true; {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:53,554 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17437#(= ~waterLevel~0 |old(~waterLevel~0)|)} {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} #218#return; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,555 INFO L290 TraceCheckUtils]: 37: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !false; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,555 INFO L290 TraceCheckUtils]: 38: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,556 INFO L290 TraceCheckUtils]: 39: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,556 INFO L290 TraceCheckUtils]: 40: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp~0#1); {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,557 INFO L290 TraceCheckUtils]: 41: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,557 INFO L290 TraceCheckUtils]: 42: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~0#1); {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,557 INFO L290 TraceCheckUtils]: 43: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,558 INFO L290 TraceCheckUtils]: 44: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,558 INFO L272 TraceCheckUtils]: 45: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,559 INFO L290 TraceCheckUtils]: 46: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:53,559 INFO L290 TraceCheckUtils]: 47: Hoare triple {17448#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,560 INFO L290 TraceCheckUtils]: 48: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_lowerWaterLevel } true; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,560 INFO L290 TraceCheckUtils]: 49: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,561 INFO L290 TraceCheckUtils]: 50: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 == ~pumpRunning~0); {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,561 INFO L272 TraceCheckUtils]: 51: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} call processEnvironment__wrappee__base(); {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,561 INFO L290 TraceCheckUtils]: 52: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume true; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,562 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {17403#(= ~waterLevel~0 (_ bv1 32))} {17403#(= ~waterLevel~0 (_ bv1 32))} #212#return; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,562 INFO L290 TraceCheckUtils]: 54: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_processEnvironment } true; {17403#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:53,563 INFO L290 TraceCheckUtils]: 55: Hoare triple {17403#(= ~waterLevel~0 (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {17572#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:53,563 INFO L290 TraceCheckUtils]: 56: Hoare triple {17572#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {17576#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv1 32))} is VALID [2022-02-20 18:10:53,564 INFO L290 TraceCheckUtils]: 57: Hoare triple {17576#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv1 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {17399#false} is VALID [2022-02-20 18:10:53,564 INFO L290 TraceCheckUtils]: 58: Hoare triple {17399#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {17399#false} is VALID [2022-02-20 18:10:53,564 INFO L290 TraceCheckUtils]: 59: Hoare triple {17399#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {17399#false} is VALID [2022-02-20 18:10:53,564 INFO L290 TraceCheckUtils]: 60: Hoare triple {17399#false} assume !false; {17399#false} is VALID [2022-02-20 18:10:53,565 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 0 proven. 11 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:10:53,565 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:54,036 INFO L290 TraceCheckUtils]: 60: Hoare triple {17399#false} assume !false; {17399#false} is VALID [2022-02-20 18:10:54,036 INFO L290 TraceCheckUtils]: 59: Hoare triple {17399#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {17399#false} is VALID [2022-02-20 18:10:54,036 INFO L290 TraceCheckUtils]: 58: Hoare triple {17399#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {17399#false} is VALID [2022-02-20 18:10:54,036 INFO L290 TraceCheckUtils]: 57: Hoare triple {17598#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv0 32)))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {17399#false} is VALID [2022-02-20 18:10:54,037 INFO L290 TraceCheckUtils]: 56: Hoare triple {17602#(not (= |timeShift_getWaterLevel_#res#1| (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {17598#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~1#1| (_ bv0 32)))} is VALID [2022-02-20 18:10:54,037 INFO L290 TraceCheckUtils]: 55: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {17602#(not (= |timeShift_getWaterLevel_#res#1| (_ bv0 32)))} is VALID [2022-02-20 18:10:54,037 INFO L290 TraceCheckUtils]: 54: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_processEnvironment } true; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,038 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {17398#true} {17606#(not (= ~waterLevel~0 (_ bv0 32)))} #212#return; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,038 INFO L290 TraceCheckUtils]: 52: Hoare triple {17398#true} assume true; {17398#true} is VALID [2022-02-20 18:10:54,038 INFO L272 TraceCheckUtils]: 51: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} call processEnvironment__wrappee__base(); {17398#true} is VALID [2022-02-20 18:10:54,038 INFO L290 TraceCheckUtils]: 50: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume !