./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 12f35b53fa21b1b526c5ccefe7a49d52db3501fafceaddf16f789eadd54f272a --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:24,429 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:24,430 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:24,454 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:24,454 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:24,455 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:24,456 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:24,457 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:24,458 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:24,459 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:24,468 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:24,469 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:24,470 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:24,472 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:24,473 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:24,475 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:24,476 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:24,481 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:24,482 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:24,485 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:24,486 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:24,487 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:24,488 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:24,488 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:24,492 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:24,492 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:24,492 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:24,493 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:24,493 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:24,497 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:24,497 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:24,497 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:24,498 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:24,498 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:24,499 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:24,500 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:24,500 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:24,501 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:24,501 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:24,502 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:24,502 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:24,503 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:10:24,528 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:24,528 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:24,528 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:24,529 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:24,529 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:24,529 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:24,530 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:24,530 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:24,530 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:24,530 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:24,531 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:24,531 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:10:24,531 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:24,531 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:24,531 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:24,532 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:24,532 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:24,532 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:24,532 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:24,532 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:24,532 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:24,532 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:24,533 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:24,533 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:24,533 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:24,534 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:24,534 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:24,534 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:24,534 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:10:24,534 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:10:24,534 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:24,535 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:24,535 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:24,535 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 12f35b53fa21b1b526c5ccefe7a49d52db3501fafceaddf16f789eadd54f272a [2022-02-20 18:10:24,743 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:24,767 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:24,769 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:24,770 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:24,771 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:24,772 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c [2022-02-20 18:10:24,814 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2ee1152a7/0fd8456c888a4ef98e654d64cb67b16d/FLAG154af1d24 [2022-02-20 18:10:25,194 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:25,195 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c [2022-02-20 18:10:25,208 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2ee1152a7/0fd8456c888a4ef98e654d64cb67b16d/FLAG154af1d24 [2022-02-20 18:10:25,560 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2ee1152a7/0fd8456c888a4ef98e654d64cb67b16d [2022-02-20 18:10:25,562 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:25,563 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:25,564 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:25,564 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:25,566 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:25,567 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,568 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@30cf149a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25, skipping insertion in model container [2022-02-20 18:10:25,568 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,573 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:25,608 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:25,743 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c[4000,4013] [2022-02-20 18:10:25,822 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:25,834 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:25,862 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c[4000,4013] [2022-02-20 18:10:25,899 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:25,917 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:25,917 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25 WrapperNode [2022-02-20 18:10:25,918 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:25,918 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:25,918 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:25,918 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:25,926 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,943 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,969 INFO L137 Inliner]: procedures = 53, calls = 151, calls flagged for inlining = 23, calls inlined = 20, statements flattened = 246 [2022-02-20 18:10:25,969 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:25,970 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:25,970 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:25,970 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:25,976 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,976 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,978 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,978 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,998 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:26,002 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:26,006 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:26,011 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:26,012 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:26,013 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:26,013 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:26,014 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:26,019 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:26,028 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:26,039 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:26,044 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:26,066 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:26,067 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:26,067 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:26,067 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:26,067 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:26,067 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:26,068 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:26,068 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:26,068 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:26,069 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:10:26,069 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:26,069 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:26,069 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:26,069 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:26,158 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:26,159 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:26,513 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:26,527 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:26,527 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:26,528 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:26 BoogieIcfgContainer [2022-02-20 18:10:26,528 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:26,530 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:26,530 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:26,535 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:26,536 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:25" (1/3) ... [2022-02-20 18:10:26,536 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@396eea0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:26, skipping insertion in model container [2022-02-20 18:10:26,537 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25" (2/3) ... [2022-02-20 18:10:26,537 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@396eea0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:26, skipping insertion in model container [2022-02-20 18:10:26,537 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:26" (3/3) ... [2022-02-20 18:10:26,538 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product41.cil.c [2022-02-20 18:10:26,542 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:26,542 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:26,599 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:26,607 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:26,607 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:26,639 INFO L276 IsEmpty]: Start isEmpty. Operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:10:26,646 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:26,647 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:26,647 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:26,648 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:26,660 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:26,661 INFO L85 PathProgramCache]: Analyzing trace with hash 125055405, now seen corresponding path program 1 times [2022-02-20 18:10:26,667 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:26,667 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1354117401] [2022-02-20 18:10:26,668 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:26,668 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:26,809 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:26,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {77#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {77#true} is VALID [2022-02-20 18:10:26,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {77#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {77#true} is VALID [2022-02-20 18:10:26,892 INFO L290 TraceCheckUtils]: 2: Hoare triple {77#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {77#true} is VALID [2022-02-20 18:10:26,892 INFO L290 TraceCheckUtils]: 3: Hoare triple {77#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {77#true} is VALID [2022-02-20 18:10:26,893 INFO L290 TraceCheckUtils]: 4: Hoare triple {77#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {77#true} is VALID [2022-02-20 18:10:26,893 INFO L290 TraceCheckUtils]: 5: Hoare triple {77#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {77#true} is VALID [2022-02-20 18:10:26,893 INFO L290 TraceCheckUtils]: 6: Hoare triple {77#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {77#true} is VALID [2022-02-20 18:10:26,894 INFO L290 TraceCheckUtils]: 7: Hoare triple {77#true} assume false; {78#false} is VALID [2022-02-20 18:10:26,895 INFO L272 TraceCheckUtils]: 8: Hoare triple {78#false} call cleanup(); {78#false} is VALID [2022-02-20 18:10:26,896 INFO L290 TraceCheckUtils]: 9: Hoare triple {78#false} havoc ~i~0;havoc ~__cil_tmp2~0; {78#false} is VALID [2022-02-20 18:10:26,896 INFO L272 TraceCheckUtils]: 10: Hoare triple {78#false} call timeShift(); {78#false} is VALID [2022-02-20 18:10:26,896 INFO L290 TraceCheckUtils]: 11: Hoare triple {78#false} assume !(0 != ~pumpRunning~0); {78#false} is VALID [2022-02-20 18:10:26,896 INFO L290 TraceCheckUtils]: 12: Hoare triple {78#false} assume !(0 != ~systemActive~0); {78#false} is VALID [2022-02-20 18:10:26,897 INFO L290 TraceCheckUtils]: 13: Hoare triple {78#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {78#false} is VALID [2022-02-20 18:10:26,897 INFO L290 TraceCheckUtils]: 14: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {78#false} is VALID [2022-02-20 18:10:26,897 INFO L290 TraceCheckUtils]: 15: Hoare triple {78#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {78#false} is VALID [2022-02-20 18:10:26,898 INFO L290 TraceCheckUtils]: 16: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {78#false} is VALID [2022-02-20 18:10:26,898 INFO L290 TraceCheckUtils]: 17: Hoare triple {78#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {78#false} is VALID [2022-02-20 18:10:26,898 INFO L290 TraceCheckUtils]: 18: Hoare triple {78#false} assume !false; {78#false} is VALID [2022-02-20 18:10:26,899 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:26,900 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:26,900 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1354117401] [2022-02-20 18:10:26,900 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1354117401] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:26,901 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:26,901 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:26,902 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [412592996] [2022-02-20 18:10:26,903 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:26,907 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:26,908 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:26,911 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:26,937 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:26,937 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:26,938 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:26,954 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:26,955 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:26,958 INFO L87 Difference]: Start difference. First operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,063 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,063 INFO L93 Difference]: Finished difference Result 140 states and 193 transitions. [2022-02-20 18:10:27,063 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:27,064 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:27,064 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:27,065 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,074 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:27,078 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,085 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:27,091 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 193 transitions. [2022-02-20 18:10:27,247 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 193 edges. 193 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,258 INFO L225 Difference]: With dead ends: 140 [2022-02-20 18:10:27,258 INFO L226 Difference]: Without dead ends: 65 [2022-02-20 18:10:27,261 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:27,264 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 93 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:27,265 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 93 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:27,278 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 65 states. [2022-02-20 18:10:27,289 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 65 to 65. [2022-02-20 18:10:27,290 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:27,291 INFO L82 GeneralOperation]: Start isEquivalent. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,291 INFO L74 IsIncluded]: Start isIncluded. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,292 INFO L87 Difference]: Start difference. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,296 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,296 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:27,297 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:27,297 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,298 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,298 INFO L74 IsIncluded]: Start isIncluded. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:27,298 INFO L87 Difference]: Start difference. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:27,302 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,302 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:27,302 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:27,303 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,303 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,303 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:27,303 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:27,304 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,306 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 65 states to 65 states and 84 transitions. [2022-02-20 18:10:27,308 INFO L78 Accepts]: Start accepts. Automaton has 65 states and 84 transitions. Word has length 19 [2022-02-20 18:10:27,308 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:27,308 INFO L470 AbstractCegarLoop]: Abstraction has 65 states and 84 transitions. [2022-02-20 18:10:27,308 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,308 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:27,309 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:27,309 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:27,309 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:27,310 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:10:27,310 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:27,311 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:27,311 INFO L85 PathProgramCache]: Analyzing trace with hash 1087845428, now seen corresponding path program 1 times [2022-02-20 18:10:27,311 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:27,311 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1322964973] [2022-02-20 18:10:27,311 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:27,311 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:27,341 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {511#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {511#true} is VALID [2022-02-20 18:10:27,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {511#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {511#true} is VALID [2022-02-20 18:10:27,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {511#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {511#true} is VALID [2022-02-20 18:10:27,379 INFO L290 TraceCheckUtils]: 3: Hoare triple {511#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {511#true} is VALID [2022-02-20 18:10:27,379 INFO L290 TraceCheckUtils]: 4: Hoare triple {511#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {511#true} is VALID [2022-02-20 18:10:27,380 INFO L290 TraceCheckUtils]: 5: Hoare triple {511#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {511#true} is VALID [2022-02-20 18:10:27,380 INFO L290 TraceCheckUtils]: 6: Hoare triple {511#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {513#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:27,380 INFO L290 TraceCheckUtils]: 7: Hoare triple {513#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {513#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:27,381 INFO L290 TraceCheckUtils]: 8: Hoare triple {513#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {512#false} is VALID [2022-02-20 18:10:27,381 INFO L272 TraceCheckUtils]: 9: Hoare triple {512#false} call cleanup(); {512#false} is VALID [2022-02-20 18:10:27,381 INFO L290 TraceCheckUtils]: 10: Hoare triple {512#false} havoc ~i~0;havoc ~__cil_tmp2~0; {512#false} is VALID [2022-02-20 18:10:27,381 INFO L272 TraceCheckUtils]: 11: Hoare triple {512#false} call timeShift(); {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 12: Hoare triple {512#false} assume !(0 != ~pumpRunning~0); {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 13: Hoare triple {512#false} assume !(0 != ~systemActive~0); {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 14: Hoare triple {512#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 15: Hoare triple {512#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 16: Hoare triple {512#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 17: Hoare triple {512#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 18: Hoare triple {512#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {512#false} is VALID [2022-02-20 18:10:27,382 INFO L290 TraceCheckUtils]: 19: Hoare triple {512#false} assume !false; {512#false} is VALID [2022-02-20 18:10:27,383 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:27,383 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:27,383 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1322964973] [2022-02-20 18:10:27,383 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1322964973] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:27,383 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:27,383 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:27,384 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [64717989] [2022-02-20 18:10:27,384 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:27,385 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:27,385 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:27,385 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,402 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,402 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:27,403 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:27,403 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:27,403 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:27,404 INFO L87 Difference]: Start difference. First operand 65 states and 84 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,472 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,473 INFO L93 Difference]: Finished difference Result 96 states and 124 transitions. [2022-02-20 18:10:27,473 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:27,473 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:27,473 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:27,473 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,476 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 124 transitions. [2022-02-20 18:10:27,479 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,489 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 124 transitions. [2022-02-20 18:10:27,489 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 124 transitions. [2022-02-20 18:10:27,582 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,586 INFO L225 Difference]: With dead ends: 96 [2022-02-20 18:10:27,586 INFO L226 Difference]: Without dead ends: 56 [2022-02-20 18:10:27,589 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:27,592 INFO L933 BasicCegarLoop]: 71 mSDtfsCounter, 12 mSDsluCounter, 55 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 126 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:27,592 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 126 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:27,594 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2022-02-20 18:10:27,601 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 56. [2022-02-20 18:10:27,601 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:27,602 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,603 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,604 INFO L87 Difference]: Start difference. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,610 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,610 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:27,610 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:27,613 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,613 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,613 INFO L74 IsIncluded]: Start isIncluded. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:27,614 INFO L87 Difference]: Start difference. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:27,618 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,618 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:27,618 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:27,619 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,619 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,619 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:27,619 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:27,620 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,621 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 56 states to 56 states and 72 transitions. [2022-02-20 18:10:27,621 INFO L78 Accepts]: Start accepts. Automaton has 56 states and 72 transitions. Word has length 20 [2022-02-20 18:10:27,621 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:27,622 INFO L470 AbstractCegarLoop]: Abstraction has 56 states and 72 transitions. [2022-02-20 18:10:27,622 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,622 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:27,623 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:10:27,623 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:27,623 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:27,623 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:10:27,623 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:27,624 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:27,624 INFO L85 PathProgramCache]: Analyzing trace with hash 1276159455, now seen corresponding path program 1 times [2022-02-20 18:10:27,624 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:27,624 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1903249575] [2022-02-20 18:10:27,624 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:27,624 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:27,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,675 INFO L290 TraceCheckUtils]: 0: Hoare triple {850#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,676 INFO L290 TraceCheckUtils]: 1: Hoare triple {852#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,676 INFO L290 TraceCheckUtils]: 2: Hoare triple {852#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,677 INFO L290 TraceCheckUtils]: 3: Hoare triple {852#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,677 INFO L290 TraceCheckUtils]: 4: Hoare triple {852#(= 1 ~systemActive~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,678 INFO L290 TraceCheckUtils]: 5: Hoare triple {852#(= 1 ~systemActive~0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,678 INFO L290 TraceCheckUtils]: 6: Hoare triple {852#(= 1 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,678 INFO L290 TraceCheckUtils]: 7: Hoare triple {852#(= 1 ~systemActive~0)} assume !false; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,679 INFO L290 TraceCheckUtils]: 8: Hoare triple {852#(= 1 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,679 INFO L290 TraceCheckUtils]: 9: Hoare triple {852#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,680 INFO L290 TraceCheckUtils]: 10: Hoare triple {852#(= 1 ~systemActive~0)} assume !(0 != test_~tmp~4#1); {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,680 INFO L290 TraceCheckUtils]: 11: Hoare triple {852#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,680 INFO L290 TraceCheckUtils]: 12: Hoare triple {852#(= 1 ~systemActive~0)} assume !(0 != test_~tmp___0~1#1); {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,681 INFO L290 TraceCheckUtils]: 13: Hoare triple {852#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,681 INFO L290 TraceCheckUtils]: 14: Hoare triple {852#(= 1 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,682 INFO L272 TraceCheckUtils]: 15: Hoare triple {852#(= 1 ~systemActive~0)} call timeShift(); {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,682 INFO L290 TraceCheckUtils]: 16: Hoare triple {852#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {852#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,682 INFO L290 TraceCheckUtils]: 17: Hoare triple {852#(= 1 ~systemActive~0)} assume !(0 != ~systemActive~0); {851#false} is VALID [2022-02-20 18:10:27,682 INFO L290 TraceCheckUtils]: 18: Hoare triple {851#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {851#false} is VALID [2022-02-20 18:10:27,683 INFO L290 TraceCheckUtils]: 19: Hoare triple {851#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {851#false} is VALID [2022-02-20 18:10:27,683 INFO L290 TraceCheckUtils]: 20: Hoare triple {851#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {851#false} is VALID [2022-02-20 18:10:27,683 INFO L290 TraceCheckUtils]: 21: Hoare triple {851#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {851#false} is VALID [2022-02-20 18:10:27,683 INFO L290 TraceCheckUtils]: 22: Hoare triple {851#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {851#false} is VALID [2022-02-20 18:10:27,683 INFO L290 TraceCheckUtils]: 23: Hoare triple {851#false} assume !false; {851#false} is VALID [2022-02-20 18:10:27,684 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:27,685 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:27,688 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1903249575] [2022-02-20 18:10:27,688 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1903249575] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:27,688 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:27,688 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:27,688 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1416660305] [2022-02-20 18:10:27,688 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:27,688 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:27,692 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:27,692 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,723 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,723 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:27,724 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:27,724 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:27,724 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:27,724 INFO L87 Difference]: Start difference. First operand 56 states and 72 transitions. Second operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,783 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,783 INFO L93 Difference]: Finished difference Result 105 states and 138 transitions. [2022-02-20 18:10:27,783 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:27,783 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:27,783 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:27,784 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,785 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 138 transitions. [2022-02-20 18:10:27,785 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,787 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 138 transitions. [2022-02-20 18:10:27,787 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 138 transitions. [2022-02-20 18:10:27,880 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 138 edges. 138 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,882 INFO L225 Difference]: With dead ends: 105 [2022-02-20 18:10:27,882 INFO L226 Difference]: Without dead ends: 56 [2022-02-20 18:10:27,884 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:27,889 INFO L933 BasicCegarLoop]: 70 mSDtfsCounter, 54 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 54 SdHoareTripleChecker+Valid, 70 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:27,890 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [54 Valid, 70 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:27,891 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2022-02-20 18:10:27,900 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 56. [2022-02-20 18:10:27,900 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:27,900 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,900 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,900 INFO L87 Difference]: Start difference. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,902 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,902 INFO L93 Difference]: Finished difference Result 56 states and 71 transitions. [2022-02-20 18:10:27,902 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 71 transitions. [2022-02-20 18:10:27,902 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,903 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,903 INFO L74 IsIncluded]: Start isIncluded. First operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:27,903 INFO L87 Difference]: Start difference. First operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:27,904 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,904 INFO L93 Difference]: Finished difference Result 56 states and 71 transitions. [2022-02-20 18:10:27,904 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 71 transitions. [2022-02-20 18:10:27,904 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,904 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,905 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:27,905 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:27,905 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,906 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 56 states to 56 states and 71 transitions. [2022-02-20 18:10:27,906 INFO L78 Accepts]: Start accepts. Automaton has 56 states and 71 transitions. Word has length 24 [2022-02-20 18:10:27,906 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:27,906 INFO L470 AbstractCegarLoop]: Abstraction has 56 states and 71 transitions. [2022-02-20 18:10:27,906 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,907 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 71 transitions. [2022-02-20 18:10:27,907 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:10:27,907 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:27,907 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:27,907 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:10:27,908 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:27,908 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:27,908 INFO L85 PathProgramCache]: Analyzing trace with hash -384200528, now seen corresponding path program 1 times [2022-02-20 18:10:27,908 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:27,908 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [797921975] [2022-02-20 18:10:27,908 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:27,908 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:27,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:10:27,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {1199#true} assume true; {1199#true} is VALID [2022-02-20 18:10:27,967 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1199#true} {1200#false} #213#return; {1200#false} is VALID [2022-02-20 18:10:27,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {1199#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {1201#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {1201#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,969 INFO L290 TraceCheckUtils]: 3: Hoare triple {1201#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,969 INFO L290 TraceCheckUtils]: 4: Hoare triple {1201#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,970 INFO L290 TraceCheckUtils]: 5: Hoare triple {1201#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,970 INFO L290 TraceCheckUtils]: 6: Hoare triple {1201#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,970 INFO L290 TraceCheckUtils]: 7: Hoare triple {1201#(= ~pumpRunning~0 0)} assume !false; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,971 INFO L290 TraceCheckUtils]: 8: Hoare triple {1201#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,971 INFO L290 TraceCheckUtils]: 9: Hoare triple {1201#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,971 INFO L290 TraceCheckUtils]: 10: Hoare triple {1201#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~4#1); {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,972 INFO L290 TraceCheckUtils]: 11: Hoare triple {1201#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,972 INFO L290 TraceCheckUtils]: 12: Hoare triple {1201#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~1#1); {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,972 INFO L290 TraceCheckUtils]: 13: Hoare triple {1201#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,973 INFO L290 TraceCheckUtils]: 14: Hoare triple {1201#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,973 INFO L272 TraceCheckUtils]: 15: Hoare triple {1201#(= ~pumpRunning~0 0)} call timeShift(); {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,974 INFO L290 TraceCheckUtils]: 16: Hoare triple {1201#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,974 INFO L290 TraceCheckUtils]: 17: Hoare triple {1201#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {1201#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:27,974 INFO L290 TraceCheckUtils]: 18: Hoare triple {1201#(= ~pumpRunning~0 0)} assume !(0 == ~pumpRunning~0); {1200#false} is VALID [2022-02-20 18:10:27,975 INFO L272 TraceCheckUtils]: 19: Hoare triple {1200#false} call processEnvironment__wrappee__base(); {1199#true} is VALID [2022-02-20 18:10:27,975 INFO L290 TraceCheckUtils]: 20: Hoare triple {1199#true} assume true; {1199#true} is VALID [2022-02-20 18:10:27,975 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {1199#true} {1200#false} #213#return; {1200#false} is VALID [2022-02-20 18:10:27,975 INFO L290 TraceCheckUtils]: 22: Hoare triple {1200#false} assume { :end_inline_processEnvironment } true; {1200#false} is VALID [2022-02-20 18:10:27,975 INFO L290 TraceCheckUtils]: 23: Hoare triple {1200#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1200#false} is VALID [2022-02-20 18:10:27,975 INFO L290 TraceCheckUtils]: 24: Hoare triple {1200#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {1200#false} is VALID [2022-02-20 18:10:27,976 INFO L290 TraceCheckUtils]: 25: Hoare triple {1200#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {1200#false} is VALID [2022-02-20 18:10:27,976 INFO L290 TraceCheckUtils]: 26: Hoare triple {1200#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {1200#false} is VALID [2022-02-20 18:10:27,976 INFO L290 TraceCheckUtils]: 27: Hoare triple {1200#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1200#false} is VALID [2022-02-20 18:10:27,976 INFO L290 TraceCheckUtils]: 28: Hoare triple {1200#false} assume !false; {1200#false} is VALID [2022-02-20 18:10:27,976 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:27,977 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:27,977 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [797921975] [2022-02-20 18:10:27,977 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [797921975] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:27,977 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:27,977 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:27,977 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [375371513] [2022-02-20 18:10:27,977 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:27,978 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:27,978 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:27,978 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:27,996 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,996 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:27,997 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:27,997 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:27,997 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:27,997 INFO L87 Difference]: Start difference. First operand 56 states and 71 transitions. Second operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,078 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,079 INFO L93 Difference]: Finished difference Result 140 states and 182 transitions. [2022-02-20 18:10:28,079 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:28,079 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:28,079 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:28,079 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,082 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 182 transitions. [2022-02-20 18:10:28,082 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,084 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 182 transitions. [2022-02-20 18:10:28,084 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 182 transitions. [2022-02-20 18:10:28,188 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 182 edges. 182 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,190 INFO L225 Difference]: With dead ends: 140 [2022-02-20 18:10:28,190 INFO L226 Difference]: Without dead ends: 91 [2022-02-20 18:10:28,190 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:28,191 INFO L933 BasicCegarLoop]: 72 mSDtfsCounter, 45 mSDsluCounter, 45 mSDsCounter, 0 mSdLazyCounter, 7 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 117 SdHoareTripleChecker+Invalid, 10 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 7 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:28,191 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 117 Invalid, 10 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 7 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:28,192 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2022-02-20 18:10:28,196 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 89. [2022-02-20 18:10:28,199 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:28,200 INFO L82 GeneralOperation]: Start isEquivalent. First operand 91 states. Second operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,200 INFO L74 IsIncluded]: Start isIncluded. First operand 91 states. Second operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,202 INFO L87 Difference]: Start difference. First operand 91 states. Second operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,205 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,205 INFO L93 Difference]: Finished difference Result 91 states and 114 transitions. [2022-02-20 18:10:28,205 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 114 transitions. [2022-02-20 18:10:28,205 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,206 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,206 INFO L74 IsIncluded]: Start isIncluded. First operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 91 states. [2022-02-20 18:10:28,206 INFO L87 Difference]: Start difference. First operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 91 states. [2022-02-20 18:10:28,208 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,208 INFO L93 Difference]: Finished difference Result 91 states and 114 transitions. [2022-02-20 18:10:28,208 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 114 transitions. [2022-02-20 18:10:28,209 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,209 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,209 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:28,209 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:28,209 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,211 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 89 states to 89 states and 113 transitions. [2022-02-20 18:10:28,211 INFO L78 Accepts]: Start accepts. Automaton has 89 states and 113 transitions. Word has length 29 [2022-02-20 18:10:28,211 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:28,211 INFO L470 AbstractCegarLoop]: Abstraction has 89 states and 113 transitions. [2022-02-20 18:10:28,211 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,212 INFO L276 IsEmpty]: Start isEmpty. Operand 89 states and 113 transitions. [2022-02-20 18:10:28,212 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-02-20 18:10:28,212 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:28,212 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:28,212 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:10:28,212 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:28,213 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:28,213 INFO L85 PathProgramCache]: Analyzing trace with hash 234187366, now seen corresponding path program 1 times [2022-02-20 18:10:28,213 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:28,213 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1232909223] [2022-02-20 18:10:28,213 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:28,213 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:28,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:10:28,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {1714#true} assume true; {1714#true} is VALID [2022-02-20 18:10:28,263 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1714#true} {1715#false} #211#return; {1715#false} is VALID [2022-02-20 18:10:28,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {1714#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {1714#true} is VALID [2022-02-20 18:10:28,263 INFO L290 TraceCheckUtils]: 1: Hoare triple {1714#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1714#true} is VALID [2022-02-20 18:10:28,263 INFO L290 TraceCheckUtils]: 2: Hoare triple {1714#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1714#true} is VALID [2022-02-20 18:10:28,263 INFO L290 TraceCheckUtils]: 3: Hoare triple {1714#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 4: Hoare triple {1714#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 5: Hoare triple {1714#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 6: Hoare triple {1714#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 7: Hoare triple {1714#true} assume !false; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 8: Hoare triple {1714#true} assume test_~splverifierCounter~0#1 < 4; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 9: Hoare triple {1714#true} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 10: Hoare triple {1714#true} assume !(0 != test_~tmp~4#1); {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 11: Hoare triple {1714#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 12: Hoare triple {1714#true} assume !(0 != test_~tmp___0~1#1); {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 13: Hoare triple {1714#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {1714#true} is VALID [2022-02-20 18:10:28,264 INFO L290 TraceCheckUtils]: 14: Hoare triple {1714#true} assume 0 != test_~tmp___2~0#1; {1714#true} is VALID [2022-02-20 18:10:28,265 INFO L272 TraceCheckUtils]: 15: Hoare triple {1714#true} call timeShift(); {1714#true} is VALID [2022-02-20 18:10:28,265 INFO L290 TraceCheckUtils]: 16: Hoare triple {1714#true} assume !(0 != ~pumpRunning~0); {1714#true} is VALID [2022-02-20 18:10:28,265 INFO L290 TraceCheckUtils]: 17: Hoare triple {1714#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {1714#true} is VALID [2022-02-20 18:10:28,265 INFO L290 TraceCheckUtils]: 18: Hoare triple {1714#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {1714#true} is VALID [2022-02-20 18:10:28,265 INFO L290 TraceCheckUtils]: 19: Hoare triple {1714#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {1716#(= |timeShift_isHighWaterSensorDry_#res#1| 1)} is VALID [2022-02-20 18:10:28,266 INFO L290 TraceCheckUtils]: 20: Hoare triple {1716#(= |timeShift_isHighWaterSensorDry_#res#1| 1)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {1717#(= (+ |timeShift_isHighWaterLevel_~tmp~7#1| (- 1)) 0)} is VALID [2022-02-20 18:10:28,266 INFO L290 TraceCheckUtils]: 21: Hoare triple {1717#(= (+ |timeShift_isHighWaterLevel_~tmp~7#1| (- 1)) 0)} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1; {1715#false} is VALID [2022-02-20 18:10:28,266 INFO L290 TraceCheckUtils]: 22: Hoare triple {1715#false} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {1715#false} is VALID [2022-02-20 18:10:28,266 INFO L290 TraceCheckUtils]: 23: Hoare triple {1715#false} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {1715#false} is VALID [2022-02-20 18:10:28,266 INFO L290 TraceCheckUtils]: 24: Hoare triple {1715#false} assume !