(0bv32 == ~pumpRunning~0); {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,038 INFO L290 TraceCheckUtils]: 49: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,039 INFO L290 TraceCheckUtils]: 48: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_lowerWaterLevel } true; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,039 INFO L290 TraceCheckUtils]: 47: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,039 INFO L290 TraceCheckUtils]: 46: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,040 INFO L272 TraceCheckUtils]: 45: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} call timeShift(); {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,040 INFO L290 TraceCheckUtils]: 44: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != test_~tmp___2~0#1; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,040 INFO L290 TraceCheckUtils]: 43: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,041 INFO L290 TraceCheckUtils]: 42: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~0#1); {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,041 INFO L290 TraceCheckUtils]: 41: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,042 INFO L290 TraceCheckUtils]: 40: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp~0#1); {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,042 INFO L290 TraceCheckUtils]: 39: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,042 INFO L290 TraceCheckUtils]: 38: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,043 INFO L290 TraceCheckUtils]: 37: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !false; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,043 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} #218#return; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,043 INFO L290 TraceCheckUtils]: 35: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume true; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,044 INFO L290 TraceCheckUtils]: 34: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,044 INFO L290 TraceCheckUtils]: 33: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1); {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,056 INFO L290 TraceCheckUtils]: 32: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,057 INFO L290 TraceCheckUtils]: 31: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,057 INFO L290 TraceCheckUtils]: 30: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_processEnvironment } true; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,057 INFO L290 TraceCheckUtils]: 29: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_activatePump } true; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,058 INFO L290 TraceCheckUtils]: 28: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,058 INFO L290 TraceCheckUtils]: 27: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,059 INFO L290 TraceCheckUtils]: 26: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,059 INFO L290 TraceCheckUtils]: 25: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,060 INFO L290 TraceCheckUtils]: 24: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,060 INFO L290 TraceCheckUtils]: 23: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,060 INFO L290 TraceCheckUtils]: 22: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,061 INFO L290 TraceCheckUtils]: 21: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,066 INFO L290 TraceCheckUtils]: 20: Hoare triple {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != ~pumpRunning~0); {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,067 INFO L272 TraceCheckUtils]: 19: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} call timeShift(); {17668#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,069 INFO L290 TraceCheckUtils]: 18: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != test_~tmp___2~0#1; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,070 INFO L290 TraceCheckUtils]: 17: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,070 INFO L290 TraceCheckUtils]: 16: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~0#1); {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,070 INFO L290 TraceCheckUtils]: 15: Hoare triple {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,071 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {17735#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} {17606#(not (= ~waterLevel~0 (_ bv0 32)))} #214#return; {17631#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:54,072 INFO L290 TraceCheckUtils]: 13: Hoare triple {17735#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} assume true; {17735#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:54,072 INFO L290 TraceCheckUtils]: 12: Hoare triple {17742#(or (not (= (bvadd ~waterLevel~0 (_ bv1 32)) (_ bv1 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {17735#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:54,073 INFO L272 TraceCheckUtils]: 11: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} call waterRise(); {17742#(or (not (= (bvadd ~waterLevel~0 (_ bv1 32)) (_ bv1 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:54,073 INFO L290 TraceCheckUtils]: 10: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != test_~tmp~0#1; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,073 INFO L290 TraceCheckUtils]: 9: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,074 INFO L290 TraceCheckUtils]: 8: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,074 INFO L290 TraceCheckUtils]: 7: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume !false; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,074 INFO L290 TraceCheckUtils]: 6: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,075 INFO L290 TraceCheckUtils]: 5: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,077 INFO L290 TraceCheckUtils]: 4: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,077 INFO L290 TraceCheckUtils]: 3: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,078 INFO L290 TraceCheckUtils]: 1: Hoare triple {17606#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {17398#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {17606#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:54,080 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 1 proven. 10 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:10:54,080 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:54,081 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1345938680] [2022-02-20 18:10:54,081 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1345938680] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:54,081 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 18:10:54,081 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 9] total 15 [2022-02-20 18:10:54,081 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1826629384] [2022-02-20 18:10:54,081 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:54,082 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 6.466666666666667) internal successors, (97), 14 states have internal predecessors, (97), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) Word has length 61 [2022-02-20 18:10:54,082 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:54,082 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 15 states have (on average 6.466666666666667) internal successors, (97), 14 states have internal predecessors, (97), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:54,177 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 111 edges. 111 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:54,178 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:10:54,178 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:54,178 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:10:54,178 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=42, Invalid=168, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:10:54,178 INFO L87 Difference]: Start difference. First operand 639 states and 800 transitions. Second operand has 15 states, 15 states have (on average 6.466666666666667) internal successors, (97), 14 states have internal predecessors, (97), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:56,886 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:56,887 INFO L93 Difference]: Finished difference Result 1769 states and 2358 transitions. [2022-02-20 18:10:56,887 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-02-20 18:10:56,887 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 6.466666666666667) internal successors, (97), 14 states have internal predecessors, (97), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) Word has length 61 [2022-02-20 18:10:56,888 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:56,888 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 6.466666666666667) internal successors, (97), 14 states have internal predecessors, (97), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:56,897 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 565 transitions. [2022-02-20 18:10:56,897 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 6.466666666666667) internal successors, (97), 14 states have internal predecessors, (97), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:56,903 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 565 transitions. [2022-02-20 18:10:56,903 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 34 states and 565 transitions. [2022-02-20 18:10:57,422 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 565 edges. 565 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:57,520 INFO L225 Difference]: With dead ends: 1769 [2022-02-20 18:10:57,521 INFO L226 Difference]: Without dead ends: 1206 [2022-02-20 18:10:57,523 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 109 SyntacticMatches, 3 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 311 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=335, Invalid=1225, Unknown=0, NotChecked=0, Total=1560 [2022-02-20 18:10:57,523 INFO L933 BasicCegarLoop]: 125 mSDtfsCounter, 710 mSDsluCounter, 695 mSDsCounter, 0 mSdLazyCounter, 543 mSolverCounterSat, 253 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 719 SdHoareTripleChecker+Valid, 820 SdHoareTripleChecker+Invalid, 796 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 253 IncrementalHoareTripleChecker+Valid, 543 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:57,524 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [719 Valid, 820 Invalid, 796 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [253 Valid, 543 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-02-20 18:10:57,525 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1206 states. [2022-02-20 18:10:57,569 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1206 to 1142. [2022-02-20 18:10:57,569 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:57,571 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1206 states. Second operand has 1142 states, 927 states have (on average 1.2621359223300972) internal successors, (1170), 990 states have internal predecessors, (1170), 104 states have call successors, (104), 92 states have call predecessors, (104), 110 states have return successors, (194), 104 states have call predecessors, (194), 104 states have call successors, (194) [2022-02-20 18:10:57,585 INFO L74 IsIncluded]: Start isIncluded. First operand 1206 states. Second operand has 1142 states, 927 states have (on average 1.2621359223300972) internal successors, (1170), 990 