(0 != processEnvironment_~tmp~5#1); {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L272 TraceCheckUtils]: 25: Hoare triple {1715#false} call processEnvironment__wrappee__base(); {1714#true} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 26: Hoare triple {1714#true} assume true; {1714#true} is VALID [2022-02-20 18:10:28,267 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {1714#true} {1715#false} #211#return; {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 28: Hoare triple {1715#false} assume { :end_inline_processEnvironment } true; {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 29: Hoare triple {1715#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 30: Hoare triple {1715#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 31: Hoare triple {1715#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 32: Hoare triple {1715#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 33: Hoare triple {1715#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1715#false} is VALID [2022-02-20 18:10:28,267 INFO L290 TraceCheckUtils]: 34: Hoare triple {1715#false} assume !false; {1715#false} is VALID [2022-02-20 18:10:28,268 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:28,268 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:28,268 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1232909223] [2022-02-20 18:10:28,268 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1232909223] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:28,268 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:28,268 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:28,268 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [537456724] [2022-02-20 18:10:28,268 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:28,269 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:28,269 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:28,269 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,287 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,289 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:10:28,289 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:28,289 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:10:28,289 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:10:28,290 INFO L87 Difference]: Start difference. First operand 89 states and 113 transitions. Second operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,406 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,406 INFO L93 Difference]: Finished difference Result 203 states and 264 transitions. [2022-02-20 18:10:28,406 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:10:28,406 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:28,407 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:28,407 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,408 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 163 transitions. [2022-02-20 18:10:28,409 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 163 transitions. [2022-02-20 18:10:28,410 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 163 transitions. [2022-02-20 18:10:28,514 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 163 edges. 163 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,516 INFO L225 Difference]: With dead ends: 203 [2022-02-20 18:10:28,517 INFO L226 Difference]: Without dead ends: 121 [2022-02-20 18:10:28,517 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:28,518 INFO L933 BasicCegarLoop]: 70 mSDtfsCounter, 45 mSDsluCounter, 134 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 204 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:28,518 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 204 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:28,519 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 121 states. [2022-02-20 18:10:28,526 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 121 to 91. [2022-02-20 18:10:28,526 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:28,527 INFO L82 GeneralOperation]: Start isEquivalent. First operand 121 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,527 INFO L74 IsIncluded]: Start isIncluded. First operand 121 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,535 INFO L87 Difference]: Start difference. First operand 121 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,538 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,538 INFO L93 Difference]: Finished difference Result 121 states and 153 transitions. [2022-02-20 18:10:28,538 INFO L276 IsEmpty]: Start isEmpty. Operand 121 states and 153 transitions. [2022-02-20 18:10:28,539 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,539 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,539 INFO L74 IsIncluded]: Start isIncluded. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 121 states. [2022-02-20 18:10:28,539 INFO L87 Difference]: Start difference. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 121 states. [2022-02-20 18:10:28,543 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,543 INFO L93 Difference]: Finished difference Result 121 states and 153 transitions. [2022-02-20 18:10:28,543 INFO L276 IsEmpty]: Start isEmpty. Operand 121 states and 153 transitions. [2022-02-20 18:10:28,543 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,543 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,543 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:28,543 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:28,544 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,546 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 91 states to 91 states and 115 transitions. [2022-02-20 18:10:28,546 INFO L78 Accepts]: Start accepts. Automaton has 91 states and 115 transitions. Word has length 35 [2022-02-20 18:10:28,546 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:28,546 INFO L470 AbstractCegarLoop]: Abstraction has 91 states and 115 transitions. [2022-02-20 18:10:28,546 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,546 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 115 transitions. [2022-02-20 18:10:28,550 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-02-20 18:10:28,550 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:28,550 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:28,550 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:10:28,550 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:28,551 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:28,551 INFO L85 PathProgramCache]: Analyzing trace with hash 1245304616, now seen corresponding path program 1 times [2022-02-20 18:10:28,551 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:28,551 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [189922513] [2022-02-20 18:10:28,551 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:28,551 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:28,597 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:10:28,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {2387#true} assume true; {2387#true} is VALID [2022-02-20 18:10:28,653 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {2387#true} {2390#(not (= ~waterLevel~0 0))} #211#return; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {2387#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,655 INFO L290 TraceCheckUtils]: 1: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,656 INFO L290 TraceCheckUtils]: 3: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,656 INFO L290 TraceCheckUtils]: 4: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,657 INFO L290 TraceCheckUtils]: 5: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,657 INFO L290 TraceCheckUtils]: 6: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,657 INFO L290 TraceCheckUtils]: 7: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume !false; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,658 INFO L290 TraceCheckUtils]: 8: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,658 INFO L290 TraceCheckUtils]: 9: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,658 INFO L290 TraceCheckUtils]: 10: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume !(0 != test_~tmp~4#1); {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,659 INFO L290 TraceCheckUtils]: 11: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,659 INFO L290 TraceCheckUtils]: 12: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume !(0 != test_~tmp___0~1#1); {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,659 INFO L290 TraceCheckUtils]: 13: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,660 INFO L290 TraceCheckUtils]: 14: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,660 INFO L272 TraceCheckUtils]: 15: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} call timeShift(); {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,660 INFO L290 TraceCheckUtils]: 16: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {2389#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:10:28,661 INFO L290 TraceCheckUtils]: 17: Hoare triple {2389#(= ~waterLevel~0 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,661 INFO L290 TraceCheckUtils]: 18: Hoare triple {2390#(not (= ~waterLevel~0 0))} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,662 INFO L290 TraceCheckUtils]: 19: Hoare triple {2390#(not (= ~waterLevel~0 0))} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,662 INFO L290 TraceCheckUtils]: 20: Hoare triple {2390#(not (= ~waterLevel~0 0))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,662 INFO L290 TraceCheckUtils]: 21: Hoare triple {2390#(not (= ~waterLevel~0 0))} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~2#1 := 0; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,663 INFO L290 TraceCheckUtils]: 22: Hoare triple {2390#(not (= ~waterLevel~0 0))} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,663 INFO L290 TraceCheckUtils]: 23: Hoare triple {2390#(not (= ~waterLevel~0 0))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,663 INFO L290 TraceCheckUtils]: 24: Hoare triple {2390#(not (= ~waterLevel~0 0))} assume !(0 != processEnvironment_~tmp~5#1); {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,664 INFO L272 TraceCheckUtils]: 25: Hoare triple {2390#(not (= ~waterLevel~0 0))} call processEnvironment__wrappee__base(); {2387#true} is VALID [2022-02-20 18:10:28,664 INFO L290 TraceCheckUtils]: 26: Hoare triple {2387#true} assume true; {2387#true} is VALID [2022-02-20 18:10:28,664 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {2387#true} {2390#(not (= ~waterLevel~0 0))} #211#return; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,664 INFO L290 TraceCheckUtils]: 28: Hoare triple {2390#(not (= ~waterLevel~0 0))} assume { :end_inline_processEnvironment } true; {2390#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,665 INFO L290 TraceCheckUtils]: 29: Hoare triple {2390#(not (= ~waterLevel~0 0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {2393#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:10:28,665 INFO L290 TraceCheckUtils]: 30: Hoare triple {2393#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {2394#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| 0))} is VALID [2022-02-20 18:10:28,665 INFO L290 TraceCheckUtils]: 31: Hoare triple {2394#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {2388#false} is VALID [2022-02-20 18:10:28,666 INFO L290 TraceCheckUtils]: 32: Hoare triple {2388#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {2388#false} is VALID [2022-02-20 18:10:28,666 INFO L290 TraceCheckUtils]: 33: Hoare triple {2388#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {2388#false} is VALID [2022-02-20 18:10:28,666 INFO L290 TraceCheckUtils]: 34: Hoare triple {2388#false} assume !false; {2388#false} is VALID [2022-02-20 18:10:28,667 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:28,667 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:28,667 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [189922513] [2022-02-20 18:10:28,667 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [189922513] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:28,667 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:28,667 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:10:28,667 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [626825092] [2022-02-20 18:10:28,668 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:28,668 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 6 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:28,668 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:28,668 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 6 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,689 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,689 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:28,690 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:28,690 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:28,690 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:28,690 INFO L87 Difference]: Start difference. First operand 91 states and 115 transitions. Second operand has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 6 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,056 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,056 INFO L93 Difference]: Finished difference Result 335 states and 462 transitions. [2022-02-20 18:10:29,057 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:10:29,057 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 6 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:29,057 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:29,057 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 6 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,060 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 269 transitions. [2022-02-20 18:10:29,060 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 6 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,063 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 269 transitions. [2022-02-20 18:10:29,064 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 269 transitions. [2022-02-20 18:10:29,222 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 269 edges. 269 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:29,228 INFO L225 Difference]: With dead ends: 335 [2022-02-20 18:10:29,228 INFO L226 Difference]: Without dead ends: 251 [2022-02-20 18:10:29,229 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:10:29,230 INFO L933 BasicCegarLoop]: 77 mSDtfsCounter, 141 mSDsluCounter, 307 mSDsCounter, 0 mSdLazyCounter, 65 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 141 SdHoareTripleChecker+Valid, 384 SdHoareTripleChecker+Invalid, 90 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 65 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:29,231 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [141 Valid, 384 Invalid, 90 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 65 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:29,233 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 251 states. [2022-02-20 18:10:29,253 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 251 to 241. [2022-02-20 18:10:29,253 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:29,253 INFO L82 GeneralOperation]: Start isEquivalent. First operand 251 states. Second operand has 241 states, 194 states have (on average 1.2989690721649485) internal successors, (252), 213 states have internal predecessors, (252), 22 states have call successors, (22), 22 states have call predecessors, (22), 24 states have return successors, (42), 24 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:29,254 INFO L74 IsIncluded]: Start isIncluded. First operand 251 states. Second operand has 241 states, 194 states have (on average 1.2989690721649485) internal successors, (252), 213 states have internal predecessors, (252), 22 states have call successors, (22), 22 states have call predecessors, (22), 24 states have return successors, (42), 24 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:29,254 INFO L87 Difference]: Start difference. First operand 251 states. Second operand has 241 states, 194 states have (on average 1.2989690721649485) internal successors, (252), 213 states have internal predecessors, (252), 22 states have call successors, (22), 22 states have call predecessors, (22), 24 states have return successors, (42), 24 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:29,261 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,261 INFO L93 Difference]: Finished difference Result 251 states and 338 transitions. [2022-02-20 18:10:29,261 INFO L276 IsEmpty]: Start isEmpty. Operand 251 states and 338 transitions. [2022-02-20 18:10:29,262 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:29,262 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:29,262 INFO L74 IsIncluded]: Start isIncluded. First operand has 241 states, 194 states have (on average 1.2989690721649485) internal successors, (252), 213 states have internal predecessors, (252), 22 states have call successors, (22), 22 states have call predecessors, (22), 24 states have return successors, (42), 24 states have call predecessors, (42), 22 states have call successors, (42) Second operand 251 states. [2022-02-20 18:10:29,264 INFO L87 Difference]: Start difference. First operand has 241 states, 194 states have (on average 1.2989690721649485) internal successors, (252), 213 states have internal predecessors, (252), 22 states have call successors, (22), 22 states have call predecessors, (22), 24 states have return successors, (42), 24 states have call predecessors, (42), 22 states have call successors, (42) Second operand 251 states. [2022-02-20 18:10:29,274 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,274 INFO L93 Difference]: Finished difference Result 251 states and 338 transitions. [2022-02-20 18:10:29,274 INFO L276 IsEmpty]: Start isEmpty. Operand 251 states and 338 transitions. [2022-02-20 18:10:29,275 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:29,275 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:29,275 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:29,275 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:29,275 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 241 states, 194 states have (on average 1.2989690721649485) internal successors, (252), 213 states have internal predecessors, (252), 22 states have call successors, (22), 22 states have call predecessors, (22), 24 states have return successors, (42), 24 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:29,284 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 241 states to 241 states and 316 transitions. [2022-02-20 18:10:29,284 INFO L78 Accepts]: Start accepts. Automaton has 241 states and 316 transitions. Word has length 35 [2022-02-20 18:10:29,285 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:29,286 INFO L470 AbstractCegarLoop]: Abstraction has 241 states and 316 transitions. [2022-02-20 18:10:29,286 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 6 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,286 INFO L276 IsEmpty]: Start isEmpty. Operand 241 states and 316 transitions. [2022-02-20 18:10:29,288 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-20 18:10:29,288 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:29,288 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:29,288 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:10:29,288 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:29,289 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:29,289 INFO L85 PathProgramCache]: Analyzing trace with hash -2121318334, now seen corresponding path program 1 times [2022-02-20 18:10:29,289 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:29,289 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1477649881] [2022-02-20 18:10:29,289 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:29,289 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:29,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:29,347 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:29,350 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:29,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {3737#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {3727#true} is VALID [2022-02-20 18:10:29,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {3727#true} assume true; {3727#true} is VALID [2022-02-20 18:10:29,353 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3727#true} {3729#(= ~pumpRunning~0 0)} #215#return; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-02-20 18:10:29,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:29,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {3727#true} assume true; {3727#true} is VALID [2022-02-20 18:10:29,356 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {3727#true} {3729#(= ~pumpRunning~0 0)} #211#return; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {3727#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {3729#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {3729#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,364 INFO L290 TraceCheckUtils]: 3: Hoare triple {3729#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,364 INFO L290 TraceCheckUtils]: 4: Hoare triple {3729#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,364 INFO L290 TraceCheckUtils]: 5: Hoare triple {3729#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,365 INFO L290 TraceCheckUtils]: 6: Hoare triple {3729#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,365 INFO L290 TraceCheckUtils]: 7: Hoare triple {3729#(= ~pumpRunning~0 0)} assume !false; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,365 INFO L290 TraceCheckUtils]: 8: Hoare triple {3729#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,366 INFO L290 TraceCheckUtils]: 9: Hoare triple {3729#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,366 INFO L290 TraceCheckUtils]: 10: Hoare triple {3729#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~4#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,366 INFO L272 TraceCheckUtils]: 11: Hoare triple {3729#(= ~pumpRunning~0 0)} call waterRise(); {3737#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:29,366 INFO L290 TraceCheckUtils]: 12: Hoare triple {3737#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {3727#true} is VALID [2022-02-20 18:10:29,367 INFO L290 TraceCheckUtils]: 13: Hoare triple {3727#true} assume true; {3727#true} is VALID [2022-02-20 18:10:29,368 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {3727#true} {3729#(= ~pumpRunning~0 0)} #215#return; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,370 INFO L290 TraceCheckUtils]: 15: Hoare triple {3729#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,371 INFO L290 TraceCheckUtils]: 16: Hoare triple {3729#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~1#1); {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,371 INFO L290 TraceCheckUtils]: 17: Hoare triple {3729#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,371 INFO L290 TraceCheckUtils]: 18: Hoare triple {3729#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,372 INFO L272 TraceCheckUtils]: 19: Hoare triple {3729#(= ~pumpRunning~0 0)} call timeShift(); {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,372 INFO L290 TraceCheckUtils]: 20: Hoare triple {3729#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,372 INFO L290 TraceCheckUtils]: 21: Hoare triple {3729#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,372 INFO L290 TraceCheckUtils]: 22: Hoare triple {3729#(= ~pumpRunning~0 0)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,373 INFO L290 TraceCheckUtils]: 23: Hoare triple {3729#(= ~pumpRunning~0 0)} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,373 INFO L290 TraceCheckUtils]: 24: Hoare triple {3729#(= ~pumpRunning~0 0)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,373 INFO L290 TraceCheckUtils]: 25: Hoare triple {3729#(= ~pumpRunning~0 0)} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~2#1 := 0; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,373 INFO L290 TraceCheckUtils]: 26: Hoare triple {3729#(= ~pumpRunning~0 0)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,374 INFO L290 TraceCheckUtils]: 27: Hoare triple {3729#(= ~pumpRunning~0 0)} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,374 INFO L290 TraceCheckUtils]: 28: Hoare triple {3729#(= ~pumpRunning~0 0)} assume !