states have internal predecessors, (1170), 104 states have call successors, (104), 92 states have call predecessors, (104), 110 states have return successors, (194), 104 states have call predecessors, (194), 104 states have call successors, (194) [2022-02-20 18:10:57,588 INFO L87 Difference]: Start difference. First operand 1206 states. Second operand has 1142 states, 927 states have (on average 1.2621359223300972) internal successors, (1170), 990 states have internal predecessors, (1170), 104 states have call successors, (104), 92 states have call predecessors, (104), 110 states have return successors, (194), 104 states have call predecessors, (194), 104 states have call successors, (194) [2022-02-20 18:10:57,656 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:57,656 INFO L93 Difference]: Finished difference Result 1206 states and 1565 transitions. [2022-02-20 18:10:57,656 INFO L276 IsEmpty]: Start isEmpty. Operand 1206 states and 1565 transitions. [2022-02-20 18:10:57,661 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:57,661 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:57,663 INFO L74 IsIncluded]: Start isIncluded. First operand has 1142 states, 927 states have (on average 1.2621359223300972) internal successors, (1170), 990 states have internal predecessors, (1170), 104 states have call successors, (104), 92 states have call predecessors, (104), 110 states have return successors, (194), 104 states have call predecessors, (194), 104 states have call successors, (194) Second operand 1206 states. [2022-02-20 18:10:57,665 INFO L87 Difference]: Start difference. First operand has 1142 states, 927 states have (on average 1.2621359223300972) internal successors, (1170), 990 states have internal predecessors, (1170), 104 states have call successors, (104), 92 states have call predecessors, (104), 110 states have return successors, (194), 104 states have call predecessors, (194), 104 states have call successors, (194) Second operand 1206 states. [2022-02-20 18:10:57,733 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:57,733 INFO L93 Difference]: Finished difference Result 1206 states and 1565 transitions. [2022-02-20 18:10:57,734 INFO L276 IsEmpty]: Start isEmpty. Operand 1206 states and 1565 transitions. [2022-02-20 18:10:57,737 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:57,737 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:57,737 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:57,737 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:57,740 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1142 states, 927 states have (on average 1.2621359223300972) internal successors, (1170), 990 states have internal predecessors, (1170), 104 states have call successors, (104), 92 states have call predecessors, (104), 110 states have return successors, (194), 104 states have call predecessors, (194), 104 states have call successors, (194) [2022-02-20 18:10:57,840 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1142 states to 1142 states and 1468 transitions. [2022-02-20 18:10:57,842 INFO L78 Accepts]: Start accepts. Automaton has 1142 states and 1468 transitions. Word has length 61 [2022-02-20 18:10:57,842 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:57,842 INFO L470 AbstractCegarLoop]: Abstraction has 1142 states and 1468 transitions. [2022-02-20 18:10:57,843 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 6.466666666666667) internal successors, (97), 14 states have internal predecessors, (97), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:57,843 INFO L276 IsEmpty]: Start isEmpty. Operand 1142 states and 1468 transitions. [2022-02-20 18:10:57,844 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 80 [2022-02-20 18:10:57,845 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:57,845 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:57,854 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:58,053 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:58,054 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:58,054 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:58,054 INFO L85 PathProgramCache]: Analyzing trace with hash -1587986595, now seen corresponding path program 1 times [2022-02-20 18:10:58,055 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:58,055 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [989463420] [2022-02-20 18:10:58,055 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:58,055 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:58,055 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:58,056 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:58,057 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Waiting until timeout for monitored process [2022-02-20 18:10:58,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:58,114 INFO L263 TraceCheckSpWp]: Trace formula consists of 221 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:10:58,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:58,129 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:58,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {24303#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(21bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(30bv32, 21bv32);call #Ultimate.allocInit(9bv32, 22bv32);call #Ultimate.allocInit(25bv32, 23bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {24303#true} is VALID [2022-02-20 18:10:58,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {24303#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {24303#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 3: Hoare triple {24303#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~8#1;havoc valid_product_~retValue_acc~8#1;valid_product_~retValue_acc~8#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~8#1; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 4: Hoare triple {24303#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 5: Hoare triple {24303#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 6: Hoare triple {24303#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 7: Hoare triple {24303#true} assume !false; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 8: Hoare triple {24303#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 9: Hoare triple {24303#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 10: Hoare triple {24303#true} assume 0bv32 != test_~tmp~0#1; {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L272 TraceCheckUtils]: 11: Hoare triple {24303#true} call waterRise(); {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 12: Hoare triple {24303#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {24303#true} is VALID [2022-02-20 18:10:58,313 INFO L290 TraceCheckUtils]: 13: Hoare triple {24303#true} assume true; {24303#true} is VALID [2022-02-20 18:10:58,314 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {24303#true} {24303#true} #214#return; {24303#true} is VALID [2022-02-20 18:10:58,314 INFO L290 TraceCheckUtils]: 15: Hoare triple {24303#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {24303#true} is VALID [2022-02-20 18:10:58,314 INFO L290 TraceCheckUtils]: 16: Hoare triple {24303#true} assume !(0bv32 != test_~tmp___0~0#1); {24303#true} is VALID [2022-02-20 18:10:58,315 INFO L290 TraceCheckUtils]: 17: Hoare triple {24303#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {24303#true} is VALID [2022-02-20 18:10:58,315 INFO L290 TraceCheckUtils]: 18: Hoare triple {24303#true} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {24303#true} is VALID [2022-02-20 18:10:58,315 INFO L290 TraceCheckUtils]: 19: Hoare triple {24303#true} assume 0bv32 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {24303#true} is VALID [2022-02-20 18:10:58,315 INFO L290 TraceCheckUtils]: 20: Hoare triple {24303#true} assume !(0bv32 != ~pumpRunning~0); {24303#true} is VALID [2022-02-20 18:10:58,316 INFO L290 TraceCheckUtils]: 21: Hoare triple {24303#true} ~systemActive~0 := 0bv32; {24303#true} is VALID [2022-02-20 18:10:58,316 INFO L290 TraceCheckUtils]: 22: Hoare triple {24303#true} assume { :end_inline_stopSystem } true; {24303#true} is VALID [2022-02-20 18:10:58,316 INFO L272 TraceCheckUtils]: 23: Hoare triple {24303#true} call timeShift(); {24303#true} is VALID [2022-02-20 18:10:58,316 INFO L290 TraceCheckUtils]: 24: Hoare triple {24303#true} assume !(0bv32 != ~pumpRunning~0); {24303#true} is VALID [2022-02-20 18:10:58,317 INFO L290 TraceCheckUtils]: 25: Hoare triple {24303#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret10#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,318 INFO L290 TraceCheckUtils]: 26: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret20#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,318 INFO L290 TraceCheckUtils]: 27: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,318 INFO L290 TraceCheckUtils]: 28: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} isHighWaterLevel_#t~ret20#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret20#1;havoc isHighWaterLevel_#t~ret20#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,319 INFO L290 TraceCheckUtils]: 29: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,319 INFO L290 TraceCheckUtils]: 30: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,319 INFO L290 TraceCheckUtils]: 31: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} processEnvironment_#t~ret10#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret10#1;havoc processEnvironment_#t~ret10#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,320 INFO L290 TraceCheckUtils]: 32: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume 0bv32 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,320 INFO L290 TraceCheckUtils]: 33: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :end_inline_activatePump } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,320 INFO L290 TraceCheckUtils]: 34: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :end_inline_processEnvironment } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,321 INFO L290 TraceCheckUtils]: 35: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,321 INFO L290 TraceCheckUtils]: 36: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,321 INFO L290 TraceCheckUtils]: 37: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,322 INFO L290 TraceCheckUtils]: 38: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,322 INFO L290 TraceCheckUtils]: 39: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,322 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {24383#(not (= ~systemActive~0 (_ bv0 32)))} {24303#true} #218#return; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,323 INFO L290 TraceCheckUtils]: 41: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !false; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,323 INFO L290 TraceCheckUtils]: 42: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,323 INFO L290 TraceCheckUtils]: 43: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,323 INFO L290 TraceCheckUtils]: 44: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 != test_~tmp~0#1); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,325 INFO L290 TraceCheckUtils]: 45: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,329 INFO L290 TraceCheckUtils]: 46: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~0#1); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,330 INFO L290 TraceCheckUtils]: 