(0 != processEnvironment_~tmp~5#1); {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,374 INFO L272 TraceCheckUtils]: 29: Hoare triple {3729#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {3727#true} is VALID [2022-02-20 18:10:29,374 INFO L290 TraceCheckUtils]: 30: Hoare triple {3727#true} assume true; {3727#true} is VALID [2022-02-20 18:10:29,387 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {3727#true} {3729#(= ~pumpRunning~0 0)} #211#return; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,388 INFO L290 TraceCheckUtils]: 32: Hoare triple {3729#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,388 INFO L290 TraceCheckUtils]: 33: Hoare triple {3729#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,388 INFO L290 TraceCheckUtils]: 34: Hoare triple {3729#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {3729#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:29,389 INFO L290 TraceCheckUtils]: 35: Hoare triple {3729#(= ~pumpRunning~0 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {3735#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:10:29,389 INFO L290 TraceCheckUtils]: 36: Hoare triple {3735#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {3736#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:10:29,390 INFO L290 TraceCheckUtils]: 37: Hoare triple {3736#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~0#1| 0)} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {3728#false} is VALID [2022-02-20 18:10:29,390 INFO L290 TraceCheckUtils]: 38: Hoare triple {3728#false} assume !false; {3728#false} is VALID [2022-02-20 18:10:29,390 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:29,390 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:29,390 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1477649881] [2022-02-20 18:10:29,390 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1477649881] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:29,390 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:29,390 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:10:29,390 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [933198169] [2022-02-20 18:10:29,390 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:29,391 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 39 [2022-02-20 18:10:29,391 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:29,391 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:10:29,417 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:29,417 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:29,418 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:29,418 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:29,418 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:29,418 INFO L87 Difference]: Start difference. First operand 241 states and 316 transitions. Second operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:10:29,749 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,749 INFO L93 Difference]: Finished difference Result 318 states and 413 transitions. [2022-02-20 18:10:29,749 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:29,749 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 39 [2022-02-20 18:10:29,750 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:29,750 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:10:29,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 179 transitions. [2022-02-20 18:10:29,752 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:10:29,754 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 179 transitions. [2022-02-20 18:10:29,754 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 179 transitions. [2022-02-20 18:10:29,874 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 179 edges. 179 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:29,883 INFO L225 Difference]: With dead ends: 318 [2022-02-20 18:10:29,883 INFO L226 Difference]: Without dead ends: 316 [2022-02-20 18:10:29,884 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 12 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=45, Invalid=87, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:10:29,885 INFO L933 BasicCegarLoop]: 78 mSDtfsCounter, 114 mSDsluCounter, 245 mSDsCounter, 0 mSdLazyCounter, 96 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 116 SdHoareTripleChecker+Valid, 323 SdHoareTripleChecker+Invalid, 112 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 96 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:29,885 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [116 Valid, 323 Invalid, 112 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 96 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:29,886 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 316 states. [2022-02-20 18:10:29,923 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 316 to 302. [2022-02-20 18:10:29,923 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:29,924 INFO L82 GeneralOperation]: Start isEquivalent. First operand 316 states. Second operand has 302 states, 248 states have (on average 1.2701612903225807) internal successors, (315), 274 states have internal predecessors, (315), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (51), 27 states have call predecessors, (51), 25 states have call successors, (51) [2022-02-20 18:10:29,925 INFO L74 IsIncluded]: Start isIncluded. First operand 316 states. Second operand has 302 states, 248 states have (on average 1.2701612903225807) internal successors, (315), 274 states have internal predecessors, (315), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (51), 27 states have call predecessors, (51), 25 states have call successors, (51) [2022-02-20 18:10:29,926 INFO L87 Difference]: Start difference. First operand 316 states. Second operand has 302 states, 248 states have (on average 1.2701612903225807) internal successors, (315), 274 states have internal predecessors, (315), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (51), 27 states have call predecessors, (51), 25 states have call successors, (51) [2022-02-20 18:10:29,944 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,944 INFO L93 Difference]: Finished difference Result 316 states and 410 transitions. [2022-02-20 18:10:29,945 INFO L276 IsEmpty]: Start isEmpty. Operand 316 states and 410 transitions. [2022-02-20 18:10:29,946 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:29,946 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:29,947 INFO L74 IsIncluded]: Start isIncluded. First operand has 302 states, 248 states have (on average 1.2701612903225807) internal successors, (315), 274 states have internal predecessors, (315), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (51), 27 states have call predecessors, (51), 25 states have call successors, (51) Second operand 316 states. [2022-02-20 18:10:29,948 INFO L87 Difference]: Start difference. First operand has 302 states, 248 states have (on average 1.2701612903225807) internal successors, (315), 274 states have internal predecessors, (315), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (51), 27 states have call predecessors, (51), 25 states have call successors, (51) Second operand 316 states. [2022-02-20 18:10:29,956 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,956 INFO L93 Difference]: Finished difference Result 316 states and 410 transitions. [2022-02-20 18:10:29,956 INFO L276 IsEmpty]: Start isEmpty. Operand 316 states and 410 transitions. [2022-02-20 18:10:29,957 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:29,957 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:29,957 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:29,957 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:29,959 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 302 states, 248 states have (on average 1.2701612903225807) internal successors, (315), 274 states have internal predecessors, (315), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (51), 27 states have call predecessors, (51), 25 states have call successors, (51) [2022-02-20 18:10:29,966 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 302 states to 302 states and 391 transitions. [2022-02-20 18:10:29,966 INFO L78 Accepts]: Start accepts. Automaton has 302 states and 391 transitions. Word has length 39 [2022-02-20 18:10:29,966 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:29,966 INFO L470 AbstractCegarLoop]: Abstraction has 302 states and 391 transitions. [2022-02-20 18:10:29,966 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:10:29,966 INFO L276 IsEmpty]: Start isEmpty. Operand 302 states and 391 transitions. [2022-02-20 18:10:29,968 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 18:10:29,968 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:29,968 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:29,968 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:10:29,969 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:29,969 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:29,969 INFO L85 PathProgramCache]: Analyzing trace with hash 113843845, now seen corresponding path program 1 times [2022-02-20 18:10:29,969 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:29,969 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2125200676] [2022-02-20 18:10:29,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:29,969 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:29,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:30,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {5281#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5273#true} is VALID [2022-02-20 18:10:30,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {5273#true} assume true; {5273#true} is VALID [2022-02-20 18:10:30,016 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5273#true} {5273#true} #215#return; {5273#true} is VALID [2022-02-20 18:10:30,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {5273#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {5273#true} is VALID [2022-02-20 18:10:30,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {5273#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {5273#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 3: Hoare triple {5273#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 4: Hoare triple {5273#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 5: Hoare triple {5273#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 6: Hoare triple {5273#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 7: Hoare triple {5273#true} assume !false; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 8: Hoare triple {5273#true} assume test_~splverifierCounter~0#1 < 4; {5273#true} is VALID [2022-02-20 18:10:30,017 INFO L290 TraceCheckUtils]: 9: Hoare triple {5273#true} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {5273#true} is VALID [2022-02-20 18:10:30,018 INFO L290 TraceCheckUtils]: 10: Hoare triple {5273#true} assume 0 != test_~tmp~4#1; {5273#true} is VALID [2022-02-20 18:10:30,018 INFO L272 TraceCheckUtils]: 11: Hoare triple {5273#true} call waterRise(); {5281#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:30,018 INFO L290 TraceCheckUtils]: 12: Hoare triple {5281#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5273#true} is VALID [2022-02-20 18:10:30,018 INFO L290 TraceCheckUtils]: 13: Hoare triple {5273#true} assume true; {5273#true} is VALID [2022-02-20 18:10:30,018 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5273#true} {5273#true} #215#return; {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L290 TraceCheckUtils]: 15: Hoare triple {5273#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L290 TraceCheckUtils]: 16: Hoare triple {5273#true} assume !(0 != test_~tmp___0~1#1); {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L290 TraceCheckUtils]: 17: Hoare triple {5273#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L290 TraceCheckUtils]: 18: Hoare triple {5273#true} assume 0 != test_~tmp___2~0#1; {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L272 TraceCheckUtils]: 19: Hoare triple {5273#true} call timeShift(); {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L290 TraceCheckUtils]: 20: Hoare triple {5273#true} assume !(0 != ~pumpRunning~0); {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L290 TraceCheckUtils]: 21: Hoare triple {5273#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {5273#true} is VALID [2022-02-20 18:10:30,019 INFO L290 TraceCheckUtils]: 22: Hoare triple {5273#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {5273#true} is VALID [2022-02-20 18:10:30,020 INFO L290 TraceCheckUtils]: 23: Hoare triple {5273#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {5273#true} is VALID [2022-02-20 18:10:30,020 INFO L290 TraceCheckUtils]: 24: Hoare triple {5273#true} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {5273#true} is VALID [2022-02-20 18:10:30,020 INFO L290 TraceCheckUtils]: 25: Hoare triple {5273#true} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~2#1 := 0; {5278#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:30,020 INFO L290 TraceCheckUtils]: 26: Hoare triple {5278#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {5279#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:10:30,021 INFO L290 TraceCheckUtils]: 27: Hoare triple {5279#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {5280#(= |timeShift_processEnvironment_~tmp~5#1| 0)} is VALID [2022-02-20 18:10:30,021 INFO L290 TraceCheckUtils]: 28: Hoare triple {5280#(= |timeShift_processEnvironment_~tmp~5#1| 0)} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {5274#false} is VALID [2022-02-20 18:10:30,021 INFO L290 TraceCheckUtils]: 29: Hoare triple {5274#false} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret41#1 && isMethaneAlarm_#t~ret41#1 <= 2147483647;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 30: Hoare triple {5274#false} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret40#1 && activatePump_#t~ret40#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 31: Hoare triple {5274#false} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 32: Hoare triple {5274#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 33: Hoare triple {5274#false} assume { :end_inline_activatePump } true; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 34: Hoare triple {5274#false} assume { :end_inline_processEnvironment } true; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 35: Hoare triple {5274#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 36: Hoare triple {5274#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {5274#false} is VALID [2022-02-20 18:10:30,022 INFO L290 TraceCheckUtils]: 37: Hoare triple {5274#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {5274#false} is VALID [2022-02-20 18:10:30,023 INFO L290 TraceCheckUtils]: 38: Hoare triple {5274#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {5274#false} is VALID [2022-02-20 18:10:30,023 INFO L290 TraceCheckUtils]: 39: Hoare triple {5274#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {5274#false} is VALID [2022-02-20 18:10:30,023 INFO L290 TraceCheckUtils]: 40: Hoare triple {5274#false} assume !false; {5274#false} is VALID [2022-02-20 18:10:30,023 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:30,023 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:30,023 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2125200676] [2022-02-20 18:10:30,024 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2125200676] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:30,024 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:30,024 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:10:30,024 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1191469441] [2022-02-20 18:10:30,024 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:30,024 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 18:10:30,025 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:30,025 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:30,046 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:30,047 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:30,047 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:30,047 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:30,047 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:30,048 INFO L87 Difference]: Start difference. First operand 302 states and 391 transitions. Second operand has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:30,391 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:30,391 INFO L93 Difference]: Finished difference Result 641 states and 861 transitions. [2022-02-20 18:10:30,391 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:30,391 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 18:10:30,391 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:30,391 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:30,393 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 219 transitions. [2022-02-20 18:10:30,393 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:30,395 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 219 transitions. [2022-02-20 18:10:30,395 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 219 transitions. [2022-02-20 18:10:30,532 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 219 edges. 219 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:30,539 INFO L225 Difference]: With dead ends: 641 [2022-02-20 18:10:30,539 INFO L226 Difference]: Without dead ends: 346 [2022-02-20 18:10:30,540 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 12 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=45, Invalid=87, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:10:30,540 INFO L933 BasicCegarLoop]: 69 mSDtfsCounter, 129 mSDsluCounter, 247 mSDsCounter, 0 mSdLazyCounter, 86 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 131 SdHoareTripleChecker+Valid, 316 SdHoareTripleChecker+Invalid, 104 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 86 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:30,540 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [131 Valid, 316 Invalid, 104 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 86 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:30,541 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 346 states. [2022-02-20 18:10:30,552 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 346 to 299. [2022-02-20 18:10:30,552 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:30,552 INFO L82 GeneralOperation]: Start isEquivalent. First operand 346 states. Second operand has 299 states, 245 states have (on average 1.2571428571428571) internal successors, (308), 267 states have internal predecessors, (308), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (50), 27 states have call predecessors, (50), 25 states have call successors, (50) [2022-02-20 18:10:30,553 INFO L74 IsIncluded]: Start isIncluded. First operand 346 states. Second operand has 299 states, 245 states have (on average 1.2571428571428571) internal successors, (308), 267 states have internal predecessors, (308), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (50), 27 states have call predecessors, (50), 25 states have call successors, (50) [2022-02-20 18:10:30,553 INFO L87 Difference]: Start difference. First operand 346 states. Second operand has 299 states, 245 states have (on average 1.2571428571428571) internal successors, (308), 267 states have internal predecessors, (308), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (50), 27 states have call predecessors, (50), 25 states have call successors, (50) [2022-02-20 18:10:30,561 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:30,561 INFO L93 Difference]: Finished difference Result 346 states and 444 transitions. [2022-02-20 18:10:30,561 INFO L276 IsEmpty]: Start isEmpty. Operand 346 states and 444 transitions. [2022-02-20 18:10:30,562 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:30,562 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:30,563 INFO L74 IsIncluded]: Start isIncluded. First operand has 299 states, 245 states have (on average 1.2571428571428571) internal successors, (308), 267 states have internal predecessors, (308), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (50), 27 states have call predecessors, (50), 25 states have call successors, (50) Second operand 346 states. [2022-02-20 18:10:30,563 INFO L87 Difference]: Start difference. First operand has 299 states, 245 states have (on average 1.2571428571428571) internal successors, (308), 267 states have internal predecessors, (308), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (50), 27 states have call predecessors, (50), 25 states have call successors, (50) Second operand 346 states. [2022-02-20 18:10:30,570 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:30,584 INFO L93 Difference]: Finished difference Result 346 states and 444 transitions. [2022-02-20 18:10:30,584 INFO L276 IsEmpty]: Start isEmpty. Operand 346 states and 444 transitions. [2022-02-20 18:10:30,585 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:30,585 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:30,585 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:30,585 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:30,586 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 299 states, 245 states have (on average 1.2571428571428571) internal successors, (308), 267 states have internal predecessors, (308), 25 states have call successors, (25), 22 states have call predecessors, (25), 28 states have return successors, (50), 27 states have call predecessors, (50), 25 states have call successors, (50) [2022-02-20 18:10:30,593 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 299 states to 299 states and 383 transitions. [2022-02-20 18:10:30,594 INFO L78 Accepts]: Start accepts. Automaton has 299 states and 383 transitions. Word has length 41 [2022-02-20 18:10:30,594 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:30,594 INFO L470 AbstractCegarLoop]: Abstraction has 299 states and 383 transitions. [2022-02-20 18:10:30,594 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:30,594 INFO L276 IsEmpty]: Start isEmpty. Operand 299 states and 383 transitions. [2022-02-20 18:10:30,595 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2022-02-20 18:10:30,595 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:30,596 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:30,596 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:10:30,596 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:30,596 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:30,596 INFO L85 PathProgramCache]: Analyzing trace with hash 538402958, now seen corresponding path program 1 times [2022-02-20 18:10:30,596 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:30,597 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [893593935] [2022-02-20 18:10:30,597 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:30,597 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:30,616 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:10:30,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {7353#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:30,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:30,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:30,704 INFO L290 TraceCheckUtils]: 3: Hoare triple {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,704 INFO L290 TraceCheckUtils]: 4: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,705 INFO L290 TraceCheckUtils]: 5: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,705 INFO L290 TraceCheckUtils]: 6: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,706 INFO L290 TraceCheckUtils]: 7: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,706 INFO L290 TraceCheckUtils]: 8: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,707 INFO L290 TraceCheckUtils]: 9: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret41#1 && isMethaneAlarm_#t~ret41#1 <= 2147483647;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,707 INFO L290 TraceCheckUtils]: 10: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret40#1 && activatePump_#t~ret40#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,708 INFO L290 TraceCheckUtils]: 11: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,708 INFO L290 TraceCheckUtils]: 12: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,708 INFO L290 TraceCheckUtils]: 13: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :end_inline_activatePump } true; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,709 INFO L290 TraceCheckUtils]: 14: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :end_inline_processEnvironment } true; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,709 INFO L290 TraceCheckUtils]: 15: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,709 INFO L290 TraceCheckUtils]: 16: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,710 INFO L290 TraceCheckUtils]: 17: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~0#1); {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,710 INFO L290 TraceCheckUtils]: 18: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,711 INFO L290 TraceCheckUtils]: 19: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} assume true; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,711 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {7356#(<= 2 |old(~waterLevel~0)|)} {7329#(= ~waterLevel~0 1)} #219#return; {7328#false} is VALID [2022-02-20 18:10:30,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2022-02-20 18:10:30,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,716 INFO L290 TraceCheckUtils]: 0: Hoare triple {7327#true} assume true; {7327#true} is VALID [2022-02-20 18:10:30,716 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {7327#true} {7328#false} #213#return; {7328#false} is VALID [2022-02-20 18:10:30,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {7327#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {7329#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,717 INFO L290 TraceCheckUtils]: 2: Hoare triple {7329#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,717 INFO L290 TraceCheckUtils]: 3: Hoare triple {7329#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,718 INFO L290 TraceCheckUtils]: 4: Hoare triple {7329#(= ~waterLevel~0 1)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,718 INFO L290 TraceCheckUtils]: 5: Hoare triple {7329#(= ~waterLevel~0 1)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,719 INFO L290 TraceCheckUtils]: 6: Hoare triple {7329#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,719 INFO L290 TraceCheckUtils]: 7: Hoare triple {7329#(= ~waterLevel~0 1)} assume !false; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,719 INFO L290 TraceCheckUtils]: 8: Hoare triple {7329#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,720 INFO L290 TraceCheckUtils]: 9: Hoare triple {7329#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,720 INFO L290 TraceCheckUtils]: 10: Hoare triple {7329#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~4#1); {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,720 INFO L290 TraceCheckUtils]: 11: Hoare triple {7329#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,720 INFO L290 TraceCheckUtils]: 12: Hoare triple {7329#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~1#1); {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,721 INFO L290 TraceCheckUtils]: 13: Hoare triple {7329#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,721 INFO L290 TraceCheckUtils]: 14: Hoare triple {7329#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1; {7329#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:30,722 INFO L272 TraceCheckUtils]: 15: Hoare triple {7329#(= ~waterLevel~0 1)} call timeShift(); {7353#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,723 INFO L290 TraceCheckUtils]: 16: Hoare triple {7353#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:30,723 INFO L290 TraceCheckUtils]: 17: Hoare triple {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:30,723 INFO L290 TraceCheckUtils]: 18: Hoare triple {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:30,724 INFO L290 TraceCheckUtils]: 19: Hoare triple {7354#(= |old(~waterLevel~0)| ~waterLevel~0)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,724 INFO L290 TraceCheckUtils]: 20: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,724 INFO L290 TraceCheckUtils]: 21: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,725 INFO L290 TraceCheckUtils]: 22: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,726 INFO L290 TraceCheckUtils]: 23: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,727 INFO L290 TraceCheckUtils]: 24: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,727 INFO L290 TraceCheckUtils]: 25: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret41#1 && isMethaneAlarm_#t~ret41#1 <= 2147483647;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,728 INFO L290 TraceCheckUtils]: 26: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret40#1 && activatePump_#t~ret40#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,728 INFO L290 TraceCheckUtils]: 27: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,729 INFO L290 TraceCheckUtils]: 28: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,729 INFO L290 TraceCheckUtils]: 29: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :end_inline_activatePump } true; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,729 INFO L290 TraceCheckUtils]: 30: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :end_inline_processEnvironment } true; {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,730 INFO L290 TraceCheckUtils]: 31: Hoare triple {7355#(and (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,730 INFO L290 TraceCheckUtils]: 32: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,730 INFO L290 TraceCheckUtils]: 33: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~0#1); {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,730 INFO L290 TraceCheckUtils]: 34: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,731 INFO L290 TraceCheckUtils]: 35: Hoare triple {7356#(<= 2 |old(~waterLevel~0)|)} assume true; {7356#(<= 2 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:30,731 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {7356#(<= 2 |old(~waterLevel~0)|)} {7329#(= ~waterLevel~0 1)} #219#return; {7328#false} is VALID [2022-02-20 18:10:30,731 INFO L290 TraceCheckUtils]: 37: Hoare triple {7328#false} assume !false; {7328#false} is VALID [2022-02-20 18:10:30,731 INFO L290 TraceCheckUtils]: 38: Hoare triple {7328#false} assume test_~splverifierCounter~0#1 < 4; {7328#false} is VALID [2022-02-20 18:10:30,731 INFO L290 TraceCheckUtils]: 39: Hoare triple {7328#false} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {7328#false} is VALID [2022-02-20 18:10:30,731 INFO L290 TraceCheckUtils]: 40: Hoare triple {7328#false} assume !(0 != test_~tmp~4#1); {7328#false} is VALID [2022-02-20 18:10:30,732 INFO L290 TraceCheckUtils]: 41: Hoare triple {7328#false} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {7328#false} is VALID [2022-02-20 18:10:30,732 INFO L290 TraceCheckUtils]: 42: Hoare triple {7328#false} assume !(0 != test_~tmp___0~1#1); {7328#false} is VALID [2022-02-20 18:10:30,732 INFO L290 TraceCheckUtils]: 43: Hoare triple {7328#false} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {7328#false} is VALID [2022-02-20 18:10:30,732 INFO L290 TraceCheckUtils]: 44: Hoare triple {7328#false} assume 0 != test_~tmp___2~0#1; {7328#false} is VALID [2022-02-20 18:10:30,732 INFO L272 TraceCheckUtils]: 45: Hoare triple {7328#false} call timeShift(); {7328#false} is VALID [2022-02-20 18:10:30,732 INFO L290 TraceCheckUtils]: 46: Hoare triple {7328#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {7328#false} is VALID [2022-02-20 18:10:30,732 INFO L290 TraceCheckUtils]: 47: Hoare triple {7328#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {7328#false} is VALID [2022-02-20 18:10:30,733 INFO L290 TraceCheckUtils]: 48: Hoare triple {7328#false} assume { :end_inline_lowerWaterLevel } true; {7328#false} is VALID [2022-02-20 18:10:30,733 INFO L290 TraceCheckUtils]: 49: Hoare triple {7328#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {7328#false} is VALID [2022-02-20 18:10:30,733 INFO L290 TraceCheckUtils]: 50: Hoare triple {7328#false} assume !(0 == ~pumpRunning~0); {7328#false} is VALID [2022-02-20 18:10:30,733 INFO L272 TraceCheckUtils]: 51: Hoare triple {7328#false} call processEnvironment__wrappee__base(); {7327#true} is VALID [2022-02-20 18:10:30,733 INFO L290 TraceCheckUtils]: 52: Hoare triple {7327#true} assume true; {7327#true} is VALID [2022-02-20 18:10:30,733 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {7327#true} {7328#false} #213#return; {7328#false} is VALID [2022-02-20 18:10:30,733 INFO L290 TraceCheckUtils]: 54: Hoare triple {7328#false} assume { :end_inline_processEnvironment } true; {7328#false} is VALID [2022-02-20 18:10:30,733 INFO L290 TraceCheckUtils]: 55: Hoare triple {7328#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7328#false} is VALID [2022-02-20 18:10:30,734 INFO L290 TraceCheckUtils]: 56: Hoare triple {7328#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {7328#false} is VALID [2022-02-20 18:10:30,734 INFO L290 TraceCheckUtils]: 57: Hoare triple {7328#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {7328#false} is VALID [2022-02-20 18:10:30,734 INFO L290 TraceCheckUtils]: 58: Hoare triple {7328#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {7328#false} is VALID [2022-02-20 18:10:30,734 INFO L290 TraceCheckUtils]: 59: Hoare triple {7328#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {7328#false} is VALID [2022-02-20 18:10:30,734 INFO L290 TraceCheckUtils]: 60: Hoare triple {7328#false} assume !false; {7328#false} is VALID [2022-02-20 18:10:30,734 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 16 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:30,735 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:30,735 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [893593935] [2022-02-20 18:10:30,735 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [893593935] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:30,735 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:30,735 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:30,735 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1662539638] [2022-02-20 18:10:30,735 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:30,736 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 61 [2022-02-20 18:10:30,736 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:30,736 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,773 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 61 edges. 61 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:30,773 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:10:30,773 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:30,774 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:10:30,774 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=28, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:30,774 INFO L87 Difference]: Start difference. First operand 299 states and 383 transitions. Second operand has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:31,145 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:31,145 INFO L93 Difference]: Finished difference Result 567 states and 719 transitions. [2022-02-20 18:10:31,145 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:10:31,145 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 61 [2022-02-20 18:10:31,145 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:31,145 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:31,147 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 240 transitions. [2022-02-20 18:10:31,147 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:31,149 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 240 transitions. [2022-02-20 18:10:31,149 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 240 transitions. [2022-02-20 18:10:31,288 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 240 edges. 240 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:31,292 INFO L225 Difference]: With dead ends: 567 [2022-02-20 18:10:31,293 INFO L226 Difference]: Without dead ends: 275 [2022-02-20 18:10:31,293 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=25, Invalid=47, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:10:31,294 INFO L933 BasicCegarLoop]: 79 mSDtfsCounter, 120 mSDsluCounter, 201 mSDsCounter, 0 mSdLazyCounter, 112 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 123 SdHoareTripleChecker+Valid, 280 SdHoareTripleChecker+Invalid, 136 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 112 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:31,294 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [123 Valid, 280 Invalid, 136 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 112 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:31,294 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 275 states. [2022-02-20 18:10:31,316 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 275 to 273. [2022-02-20 18:10:31,316 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:31,317 INFO L82 GeneralOperation]: Start isEquivalent. First operand 275 states. Second operand has 273 states, 224 states have (on average 1.21875) internal successors, (273), 242 states have internal predecessors, (273), 22 states have call successors, (22), 19 states have call predecessors, (22), 26 states have return successors, (42), 23 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:31,317 INFO L74 IsIncluded]: Start isIncluded. First operand 275 states. Second operand has 273 states, 224 states have (on average 1.21875) internal successors, (273), 242 states have internal predecessors, (273), 22 states have call successors, (22), 19 states have call predecessors, (22), 26 states have return successors, (42), 23 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:31,318 INFO L87 Difference]: Start difference. First operand 275 states. Second operand has 273 states, 224 states have (on average 1.21875) internal successors, (273), 242 states have internal predecessors, (273), 22 states have call successors, (22), 19 states have call predecessors, (22), 26 states have return successors, (42), 23 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:31,322 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:31,322 INFO L93 Difference]: Finished difference Result 275 states and 338 transitions. [2022-02-20 18:10:31,322 INFO L276 IsEmpty]: Start isEmpty. Operand 275 states and 338 transitions. [2022-02-20 18:10:31,323 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:31,323 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:31,324 INFO L74 IsIncluded]: Start isIncluded. First operand has 273 states, 224 states have (on average 1.21875) internal successors, (273), 242 states have internal predecessors, (273), 22 states have call successors, (22), 19 states have call predecessors, (22), 26 states have return successors, (42), 23 states have call predecessors, (42), 22 states have call successors, (42) Second operand 275 states. [2022-02-20 18:10:31,324 INFO L87 Difference]: Start difference. First operand has 273 states, 224 states have (on average 1.21875) internal successors, (273), 242 states have internal predecessors, (273), 22 states have call successors, (22), 19 states have call predecessors, (22), 26 states have return successors, (42), 23 states have call predecessors, (42), 22 states have call successors, (42) Second operand 275 states. [2022-02-20 18:10:31,328 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:31,329 INFO L93 Difference]: Finished difference Result 275 states and 338 transitions. [2022-02-20 18:10:31,329 INFO L276 IsEmpty]: Start isEmpty. Operand 275 states and 338 transitions. [2022-02-20 18:10:31,329 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:31,329 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:31,329 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:31,329 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:31,330 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 273 states, 224 states have (on average 1.21875) internal successors, (273), 242 states have internal predecessors, (273), 22 states have call successors, (22), 19 states have call predecessors, (22), 26 states have return successors, (42), 23 states have call predecessors, (42), 22 states have call successors, (42) [2022-02-20 18:10:31,335 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 273 states to 273 states and 337 transitions. [2022-02-20 18:10:31,335 INFO L78 Accepts]: Start accepts. Automaton has 273 states and 337 transitions. Word has length 61 [2022-02-20 18:10:31,335 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:31,335 INFO L470 AbstractCegarLoop]: Abstraction has 273 states and 337 transitions. [2022-02-20 18:10:31,335 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 8.0) internal successors, (56), 6 states have internal predecessors, (56), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:31,335 INFO L276 IsEmpty]: Start isEmpty. Operand 273 states and 337 transitions. [2022-02-20 18:10:31,336 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 66 [2022-02-20 18:10:31,336 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:31,336 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:31,336 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:10:31,336 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:31,337 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:31,337 INFO L85 PathProgramCache]: Analyzing trace with hash 960970024, now seen corresponding path program 1 times [2022-02-20 18:10:31,337 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:31,337 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2129111324] [2022-02-20 18:10:31,337 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:31,337 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:31,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:31,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {9136#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {9104#true} is VALID [2022-02-20 18:10:31,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {9104#true} assume true; {9104#true} is VALID [2022-02-20 18:10:31,391 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9104#true} {9104#true} #215#return; {9104#true} is VALID [2022-02-20 18:10:31,396 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:10:31,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,408 INFO L290 TraceCheckUtils]: 0: Hoare triple {9137#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {9104#true} is VALID [2022-02-20 18:10:31,409 INFO L290 TraceCheckUtils]: 1: Hoare triple {9104#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9104#true} is VALID [2022-02-20 18:10:31,409 INFO L290 TraceCheckUtils]: 2: Hoare triple {9104#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {9104#true} is VALID [2022-02-20 18:10:31,409 INFO L290 TraceCheckUtils]: 3: Hoare triple {9104#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,409 INFO L290 TraceCheckUtils]: 4: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,409 INFO L290 TraceCheckUtils]: 5: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,410 INFO L290 TraceCheckUtils]: 6: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,410 INFO L290 TraceCheckUtils]: 7: Hoare triple {9130#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,410 INFO L290 TraceCheckUtils]: 8: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,410 INFO L290 TraceCheckUtils]: 9: Hoare triple {9130#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret41#1 && isMethaneAlarm_#t~ret41#1 <= 2147483647;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,411 INFO L290 TraceCheckUtils]: 10: Hoare triple {9130#(<= 2 ~waterLevel~0)} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret40#1 && activatePump_#t~ret40#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,411 INFO L290 TraceCheckUtils]: 11: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,411 INFO L290 TraceCheckUtils]: 12: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,411 INFO L290 TraceCheckUtils]: 13: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,412 INFO L290 TraceCheckUtils]: 14: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,412 INFO L290 TraceCheckUtils]: 15: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,412 INFO L290 TraceCheckUtils]: 16: Hoare triple {9130#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,412 INFO L290 TraceCheckUtils]: 17: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~0#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,413 INFO L290 TraceCheckUtils]: 18: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,413 INFO L290 TraceCheckUtils]: 19: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,413 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {9130#(<= 2 ~waterLevel~0)} {9104#true} #219#return; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:10:31,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {9104#true} assume true; {9104#true} is VALID [2022-02-20 18:10:31,416 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {9104#true} {9131#(<= 1 ~waterLevel~0)} #213#return; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {9104#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {9104#true} is VALID [2022-02-20 18:10:31,416 INFO L290 TraceCheckUtils]: 1: Hoare triple {9104#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {9104#true} is VALID [2022-02-20 18:10:31,416 INFO L290 TraceCheckUtils]: 2: Hoare triple {9104#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9104#true} is VALID [2022-02-20 18:10:31,416 INFO L290 TraceCheckUtils]: 3: Hoare triple {9104#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {9104#true} is VALID [2022-02-20 18:10:31,416 INFO L290 TraceCheckUtils]: 4: Hoare triple {9104#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {9104#true} is VALID [2022-02-20 18:10:31,416 INFO L290 TraceCheckUtils]: 5: Hoare triple {9104#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 6: Hoare triple {9104#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 7: Hoare triple {9104#true} assume !false; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 8: Hoare triple {9104#true} assume test_~splverifierCounter~0#1 < 4; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 9: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 10: Hoare triple {9104#true} assume 0 != test_~tmp~4#1; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L272 TraceCheckUtils]: 11: Hoare triple {9104#true} call waterRise(); {9136#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 12: Hoare triple {9136#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 13: Hoare triple {9104#true} assume true; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {9104#true} {9104#true} #215#return; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 15: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {9104#true} is VALID [2022-02-20 18:10:31,417 INFO L290 TraceCheckUtils]: 16: Hoare triple {9104#true} assume !(0 != test_~tmp___0~1#1); {9104#true} is VALID [2022-02-20 18:10:31,418 INFO L290 TraceCheckUtils]: 17: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {9104#true} is VALID [2022-02-20 18:10:31,418 INFO L290 TraceCheckUtils]: 18: Hoare triple {9104#true} assume 0 != test_~tmp___2~0#1; {9104#true} is VALID [2022-02-20 18:10:31,418 INFO L272 TraceCheckUtils]: 19: Hoare triple {9104#true} call timeShift(); {9137#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:31,418 INFO L290 TraceCheckUtils]: 20: Hoare triple {9137#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {9104#true} is VALID [2022-02-20 18:10:31,418 INFO L290 TraceCheckUtils]: 21: Hoare triple {9104#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9104#true} is VALID [2022-02-20 18:10:31,418 INFO L290 TraceCheckUtils]: 22: Hoare triple {9104#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {9104#true} is VALID [2022-02-20 18:10:31,418 INFO L290 TraceCheckUtils]: 23: Hoare triple {9104#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,419 INFO L290 TraceCheckUtils]: 24: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,419 INFO L290 TraceCheckUtils]: 25: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,419 INFO L290 TraceCheckUtils]: 26: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,419 INFO L290 TraceCheckUtils]: 27: Hoare triple {9130#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,420 INFO L290 TraceCheckUtils]: 28: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,420 INFO L290 TraceCheckUtils]: 29: Hoare triple {9130#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret41#1 && isMethaneAlarm_#t~ret41#1 <= 2147483647;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,420 INFO L290 TraceCheckUtils]: 30: Hoare triple {9130#(<= 2 ~waterLevel~0)} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret40#1 && activatePump_#t~ret40#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,420 INFO L290 TraceCheckUtils]: 31: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,421 INFO L290 TraceCheckUtils]: 32: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,421 INFO L290 TraceCheckUtils]: 33: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,421 INFO L290 TraceCheckUtils]: 34: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,421 INFO L290 TraceCheckUtils]: 35: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,422 INFO L290 TraceCheckUtils]: 36: Hoare triple {9130#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,422 INFO L290 TraceCheckUtils]: 37: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~0#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,422 INFO L290 TraceCheckUtils]: 38: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,422 INFO L290 TraceCheckUtils]: 39: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,423 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9130#(<= 2 ~waterLevel~0)} {9104#true} #219#return; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,423 INFO L290 TraceCheckUtils]: 41: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !false; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,423 INFO L290 TraceCheckUtils]: 42: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,423 INFO L290 TraceCheckUtils]: 43: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,424 INFO L290 TraceCheckUtils]: 44: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~4#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,424 INFO L290 TraceCheckUtils]: 45: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,424 INFO L290 TraceCheckUtils]: 46: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~1#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,424 INFO L290 TraceCheckUtils]: 47: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,425 INFO L290 TraceCheckUtils]: 48: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,425 INFO L272 TraceCheckUtils]: 49: Hoare triple {9130#(<= 2 ~waterLevel~0)} call timeShift(); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,425 INFO L290 TraceCheckUtils]: 50: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,426 INFO L290 TraceCheckUtils]: 51: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,426 INFO L290 TraceCheckUtils]: 52: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,426 INFO L290 TraceCheckUtils]: 53: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,426 INFO L290 TraceCheckUtils]: 54: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,427 INFO L272 TraceCheckUtils]: 55: Hoare triple {9131#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {9104#true} is VALID [2022-02-20 18:10:31,427 INFO L290 TraceCheckUtils]: 56: Hoare triple {9104#true} assume true; {9104#true} is VALID [2022-02-20 18:10:31,427 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {9104#true} {9131#(<= 1 ~waterLevel~0)} #213#return; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,427 INFO L290 TraceCheckUtils]: 58: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,427 INFO L290 TraceCheckUtils]: 59: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9134#(<= 1 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:10:31,428 INFO L290 TraceCheckUtils]: 60: Hoare triple {9134#(<= 1 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {9135#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1|)} is VALID [2022-02-20 18:10:31,428 INFO L290 TraceCheckUtils]: 61: Hoare triple {9135#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1|)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {9105#false} is VALID [2022-02-20 18:10:31,428 INFO L290 TraceCheckUtils]: 62: Hoare triple {9105#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {9105#false} is VALID [2022-02-20 18:10:31,428 INFO L290 TraceCheckUtils]: 63: Hoare triple {9105#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {9105#false} is VALID [2022-02-20 18:10:31,428 INFO L290 TraceCheckUtils]: 64: Hoare triple {9105#false} assume !false; {9105#false} is VALID [2022-02-20 18:10:31,429 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 11 proven. 