47: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,330 INFO L290 TraceCheckUtils]: 48: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume 0bv32 != test_~tmp___2~0#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,330 INFO L272 TraceCheckUtils]: 49: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} call timeShift(); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,331 INFO L290 TraceCheckUtils]: 50: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,331 INFO L290 TraceCheckUtils]: 51: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,331 INFO L290 TraceCheckUtils]: 52: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :end_inline_lowerWaterLevel } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,332 INFO L290 TraceCheckUtils]: 53: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 != ~systemActive~0); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,332 INFO L290 TraceCheckUtils]: 54: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,332 INFO L290 TraceCheckUtils]: 55: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,332 INFO L290 TraceCheckUtils]: 56: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,333 INFO L290 TraceCheckUtils]: 57: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,333 INFO L290 TraceCheckUtils]: 58: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,333 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {24383#(not (= ~systemActive~0 (_ bv0 32)))} {24383#(not (= ~systemActive~0 (_ bv0 32)))} #218#return; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,334 INFO L290 TraceCheckUtils]: 60: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !false; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,334 INFO L290 TraceCheckUtils]: 61: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,334 INFO L290 TraceCheckUtils]: 62: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,335 INFO L290 TraceCheckUtils]: 63: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 != test_~tmp~0#1); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,335 INFO L290 TraceCheckUtils]: 64: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,335 INFO L290 TraceCheckUtils]: 65: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~0#1); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,335 INFO L290 TraceCheckUtils]: 66: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,336 INFO L290 TraceCheckUtils]: 67: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume 0bv32 != test_~tmp___2~0#1; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,336 INFO L272 TraceCheckUtils]: 68: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} call timeShift(); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,336 INFO L290 TraceCheckUtils]: 69: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,337 INFO L290 TraceCheckUtils]: 70: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,337 INFO L290 TraceCheckUtils]: 71: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume { :end_inline_lowerWaterLevel } true; {24383#(not (= ~systemActive~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:58,337 INFO L290 TraceCheckUtils]: 72: Hoare triple {24383#(not (= ~systemActive~0 (_ bv0 32)))} assume !(0bv32 != ~systemActive~0); {24304#false} is VALID [2022-02-20 18:10:58,337 INFO L290 TraceCheckUtils]: 73: Hoare triple {24304#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret8#1, __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_~tmp~1#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~1#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {24304#false} is VALID [2022-02-20 18:10:58,337 INFO L290 TraceCheckUtils]: 74: Hoare triple {24304#false} __utac_acc__Specification4_spec__1_#t~ret8#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~1#1 := __utac_acc__Specification4_spec__1_#t~ret8#1;havoc __utac_acc__Specification4_spec__1_#t~ret8#1; {24304#false} is VALID [2022-02-20 18:10:58,337 INFO L290 TraceCheckUtils]: 75: Hoare triple {24304#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~1#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {24304#false} is VALID [2022-02-20 18:10:58,337 INFO L290 TraceCheckUtils]: 76: Hoare triple {24304#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {24304#false} is VALID [2022-02-20 18:10:58,338 INFO L290 TraceCheckUtils]: 77: Hoare triple {24304#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {24304#false} is VALID [2022-02-20 18:10:58,338 INFO L290 TraceCheckUtils]: 78: Hoare triple {24304#false} assume !false; {24304#false} is VALID [2022-02-20 18:10:58,339 INFO L134 CoverageAnalysis]: Checked inductivity of 47 backedges. 28 proven. 0 refuted. 0 times theorem prover too weak. 19 trivial. 0 not checked. [2022-02-20 18:10:58,343 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:58,343 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:58,343 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [989463420] [2022-02-20 18:10:58,344 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [989463420] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:58,344 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:58,344 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:58,344 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1932917516] [2022-02-20 18:10:58,344 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:58,345 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 79 [2022-02-20 18:10:58,345 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:58,345 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:10:58,390 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 62 edges. 62 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:58,390 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:58,390 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:58,390 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:58,390 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:58,390 INFO L87 Difference]: Start difference. First operand 1142 states and 1468 transitions. Second operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:10:58,747 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:58,748 INFO L93 Difference]: Finished difference Result 1919 states and 2503 transitions. [2022-02-20 18:10:58,748 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:58,748 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 79 [2022-02-20 18:10:58,749 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:58,749 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:10:58,751 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 179 transitions. [2022-02-20 18:10:58,751 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:10:58,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 179 transitions. [2022-02-20 18:10:58,752 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 179 transitions. [2022-02-20 18:10:58,892 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 179 edges. 179 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:59,003 INFO L225 Difference]: With dead ends: 1919 [2022-02-20 18:10:59,004 INFO L226 Difference]: Without dead ends: 1334 [2022-02-20 18:10:59,006 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 78 GetRequests, 77 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:59,007 INFO L933 BasicCegarLoop]: 81 mSDtfsCounter, 40 mSDsluCounter, 38 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 40 SdHoareTripleChecker+Valid, 119 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:59,008 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [40 Valid, 119 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:59,009 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1334 states. [2022-02-20 18:10:59,063 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1334 to 1318. [2022-02-20 18:10:59,063 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:59,066 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1334 states. Second operand has 1318 states, 1066 states have (on average 1.2607879924953096) internal successors, (1344), 1141 states have internal predecessors, (1344), 122 states have call successors, (122), 110 states have call predecessors, (122), 129 states have return successors, (229), 122 states have call predecessors, (229), 122 states have call successors, (229) [2022-02-20 18:10:59,067 INFO L74 IsIncluded]: Start isIncluded. First operand 1334 states. Second operand has 1318 states, 1066 states have (on average 1.2607879924953096) internal successors, (1344), 1141 states have internal predecessors, (1344), 122 states have call successors, (122), 110 states have call predecessors, (122), 129 states have return successors, (229), 122 states have call predecessors, (229), 122 states have call successors, (229) [2022-02-20 18:10:59,069 INFO L87 Difference]: Start difference. First operand 1334 states. Second operand has 1318 states, 1066 states have (on average 1.2607879924953096) internal successors, (1344), 1141 states have internal predecessors, (1344), 122 states have call successors, (122), 110 states have call predecessors, (122), 129 states have return successors, (229), 122 states have call predecessors, (229), 122 states have call successors, (229) [2022-02-20 18:10:59,147 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:59,147 INFO L93 Difference]: Finished difference Result 1334 states and 1710 transitions. [2022-02-20 18:10:59,147 INFO L276 IsEmpty]: Start isEmpty. Operand 1334 states and 1710 transitions. [2022-02-20 18:10:59,153 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:59,153 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:59,155 INFO L74 IsIncluded]: Start isIncluded. First operand has 1318 states, 1066 states have (on average 1.2607879924953096) internal successors, (1344), 1141 states have internal predecessors, (1344), 122 states have call successors, (122), 110 states have call predecessors, (122), 129 states have return successors, (229), 122 states have call predecessors, (229), 122 states have call successors, (229) Second operand 1334 states. [2022-02-20 18:10:59,168 INFO L87 Difference]: Start difference. First operand has 1318 states, 1066 states have (on average 1.2607879924953096) internal successors, (1344), 1141 states have internal predecessors, (1344), 122 states have call successors, (122), 110 states have call predecessors, (122), 129 states have return successors, (229), 122 states have call predecessors, (229), 122 states have call successors, (229) Second operand 1334 states. [2022-02-20 18:10:59,254 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:59,255 INFO L93 Difference]: Finished difference Result 1334 states and 1710 transitions. [2022-02-20 18:10:59,255 INFO L276 IsEmpty]: Start isEmpty. Operand 1334 states and 1710 transitions. [2022-02-20 18:10:59,260 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:59,260 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:59,260 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:59,260 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:59,263 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1318 states, 1066 states have (on average 1.2607879924953096) internal successors, (1344), 1141 states have internal predecessors, (1344), 122 states have call successors, (122), 110 states have call predecessors, (122), 129 states have return successors, (229), 122 states have call predecessors, (229), 122 states have call successors, (229) [2022-02-20 