5 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:31,429 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:31,429 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2129111324] [2022-02-20 18:10:31,429 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2129111324] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:10:31,429 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2106025668] [2022-02-20 18:10:31,429 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:31,429 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:10:31,429 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:31,430 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:10:31,436 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:10:31,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,531 INFO L263 TraceCheckSpWp]: Trace formula consists of 396 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:10:31,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,547 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:31,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {9104#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {9104#true} is VALID [2022-02-20 18:10:31,864 INFO L290 TraceCheckUtils]: 1: Hoare triple {9104#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {9104#true} is VALID [2022-02-20 18:10:31,864 INFO L290 TraceCheckUtils]: 2: Hoare triple {9104#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9104#true} is VALID [2022-02-20 18:10:31,864 INFO L290 TraceCheckUtils]: 3: Hoare triple {9104#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {9104#true} is VALID [2022-02-20 18:10:31,864 INFO L290 TraceCheckUtils]: 4: Hoare triple {9104#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L290 TraceCheckUtils]: 5: Hoare triple {9104#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L290 TraceCheckUtils]: 6: Hoare triple {9104#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L290 TraceCheckUtils]: 7: Hoare triple {9104#true} assume !false; {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L290 TraceCheckUtils]: 8: Hoare triple {9104#true} assume test_~splverifierCounter~0#1 < 4; {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L290 TraceCheckUtils]: 9: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L290 TraceCheckUtils]: 10: Hoare triple {9104#true} assume 0 != test_~tmp~4#1; {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L272 TraceCheckUtils]: 11: Hoare triple {9104#true} call waterRise(); {9104#true} is VALID [2022-02-20 18:10:31,865 INFO L290 TraceCheckUtils]: 12: Hoare triple {9104#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {9104#true} is VALID [2022-02-20 18:10:31,866 INFO L290 TraceCheckUtils]: 13: Hoare triple {9104#true} assume true; {9104#true} is VALID [2022-02-20 18:10:31,869 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {9104#true} {9104#true} #215#return; {9104#true} is VALID [2022-02-20 18:10:31,869 INFO L290 TraceCheckUtils]: 15: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {9104#true} is VALID [2022-02-20 18:10:31,869 INFO L290 TraceCheckUtils]: 16: Hoare triple {9104#true} assume !(0 != test_~tmp___0~1#1); {9104#true} is VALID [2022-02-20 18:10:31,870 INFO L290 TraceCheckUtils]: 17: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {9104#true} is VALID [2022-02-20 18:10:31,870 INFO L290 TraceCheckUtils]: 18: Hoare triple {9104#true} assume 0 != test_~tmp___2~0#1; {9104#true} is VALID [2022-02-20 18:10:31,870 INFO L272 TraceCheckUtils]: 19: Hoare triple {9104#true} call timeShift(); {9104#true} is VALID [2022-02-20 18:10:31,870 INFO L290 TraceCheckUtils]: 20: Hoare triple {9104#true} assume !(0 != ~pumpRunning~0); {9104#true} is VALID [2022-02-20 18:10:31,870 INFO L290 TraceCheckUtils]: 21: Hoare triple {9104#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9104#true} is VALID [2022-02-20 18:10:31,870 INFO L290 TraceCheckUtils]: 22: Hoare triple {9104#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {9104#true} is VALID [2022-02-20 18:10:31,870 INFO L290 TraceCheckUtils]: 23: Hoare triple {9104#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,871 INFO L290 TraceCheckUtils]: 24: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,871 INFO L290 TraceCheckUtils]: 25: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,871 INFO L290 TraceCheckUtils]: 26: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,871 INFO L290 TraceCheckUtils]: 27: Hoare triple {9130#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,872 INFO L290 TraceCheckUtils]: 28: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,872 INFO L290 TraceCheckUtils]: 29: Hoare triple {9130#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret41#1 && isMethaneAlarm_#t~ret41#1 <= 2147483647;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,872 INFO L290 TraceCheckUtils]: 30: Hoare triple {9130#(<= 2 ~waterLevel~0)} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret40#1 && activatePump_#t~ret40#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,873 INFO L290 TraceCheckUtils]: 31: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,873 INFO L290 TraceCheckUtils]: 32: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,873 INFO L290 TraceCheckUtils]: 33: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,873 INFO L290 TraceCheckUtils]: 34: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,874 INFO L290 TraceCheckUtils]: 35: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,874 INFO L290 TraceCheckUtils]: 36: Hoare triple {9130#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,874 INFO L290 TraceCheckUtils]: 37: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~0#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,874 INFO L290 TraceCheckUtils]: 38: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,875 INFO L290 TraceCheckUtils]: 39: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,875 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9130#(<= 2 ~waterLevel~0)} {9104#true} #219#return; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,875 INFO L290 TraceCheckUtils]: 41: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !false; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,875 INFO L290 TraceCheckUtils]: 42: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,876 INFO L290 TraceCheckUtils]: 43: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,876 INFO L290 TraceCheckUtils]: 44: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~4#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,876 INFO L290 TraceCheckUtils]: 45: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,877 INFO L290 TraceCheckUtils]: 46: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~1#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,877 INFO L290 TraceCheckUtils]: 47: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,877 INFO L290 TraceCheckUtils]: 48: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,877 INFO L272 TraceCheckUtils]: 49: Hoare triple {9130#(<= 2 ~waterLevel~0)} call timeShift(); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,878 INFO L290 TraceCheckUtils]: 50: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,878 INFO L290 TraceCheckUtils]: 51: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,878 INFO L290 TraceCheckUtils]: 52: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,879 INFO L290 TraceCheckUtils]: 53: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,879 INFO L290 TraceCheckUtils]: 54: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,879 INFO L272 TraceCheckUtils]: 55: Hoare triple {9131#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,879 INFO L290 TraceCheckUtils]: 56: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume true; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,880 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {9131#(<= 1 ~waterLevel~0)} {9131#(<= 1 ~waterLevel~0)} #213#return; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,880 INFO L290 TraceCheckUtils]: 58: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,880 INFO L290 TraceCheckUtils]: 59: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9134#(<= 1 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:10:31,881 INFO L290 TraceCheckUtils]: 60: Hoare triple {9134#(<= 1 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {9135#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1|)} is VALID [2022-02-20 18:10:31,881 INFO L290 TraceCheckUtils]: 61: Hoare triple {9135#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1|)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {9105#false} is VALID [2022-02-20 18:10:31,881 INFO L290 TraceCheckUtils]: 62: Hoare triple {9105#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {9105#false} is VALID [2022-02-20 18:10:31,881 INFO L290 TraceCheckUtils]: 63: Hoare triple {9105#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {9105#false} is VALID [2022-02-20 18:10:31,882 INFO L290 TraceCheckUtils]: 64: Hoare triple {9105#false} assume !false; {9105#false} is VALID [2022-02-20 18:10:31,882 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 4 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:31,882 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:32,147 INFO L290 TraceCheckUtils]: 64: Hoare triple {9105#false} assume !false; {9105#false} is VALID [2022-02-20 18:10:32,148 INFO L290 TraceCheckUtils]: 63: Hoare triple {9105#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {9105#false} is VALID [2022-02-20 18:10:32,148 INFO L290 TraceCheckUtils]: 62: Hoare triple {9105#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret10#1 && __utac_acc__Specification4_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {9105#false} is VALID [2022-02-20 18:10:32,148 INFO L290 TraceCheckUtils]: 61: Hoare triple {9135#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1|)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {9105#false} is VALID [2022-02-20 18:10:32,149 INFO L290 TraceCheckUtils]: 60: Hoare triple {9134#(<= 1 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {9135#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1|)} is VALID [2022-02-20 18:10:32,149 INFO L290 TraceCheckUtils]: 59: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9134#(<= 1 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:10:32,150 INFO L290 TraceCheckUtils]: 58: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,150 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {9104#true} {9131#(<= 1 ~waterLevel~0)} #213#return; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,150 INFO L290 TraceCheckUtils]: 56: Hoare triple {9104#true} assume true; {9104#true} is VALID [2022-02-20 18:10:32,150 INFO L272 TraceCheckUtils]: 55: Hoare triple {9131#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {9104#true} is VALID [2022-02-20 18:10:32,151 INFO L290 TraceCheckUtils]: 54: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,151 INFO L290 TraceCheckUtils]: 53: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,154 INFO L290 TraceCheckUtils]: 52: Hoare triple {9131#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,155 INFO L290 TraceCheckUtils]: 51: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {9131#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,156 INFO L290 TraceCheckUtils]: 50: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,156 INFO L272 TraceCheckUtils]: 49: Hoare triple {9130#(<= 2 ~waterLevel~0)} call timeShift(); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,156 INFO L290 TraceCheckUtils]: 48: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,157 INFO L290 TraceCheckUtils]: 47: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,157 INFO L290 TraceCheckUtils]: 46: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~1#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,157 INFO L290 TraceCheckUtils]: 45: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,158 INFO L290 TraceCheckUtils]: 44: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~4#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,158 INFO L290 TraceCheckUtils]: 43: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,158 INFO L290 TraceCheckUtils]: 42: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,158 INFO L290 TraceCheckUtils]: 41: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !false; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,159 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9130#(<= 2 ~waterLevel~0)} {9104#true} #219#return; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,159 INFO L290 TraceCheckUtils]: 39: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,159 INFO L290 TraceCheckUtils]: 38: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,160 INFO L290 TraceCheckUtils]: 37: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~0#1); {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,160 INFO L290 TraceCheckUtils]: 36: Hoare triple {9130#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret9#1 && __utac_acc__Specification4_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,160 INFO L290 TraceCheckUtils]: 35: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,161 INFO L290 TraceCheckUtils]: 34: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,161 INFO L290 TraceCheckUtils]: 33: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,161 INFO L290 TraceCheckUtils]: 32: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,162 INFO L290 TraceCheckUtils]: 31: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,162 INFO L290 TraceCheckUtils]: 30: Hoare triple {9130#(<= 2 ~waterLevel~0)} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret40#1 && activatePump_#t~ret40#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,162 INFO L290 TraceCheckUtils]: 29: Hoare triple {9130#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret41#1 && isMethaneAlarm_#t~ret41#1 <= 2147483647;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,162 INFO L290 TraceCheckUtils]: 28: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,163 INFO L290 TraceCheckUtils]: 27: Hoare triple {9130#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret39#1 && processEnvironment_#t~ret39#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,163 INFO L290 TraceCheckUtils]: 26: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,163 INFO L290 TraceCheckUtils]: 25: Hoare triple {9130#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,163 INFO L290 TraceCheckUtils]: 24: Hoare triple {9130#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret50#1 && isHighWaterLevel_#t~ret50#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,164 INFO L290 TraceCheckUtils]: 23: Hoare triple {9104#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {9130#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,164 INFO L290 TraceCheckUtils]: 22: Hoare triple {9104#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {9104#true} is VALID [2022-02-20 18:10:32,164 INFO L290 TraceCheckUtils]: 21: Hoare triple {9104#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9104#true} is VALID [2022-02-20 18:10:32,164 INFO L290 TraceCheckUtils]: 20: Hoare triple {9104#true} assume !(0 != ~pumpRunning~0); {9104#true} is VALID [2022-02-20 18:10:32,164 INFO L272 TraceCheckUtils]: 19: Hoare triple {9104#true} call timeShift(); {9104#true} is VALID [2022-02-20 18:10:32,164 INFO L290 TraceCheckUtils]: 18: Hoare triple {9104#true} assume 0 != test_~tmp___2~0#1; {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L290 TraceCheckUtils]: 17: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L290 TraceCheckUtils]: 16: Hoare triple {9104#true} assume !(0 != test_~tmp___0~1#1); {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L290 TraceCheckUtils]: 15: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {9104#true} {9104#true} #215#return; {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L290 TraceCheckUtils]: 13: Hoare triple {9104#true} assume true; {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L290 TraceCheckUtils]: 12: Hoare triple {9104#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L272 TraceCheckUtils]: 11: Hoare triple {9104#true} call waterRise(); {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L290 TraceCheckUtils]: 10: Hoare triple {9104#true} assume 0 != test_~tmp~4#1; {9104#true} is VALID [2022-02-20 18:10:32,165 INFO L290 TraceCheckUtils]: 9: Hoare triple {9104#true} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {9104#true} is VALID [2022-02-20 18:10:32,166 INFO L290 TraceCheckUtils]: 8: Hoare triple {9104#true} assume test_~splverifierCounter~0#1 < 4; {9104#true} is VALID [2022-02-20 18:10:32,166 INFO L290 TraceCheckUtils]: 7: Hoare triple {9104#true} assume !false; {9104#true} is VALID [2022-02-20 18:10:32,166 INFO L290 TraceCheckUtils]: 6: Hoare triple {9104#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {9104#true} is VALID [2022-02-20 18:10:32,166 INFO L290 TraceCheckUtils]: 5: Hoare triple {9104#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {9104#true} is VALID [2022-02-20 18:10:32,166 INFO L290 TraceCheckUtils]: 4: Hoare triple {9104#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {9104#true} is VALID [2022-02-20 18:10:32,166 INFO L290 TraceCheckUtils]: 3: Hoare triple {9104#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {9104#true} is VALID [2022-02-20 18:10:32,167 INFO L290 TraceCheckUtils]: 2: Hoare triple {9104#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9104#true} is VALID [2022-02-20 18:10:32,167 INFO L290 TraceCheckUtils]: 1: Hoare triple {9104#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {9104#true} is VALID [2022-02-20 18:10:32,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {9104#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {9104#true} is VALID [2022-02-20 18:10:32,168 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 4 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:32,168 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2106025668] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:32,168 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:10:32,168 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 6, 6] total 8 [2022-02-20 18:10:32,168 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1621677301] [2022-02-20 18:10:32,168 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:32,169 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 7.625) internal successors, (61), 6 states have internal predecessors, (61), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 65 [2022-02-20 18:10:32,169 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:32,170 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 7.625) internal successors, (61), 6 states have internal predecessors, (61), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:32,208 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 72 edges. 72 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:32,208 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:10:32,208 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:32,209 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:10:32,209 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:32,209 INFO L87 Difference]: Start difference. First operand 273 states and 337 transitions. Second operand has 8 states, 8 states have (on average 7.625) internal successors, (61), 6 states have internal predecessors, (61), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:32,974 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:32,974 INFO L93 Difference]: Finished difference Result 594 states and 786 transitions. [2022-02-20 18:10:32,974 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-02-20 18:10:32,974 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 7.625) internal successors, (61), 6 states have internal predecessors, (61), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 65 [2022-02-20 18:10:32,974 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:32,974 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 7.625) internal successors, (61), 6 states have internal predecessors, (61), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:32,977 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 18 states to 18 states and 322 transitions. [2022-02-20 18:10:32,978 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 7.625) internal successors, (61), 6 states have internal predecessors, (61), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:32,980 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 18 states to 18 states and 322 transitions. [2022-02-20 18:10:32,980 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 18 states and 322 transitions. [2022-02-20 18:10:33,181 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 322 edges. 322 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:33,191 INFO L225 Difference]: With dead ends: 594 [2022-02-20 18:10:33,191 INFO L226 Difference]: Without dead ends: 363 [2022-02-20 18:10:33,192 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 157 GetRequests, 135 SyntacticMatches, 3 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 77 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=133, Invalid=287, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:10:33,192 INFO L933 BasicCegarLoop]: 99 mSDtfsCounter, 258 mSDsluCounter, 331 mSDsCounter, 0 mSdLazyCounter, 204 mSolverCounterSat, 55 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 264 SdHoareTripleChecker+Valid, 430 SdHoareTripleChecker+Invalid, 259 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 55 IncrementalHoareTripleChecker+Valid, 204 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:33,193 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [264 Valid, 430 Invalid, 259 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [55 Valid, 204 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:33,193 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 363 states. [2022-02-20 18:10:33,251 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 363 to 335. [2022-02-20 18:10:33,251 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:33,252 INFO L82 GeneralOperation]: Start isEquivalent. First operand 363 states. Second operand has 335 states, 271 states have (on average 1.2287822878228782) internal successors, (333), 292 states have internal predecessors, (333), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,252 INFO L74 IsIncluded]: Start isIncluded. First operand 363 states. Second operand has 335 states, 271 states have (on average 1.2287822878228782) internal successors, (333), 292 states have internal predecessors, (333), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,253 INFO L87 Difference]: Start difference. First operand 363 states. Second operand has 335 states, 271 states have (on average 1.2287822878228782) internal successors, (333), 292 states have internal predecessors, (333), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:33,260 INFO L93 Difference]: Finished difference Result 363 states and 466 transitions. [2022-02-20 18:10:33,260 INFO L276 IsEmpty]: Start isEmpty. Operand 363 states and 466 transitions. [2022-02-20 18:10:33,261 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:33,261 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:33,262 INFO L74 IsIncluded]: Start isIncluded. First operand has 335 states, 271 states have (on average 1.2287822878228782) internal successors, (333), 292 states have internal predecessors, (333), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) Second operand 363 states. [2022-02-20 18:10:33,262 INFO L87 Difference]: Start difference. First operand has 335 states, 271 states have (on average 1.2287822878228782) internal successors, (333), 292 states have internal predecessors, (333), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) Second operand 363 states. [2022-02-20 18:10:33,270 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:33,270 INFO L93 Difference]: Finished difference Result 363 states and 466 transitions. [2022-02-20 18:10:33,270 INFO L276 IsEmpty]: Start isEmpty. Operand 363 states and 466 transitions. [2022-02-20 18:10:33,270 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:33,271 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:33,271 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:33,271 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:33,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 335 states, 271 states have (on average 1.2287822878228782) internal successors, (333), 292 states have internal predecessors, (333), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,278 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 335 states to 335 states and 422 transitions. [2022-02-20 18:10:33,279 INFO L78 Accepts]: Start accepts. Automaton has 335 states and 422 transitions. Word has length 65 [2022-02-20 18:10:33,279 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:33,279 INFO L470 AbstractCegarLoop]: Abstraction has 335 states and 422 transitions. [2022-02-20 18:10:33,279 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 7.625) internal successors, (61), 6 states have internal predecessors, (61), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:33,279 INFO L276 IsEmpty]: Start isEmpty. Operand 335 states and 422 transitions. [2022-02-20 18:10:33,280 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 90 [2022-02-20 18:10:33,280 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:33,280 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:33,299 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:10:33,497 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-02-20 18:10:33,497 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:33,498 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:33,498 INFO L85 PathProgramCache]: Analyzing trace with hash 1753618127, now seen corresponding path program 2 times [2022-02-20 18:10:33,498 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:33,498 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1265180481] [2022-02-20 18:10:33,498 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:33,498 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:33,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:33,525 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:10:33,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:33,580 INFO L138 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2022-02-20 18:10:33,580 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:10:33,581 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:33,582 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 18:10:33,584 INFO L732 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:33,585 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:33,618 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:10:33,619 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:10:33,621 INFO L158 Benchmark]: Toolchain (without parser) took 8058.23ms. Allocated memory was 92.3MB in the beginning and 134.2MB in the end (delta: 41.9MB). Free memory was 53.4MB in the beginning and 45.7MB in the end (delta: 7.7MB). Peak memory consumption was 50.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,621 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 92.3MB. Free memory is still 70.4MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:33,621 INFO L158 Benchmark]: CACSL2BoogieTranslator took 353.71ms. Allocated memory is still 92.3MB. Free memory was 53.2MB in the beginning and 57.6MB in the end (delta: -4.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,622 INFO L158 Benchmark]: Boogie Procedure Inliner took 51.06ms. Allocated memory is still 92.3MB. Free memory was 57.6MB in the beginning and 55.0MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,622 INFO L158 Benchmark]: Boogie Preprocessor took 42.09ms. Allocated memory is still 92.3MB. Free memory was 55.0MB in the beginning and 53.0MB in the end (delta: 2.0MB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:33,622 INFO L158 Benchmark]: RCFGBuilder took 516.02ms. Allocated memory was 92.3MB in the beginning and 111.1MB in the end (delta: 18.9MB). Free memory was 53.0MB in the beginning and 87.4MB in the end (delta: -34.4MB). Peak memory consumption was 25.7MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,622 INFO L158 Benchmark]: TraceAbstraction took 7090.87ms. Allocated memory was 111.1MB in the beginning and 134.2MB in the end (delta: 23.1MB). Free memory was 86.9MB in the beginning and 45.7MB in the end (delta: 41.2MB). Peak memory consumption was 64.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,623 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 92.3MB. Free memory is still 70.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 353.71ms. Allocated memory is still 92.3MB. Free memory was 53.2MB in the beginning and 57.6MB in the end (delta: -4.4MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 51.06ms. Allocated memory is still 92.3MB. Free memory was 57.6MB in the beginning and 55.0MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 42.09ms. Allocated memory is still 92.3MB. Free memory was 55.0MB in the beginning and 53.0MB in the end (delta: 2.0MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 516.02ms. Allocated memory was 92.3MB in the beginning and 111.1MB in the end (delta: 18.9MB). Free memory was 53.0MB in the beginning and 87.4MB in the end (delta: -34.4MB). Peak memory consumption was 25.7MB. Max. memory is 16.1GB. * TraceAbstraction took 7090.87ms. Allocated memory was 111.1MB in the beginning and 134.2MB in the end (delta: 23.1MB). Free memory was 86.9MB in the beginning and 45.7MB in the end (delta: 41.2MB). Peak memory consumption was 64.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:10:33,650 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 12f35b53fa21b1b526c5ccefe7a49d52db3501fafceaddf16f789eadd54f272a --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:35,250 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:35,251 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:35,281 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:35,283 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:35,285 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:35,286 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:35,290 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:35,291 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:35,292 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:35,293 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:35,294 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:35,295 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:35,297 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:35,297 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:35,298 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:35,300 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:35,302 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:35,304 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:35,305 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:35,306 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:35,307 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:35,308 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:35,308 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:35,310 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:35,310 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:35,310 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:35,311 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:35,311 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:35,311 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:35,312 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:35,312 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:35,313 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:35,313 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:35,314 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:35,314 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:35,314 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:35,315 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:35,315 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:35,315 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:35,316 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:35,316 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf [2022-02-20 18:10:35,331 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:35,332 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:35,332 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:35,332 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:35,333 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:35,333 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:35,334 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:35,334 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:35,334 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:35,334 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:35,334 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:35,334 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:35,335 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:35,335 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:35,339 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:35,339 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:35,339 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 18:10:35,339 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-02-20 18:10:35,339 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-02-20 18:10:35,339 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:35,340 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:35,340 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:35,340 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:35,340 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:35,340 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:35,341 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:35,341 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:35,343 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:35,343 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:35,343 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:35,343 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-02-20 18:10:35,343 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-02-20 18:10:35,343 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:35,344 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:35,344 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:35,344 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-02-20 18:10:35,344 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 12f35b53fa21b1b526c5ccefe7a49d52db3501fafceaddf16f789eadd54f272a [2022-02-20 18:10:35,600 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:35,624 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:35,628 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:35,629 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:35,629 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:35,630 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c [2022-02-20 18:10:35,683 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2c556efe2/9c29fcb5872b4e5994765675124e381a/FLAG3a3895752 [2022-02-20 18:10:36,098 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:36,100 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c [2022-02-20 18:10:36,110 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2c556efe2/9c29fcb5872b4e5994765675124e381a/FLAG3a3895752 [2022-02-20 18:10:36,122 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2c556efe2/9c29fcb5872b4e5994765675124e381a [2022-02-20 18:10:36,124 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:36,125 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:36,127 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:36,127 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:36,130 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:36,133 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,134 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@45deb46b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36, skipping insertion in model container [2022-02-20 18:10:36,134 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,140 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:36,181 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:36,347 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c[4000,4013] [2022-02-20 18:10:36,459 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:36,469 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-02-20 18:10:36,476 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:36,503 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c[4000,4013] [2022-02-20 18:10:36,531 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:36,544 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:36,558 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product41.cil.c[4000,4013] [2022-02-20 18:10:36,598 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:36,611 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:36,613 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36 WrapperNode [2022-02-20 18:10:36,613 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:36,615 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:36,615 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:36,615 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:36,619 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,639 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,661 INFO L137 Inliner]: procedures = 55, calls = 151, calls flagged for inlining = 23, calls inlined = 20, statements flattened = 235 [2022-02-20 18:10:36,662 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:36,662 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:36,665 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:36,666 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:36,671 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,671 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,673 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,674 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,683 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,686 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,688 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,689 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:36,690 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:36,690 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:36,690 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:36,691 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,701 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:36,710 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:36,718 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:36,725 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:36,748 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:36,748 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:36,749 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:36,749 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:36,749 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:36,749 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:36,749 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:36,749 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:36,749 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:36,750 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE1 [2022-02-20 18:10:36,750 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:36,750 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:36,750 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:36,750 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:36,805 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:36,806 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:37,121 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:37,126 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:37,127 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:37,128 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:37 BoogieIcfgContainer [2022-02-20 18:10:37,128 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:37,129 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:37,129 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:37,131 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:37,132 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:36" (1/3) ... [2022-02-20 18:10:37,132 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2654fcc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:37, skipping insertion in model container [2022-02-20 18:10:37,132 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36" (2/3) ... [2022-02-20 18:10:37,132 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2654fcc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:37, skipping insertion in model container [2022-02-20 18:10:37,133 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:37" (3/3) ... [2022-02-20 18:10:37,133 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product41.cil.c [2022-02-20 18:10:37,137 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:37,138 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:37,177 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:37,183 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:37,183 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:37,199 INFO L276 IsEmpty]: Start isEmpty. Operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:10:37,204 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:37,204 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:37,205 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:37,205 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:37,208 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:37,209 INFO L85 PathProgramCache]: Analyzing trace with hash 125055405, now seen corresponding path program 1 times [2022-02-20 18:10:37,219 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:37,220 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1123552842] [2022-02-20 18:10:37,220 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:37,221 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:37,221 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:37,222 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:37,223 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-02-20 18:10:37,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,330 INFO L263 TraceCheckSpWp]: Trace formula consists of 144 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:10:37,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,346 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:37,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {77#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {77#true} is VALID [2022-02-20 18:10:37,423 INFO L290 TraceCheckUtils]: 1: Hoare triple {77#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {77#true} is VALID [2022-02-20 18:10:37,423 INFO L290 TraceCheckUtils]: 2: Hoare triple {77#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {77#true} is VALID [2022-02-20 18:10:37,423 INFO L290 TraceCheckUtils]: 3: Hoare triple {77#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {77#true} is VALID [2022-02-20 18:10:37,424 INFO L290 TraceCheckUtils]: 4: Hoare triple {77#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {77#true} is VALID [2022-02-20 18:10:37,424 INFO L290 TraceCheckUtils]: 5: Hoare triple {77#true} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {77#true} is VALID [2022-02-20 18:10:37,424 INFO L290 TraceCheckUtils]: 6: Hoare triple {77#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {77#true} is VALID [2022-02-20 18:10:37,425 INFO L290 TraceCheckUtils]: 7: Hoare triple {77#true} assume false; {78#false} is VALID [2022-02-20 18:10:37,425 INFO L272 TraceCheckUtils]: 8: Hoare triple {78#false} call cleanup(); {78#false} is VALID [2022-02-20 18:10:37,425 INFO L290 TraceCheckUtils]: 9: Hoare triple {78#false} havoc ~i~0;havoc ~__cil_tmp2~0; {78#false} is VALID [2022-02-20 18:10:37,426 INFO L272 TraceCheckUtils]: 10: Hoare triple {78#false} call timeShift(); {78#false} is VALID [2022-02-20 18:10:37,426 INFO L290 TraceCheckUtils]: 11: Hoare triple {78#false} assume !(0bv32 != ~pumpRunning~0); {78#false} is VALID [2022-02-20 18:10:37,426 INFO L290 TraceCheckUtils]: 12: Hoare triple {78#false} assume !(0bv32 != ~systemActive~0); {78#false} is VALID [2022-02-20 18:10:37,427 INFO L290 TraceCheckUtils]: 13: Hoare triple {78#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {78#false} is VALID [2022-02-20 18:10:37,427 INFO L290 TraceCheckUtils]: 14: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {78#false} is VALID [2022-02-20 18:10:37,427 INFO L290 TraceCheckUtils]: 15: Hoare triple {78#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {78#false} is VALID [2022-02-20 18:10:37,427 INFO L290 TraceCheckUtils]: 16: Hoare triple {78#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {78#false} is VALID [2022-02-20 18:10:37,427 INFO L290 TraceCheckUtils]: 17: Hoare triple {78#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {78#false} is VALID [2022-02-20 18:10:37,428 INFO L290 TraceCheckUtils]: 18: Hoare triple {78#false} assume !false; {78#false} is VALID [2022-02-20 18:10:37,429 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:37,429 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:37,430 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:37,430 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1123552842] [2022-02-20 18:10:37,430 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1123552842] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:37,430 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:37,431 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:37,433 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [948196950] [2022-02-20 18:10:37,433 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:37,437 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:37,438 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:37,440 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:37,464 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:37,465 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:37,465 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:37,482 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:37,483 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:37,486 INFO L87 Difference]: Start difference. First operand has 74 states, 59 states have (on average 1.4067796610169492) internal successors, (83), 65 states have internal predecessors, (83), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:37,581 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:37,581 INFO L93 Difference]: Finished difference Result 140 states and 193 transitions. [2022-02-20 18:10:37,581 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:37,581 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:37,582 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:37,582 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:37,597 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:37,597 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:37,603 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 193 transitions. [2022-02-20 18:10:37,604 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 193 transitions. [2022-02-20 18:10:37,747 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 193 edges. 193 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:37,757 INFO L225 Difference]: With dead ends: 140 [2022-02-20 18:10:37,757 INFO L226 Difference]: Without dead ends: 65 [2022-02-20 18:10:37,760 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:37,763 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 93 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:37,765 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 93 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:37,776 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 65 states. [2022-02-20 18:10:37,789 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 65 to 65. [2022-02-20 18:10:37,790 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:37,791 INFO L82 GeneralOperation]: Start isEquivalent. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:37,795 INFO L74 IsIncluded]: Start isIncluded. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:37,795 INFO L87 Difference]: Start difference. First operand 65 states. Second operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:37,799 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:37,800 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:37,800 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:37,800 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:37,801 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:37,801 INFO L74 IsIncluded]: Start isIncluded. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:37,801 INFO L87 Difference]: Start difference. First operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 65 states. [2022-02-20 18:10:37,804 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:37,805 INFO L93 Difference]: Finished difference Result 65 states and 84 transitions. [2022-02-20 18:10:37,805 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:37,805 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:37,805 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:37,806 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:37,806 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:37,806 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 65 states, 52 states have (on average 1.3269230769230769) internal successors, (69), 57 states have internal predecessors, (69), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:37,812 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 65 states to 65 states and 84 transitions. [2022-02-20 18:10:37,814 INFO L78 Accepts]: Start accepts. Automaton has 65 states and 84 transitions. Word has length 19 [2022-02-20 18:10:37,814 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:37,814 INFO L470 AbstractCegarLoop]: Abstraction has 65 states and 84 transitions. [2022-02-20 18:10:37,814 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:37,814 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 84 transitions. [2022-02-20 18:10:37,815 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:37,815 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:37,815 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:37,827 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:38,016 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:38,016 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:38,017 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:38,017 INFO L85 PathProgramCache]: Analyzing trace with hash 1087845428, now seen corresponding path program 1 times [2022-02-20 18:10:38,017 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:38,017 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1681699957] [2022-02-20 18:10:38,017 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:38,017 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:38,018 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:38,019 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:38,020 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-02-20 18:10:38,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:38,076 INFO L263 TraceCheckSpWp]: Trace formula consists of 145 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:10:38,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:38,087 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:38,169 INFO L290 TraceCheckUtils]: 0: Hoare triple {565#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {565#true} is VALID [2022-02-20 18:10:38,169 INFO L290 TraceCheckUtils]: 1: Hoare triple {565#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {565#true} is VALID [2022-02-20 18:10:38,169 INFO L290 TraceCheckUtils]: 2: Hoare triple {565#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {565#true} is VALID [2022-02-20 18:10:38,169 INFO L290 TraceCheckUtils]: 3: Hoare triple {565#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {565#true} is VALID [2022-02-20 18:10:38,170 INFO L290 TraceCheckUtils]: 4: Hoare triple {565#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {565#true} is VALID [2022-02-20 18:10:38,170 INFO L290 TraceCheckUtils]: 5: Hoare triple {565#true} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {565#true} is VALID [2022-02-20 18:10:38,170 INFO L290 TraceCheckUtils]: 6: Hoare triple {565#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {588#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:10:38,171 INFO L290 TraceCheckUtils]: 7: Hoare triple {588#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !false; {588#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:10:38,171 INFO L290 TraceCheckUtils]: 8: Hoare triple {588#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !~bvslt32(test_~splverifierCounter~0#1, 4bv32); {566#false} is VALID [2022-02-20 18:10:38,171 INFO L272 TraceCheckUtils]: 9: Hoare triple {566#false} call cleanup(); {566#false} is VALID [2022-02-20 18:10:38,171 INFO L290 TraceCheckUtils]: 10: Hoare triple {566#false} havoc ~i~0;havoc ~__cil_tmp2~0; {566#false} is VALID [2022-02-20 18:10:38,172 INFO L272 TraceCheckUtils]: 11: Hoare triple {566#false} call timeShift(); {566#false} is VALID [2022-02-20 18:10:38,172 INFO L290 TraceCheckUtils]: 12: Hoare triple {566#false} assume !(0bv32 != ~pumpRunning~0); {566#false} is VALID [2022-02-20 18:10:38,172 INFO L290 TraceCheckUtils]: 13: Hoare triple {566#false} assume !(0bv32 != ~systemActive~0); {566#false} is VALID [2022-02-20 18:10:38,172 INFO L290 TraceCheckUtils]: 14: Hoare triple {566#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {566#false} is VALID [2022-02-20 18:10:38,172 INFO L290 TraceCheckUtils]: 15: Hoare triple {566#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {566#false} is VALID [2022-02-20 18:10:38,172 INFO L290 TraceCheckUtils]: 16: Hoare triple {566#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {566#false} is VALID [2022-02-20 18:10:38,173 INFO L290 TraceCheckUtils]: 17: Hoare triple {566#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {566#false} is VALID [2022-02-20 18:10:38,173 INFO L290 TraceCheckUtils]: 18: Hoare triple {566#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {566#false} is VALID [2022-02-20 18:10:38,173 INFO L290 TraceCheckUtils]: 19: Hoare triple {566#false} assume !false; {566#false} is VALID [2022-02-20 18:10:38,173 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:38,173 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:38,173 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:38,174 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1681699957] [2022-02-20 18:10:38,174 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1681699957] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:38,174 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:38,174 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:38,177 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [70245826] [2022-02-20 18:10:38,177 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:38,178 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:38,179 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:38,180 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,197 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:38,197 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:38,197 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:38,198 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:38,198 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:38,198 INFO L87 Difference]: Start difference. First operand 65 states and 84 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,278 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,278 INFO L93 Difference]: Finished difference Result 96 states and 124 transitions. [2022-02-20 18:10:38,278 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:38,279 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:38,279 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:38,279 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,281 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 124 transitions. [2022-02-20 18:10:38,281 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,283 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 124 transitions. [2022-02-20 18:10:38,284 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 124 transitions. [2022-02-20 18:10:38,401 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:38,403 INFO L225 Difference]: With dead ends: 96 [2022-02-20 18:10:38,404 INFO L226 Difference]: Without dead ends: 56 [2022-02-20 18:10:38,404 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:38,405 INFO L933 BasicCegarLoop]: 71 mSDtfsCounter, 12 mSDsluCounter, 55 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 126 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:38,405 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 126 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:38,406 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2022-02-20 18:10:38,421 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 56. [2022-02-20 18:10:38,421 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:38,421 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:38,421 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:38,422 INFO L87 Difference]: Start difference. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:38,423 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,424 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:38,424 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:38,424 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:38,424 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:38,424 INFO L74 IsIncluded]: Start isIncluded. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:38,424 INFO L87 Difference]: Start difference. First operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:38,426 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,426 INFO L93 Difference]: Finished difference Result 56 states and 72 transitions. [2022-02-20 18:10:38,426 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:38,427 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:38,427 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:38,427 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:38,427 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:38,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 56 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 51 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:38,428 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 56 states to 56 states and 72 transitions. [2022-02-20 18:10:38,428 INFO L78 Accepts]: Start accepts. Automaton has 56 states and 72 transitions. Word has length 20 [2022-02-20 18:10:38,429 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:38,429 INFO L470 AbstractCegarLoop]: Abstraction has 56 states and 72 transitions. [2022-02-20 18:10:38,429 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,429 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 72 transitions. [2022-02-20 18:10:38,429 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:10:38,429 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:38,429 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:38,445 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:38,645 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:38,646 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:38,646 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:38,646 INFO L85 PathProgramCache]: Analyzing trace with hash 1276159455, now seen corresponding path program 1 times [2022-02-20 18:10:38,647 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:38,647 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [218955689] [2022-02-20 18:10:38,647 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:38,647 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:38,647 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:38,650 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:38,654 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-02-20 18:10:38,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:38,696 INFO L263 TraceCheckSpWp]: Trace formula consists of 145 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:10:38,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:38,707 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:38,785 INFO L290 TraceCheckUtils]: 0: Hoare triple {961#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,786 INFO L290 TraceCheckUtils]: 1: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,786 INFO L290 TraceCheckUtils]: 2: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,786 INFO L290 TraceCheckUtils]: 3: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,787 INFO L290 TraceCheckUtils]: 4: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,787 INFO L290 TraceCheckUtils]: 5: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,787 INFO L290 TraceCheckUtils]: 6: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,788 INFO L290 TraceCheckUtils]: 7: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume !false; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,788 INFO L290 TraceCheckUtils]: 8: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,788 INFO L290 TraceCheckUtils]: 9: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,791 INFO L290 TraceCheckUtils]: 10: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~4#1); {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,792 INFO L290 TraceCheckUtils]: 11: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,793 INFO L290 TraceCheckUtils]: 12: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,793 INFO L290 TraceCheckUtils]: 13: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,794 INFO L290 TraceCheckUtils]: 14: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,794 INFO L272 TraceCheckUtils]: 15: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} call timeShift(); {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,795 INFO L290 TraceCheckUtils]: 16: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {966#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:38,795 INFO L290 TraceCheckUtils]: 17: Hoare triple {966#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~systemActive~0); {962#false} is VALID [2022-02-20 18:10:38,795 INFO L290 TraceCheckUtils]: 18: Hoare triple {962#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {962#false} is VALID [2022-02-20 18:10:38,795 INFO L290 TraceCheckUtils]: 19: Hoare triple {962#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {962#false} is VALID [2022-02-20 18:10:38,796 INFO L290 TraceCheckUtils]: 20: Hoare triple {962#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {962#false} is VALID [2022-02-20 18:10:38,796 INFO L290 TraceCheckUtils]: 21: Hoare triple {962#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {962#false} is VALID [2022-02-20 18:10:38,796 INFO L290 TraceCheckUtils]: 22: Hoare triple {962#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {962#false} is VALID [2022-02-20 18:10:38,796 INFO L290 TraceCheckUtils]: 23: Hoare triple {962#false} assume !false; {962#false} is VALID [2022-02-20 18:10:38,797 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:38,797 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:38,797 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:38,797 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [218955689] [2022-02-20 18:10:38,798 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [218955689] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:38,798 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:38,798 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:38,799 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [29577712] [2022-02-20 18:10:38,799 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:38,800 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:38,800 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:38,800 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,822 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:38,824 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:38,824 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:38,824 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:38,824 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:38,824 INFO L87 Difference]: Start difference. First operand 56 states and 72 transitions. Second operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,896 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,896 INFO L93 Difference]: Finished difference Result 105 states and 138 transitions. [2022-02-20 18:10:38,896 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:38,897 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:38,897 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:38,897 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,901 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 138 transitions. [2022-02-20 18:10:38,901 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,903 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 138 transitions. [2022-02-20 18:10:38,903 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 138 transitions. [2022-02-20 18:10:39,017 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 138 edges. 138 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:39,019 INFO L225 Difference]: With dead ends: 105 [2022-02-20 18:10:39,020 INFO L226 Difference]: Without dead ends: 56 [2022-02-20 18:10:39,022 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 23 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:39,024 INFO L933 BasicCegarLoop]: 70 mSDtfsCounter, 54 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 54 SdHoareTripleChecker+Valid, 70 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:39,024 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [54 Valid, 70 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:39,025 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2022-02-20 18:10:39,032 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 56. [2022-02-20 18:10:39,032 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:39,032 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,032 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,035 INFO L87 Difference]: Start difference. First operand 56 states. Second operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,037 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,037 INFO L93 Difference]: Finished difference Result 56 states and 71 transitions. [2022-02-20 18:10:39,037 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 71 transitions. [2022-02-20 18:10:39,038 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,038 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,038 INFO L74 IsIncluded]: Start isIncluded. First operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:39,038 INFO L87 Difference]: Start difference. First operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 56 states. [2022-02-20 18:10:39,040 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,040 INFO L93 Difference]: Finished difference Result 56 states and 71 transitions. [2022-02-20 18:10:39,040 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 71 transitions. [2022-02-20 18:10:39,040 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,040 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,040 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:39,040 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:39,041 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 56 states, 46 states have (on average 1.326086956521739) internal successors, (61), 51 states have internal predecessors, (61), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,042 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 56 states to 56 states and 71 transitions. [2022-02-20 18:10:39,042 INFO L78 Accepts]: Start accepts. Automaton has 56 states and 71 transitions. Word has length 24 [2022-02-20 18:10:39,042 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:39,042 INFO L470 AbstractCegarLoop]: Abstraction has 56 states and 71 transitions. [2022-02-20 18:10:39,043 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:39,043 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 71 transitions. [2022-02-20 18:10:39,043 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:10:39,043 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:39,043 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:39,053 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:39,250 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:39,250 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:39,251 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:39,251 INFO L85 PathProgramCache]: Analyzing trace with hash -384200528, now seen corresponding path program 1 times [2022-02-20 18:10:39,251 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:39,251 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1546418425] [2022-02-20 18:10:39,251 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:39,251 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:39,251 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:39,252 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:39,253 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-02-20 18:10:39,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:39,292 INFO L263 TraceCheckSpWp]: Trace formula consists of 152 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:39,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:39,300 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:39,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {1379#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,377 INFO L290 TraceCheckUtils]: 3: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,377 INFO L290 TraceCheckUtils]: 4: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,378 INFO L290 TraceCheckUtils]: 5: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,378 INFO L290 TraceCheckUtils]: 6: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,378 INFO L290 TraceCheckUtils]: 7: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume !false; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,379 INFO L290 TraceCheckUtils]: 8: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,379 INFO L290 TraceCheckUtils]: 9: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,379 INFO L290 TraceCheckUtils]: 10: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp~4#1); {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,380 INFO L290 TraceCheckUtils]: 11: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,380 INFO L290 TraceCheckUtils]: 12: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp___0~1#1); {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,380 INFO L290 TraceCheckUtils]: 13: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,381 INFO L290 TraceCheckUtils]: 14: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___2~0#1; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,381 INFO L272 TraceCheckUtils]: 15: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} call timeShift(); {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,381 INFO L290 TraceCheckUtils]: 16: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,382 INFO L290 TraceCheckUtils]: 17: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {1384#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:39,382 INFO L290 TraceCheckUtils]: 18: Hoare triple {1384#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 == ~pumpRunning~0); {1380#false} is VALID [2022-02-20 18:10:39,382 INFO L272 TraceCheckUtils]: 19: Hoare triple {1380#false} call processEnvironment__wrappee__base(); {1380#false} is VALID [2022-02-20 18:10:39,382 INFO L290 TraceCheckUtils]: 20: Hoare triple {1380#false} assume true; {1380#false} is VALID [2022-02-20 18:10:39,382 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {1380#false} {1380#false} #213#return; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L290 TraceCheckUtils]: 22: Hoare triple {1380#false} assume { :end_inline_processEnvironment } true; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L290 TraceCheckUtils]: 23: Hoare triple {1380#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L290 TraceCheckUtils]: 24: Hoare triple {1380#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L290 TraceCheckUtils]: 25: Hoare triple {1380#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L290 TraceCheckUtils]: 26: Hoare triple {1380#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L290 TraceCheckUtils]: 27: Hoare triple {1380#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L290 TraceCheckUtils]: 28: Hoare triple {1380#false} assume !false; {1380#false} is VALID [2022-02-20 18:10:