18:10:59,369 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1318 states to 1318 states and 1695 transitions. [2022-02-20 18:10:59,370 INFO L78 Accepts]: Start accepts. Automaton has 1318 states and 1695 transitions. Word has length 79 [2022-02-20 18:10:59,370 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:59,370 INFO L470 AbstractCegarLoop]: Abstraction has 1318 states and 1695 transitions. [2022-02-20 18:10:59,371 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:10:59,371 INFO L276 IsEmpty]: Start isEmpty. Operand 1318 states and 1695 transitions. [2022-02-20 18:10:59,373 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-02-20 18:10:59,373 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:59,373 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:59,385 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:59,582 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:59,582 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:59,583 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:59,583 INFO L85 PathProgramCache]: Analyzing trace with hash 1956651692, now seen corresponding path program 2 times [2022-02-20 18:10:59,583 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:59,583 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1682175394] [2022-02-20 18:10:59,583 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-02-20 18:10:59,584 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:59,584 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:59,585 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:59,587 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Waiting until timeout for monitored process [2022-02-20 18:10:59,649 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-02-20 18:10:59,649 INFO L229 tOrderPrioritization]: Conjunction of SSA is sat [2022-02-20 18:10:59,649 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:10:59,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:59,739 INFO L138 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-02-20 18:10:59,739 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:10:59,740 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:59,755 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:59,951 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:59,954 INFO L732 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:59,955 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:11:00,009 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:11:00,010 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:11:00,017 INFO L158 Benchmark]: Toolchain (without parser) took 16705.16ms. Allocated memory was 62.9MB in the beginning and 144.7MB in the end (delta: 81.8MB). Free memory was 42.0MB in the beginning and 55.5MB in the end (delta: -13.5MB). Peak memory consumption was 66.4MB. Max. memory is 16.1GB. [2022-02-20 18:11:00,017 INFO L158 Benchmark]: CDTParser took 0.20ms. Allocated memory is still 62.9MB. Free memory was 44.7MB in the beginning and 44.6MB in the end (delta: 48.7kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:11:00,018 INFO L158 Benchmark]: CACSL2BoogieTranslator took 556.09ms. Allocated memory was 62.9MB in the beginning and 75.5MB in the end (delta: 12.6MB). Free memory was 41.8MB in the beginning and 57.0MB in the end (delta: -15.2MB). Peak memory consumption was 15.6MB. Max. memory is 16.1GB. [2022-02-20 18:11:00,018 INFO L158 Benchmark]: Boogie Procedure Inliner took 71.59ms. Allocated memory is still 75.5MB. Free memory was 57.0MB in the beginning and 54.4MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:11:00,018 INFO L158 Benchmark]: Boogie Preprocessor took 57.02ms. Allocated memory is still 75.5MB. Free memory was 54.4MB in the beginning and 52.7MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:11:00,022 INFO L158 Benchmark]: RCFGBuilder took 471.97ms. Allocated memory is still 75.5MB. Free memory was 52.7MB in the beginning and 35.6MB in the end (delta: 17.1MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2022-02-20 18:11:00,023 INFO L158 Benchmark]: TraceAbstraction took 15541.69ms. Allocated memory was 75.5MB in the beginning and 144.7MB in the end (delta: 69.2MB). Free memory was 35.0MB in the beginning and 55.5MB in the end (delta: -20.4MB). Peak memory consumption was 48.8MB. Max. memory is 16.1GB. [2022-02-20 18:11:00,025 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.20ms. Allocated memory is still 62.9MB. Free memory was 44.7MB in the beginning and 44.6MB in the end (delta: 48.7kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 556.09ms. Allocated memory was 62.9MB in the beginning and 75.5MB in the end (delta: 12.6MB). Free memory was 41.8MB in the beginning and 57.0MB in the end (delta: -15.2MB). Peak memory consumption was 15.6MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 71.59ms. Allocated memory is still 75.5MB. Free memory was 57.0MB in the beginning and 54.4MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 57.02ms. Allocated memory is still 75.5MB. Free memory was 54.4MB in the beginning and 52.7MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 471.97ms. Allocated memory is still 75.5MB. Free memory was 52.7MB in the beginning and 35.6MB in the end (delta: 17.1MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 15541.69ms. Allocated memory was 75.5MB in the beginning and 144.7MB in the end (delta: 69.2MB). Free memory was 35.0MB in the beginning and 55.5MB in the end (delta: -20.4MB). Peak memory consumption was 48.8MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:11:00,056 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: ERROR: ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator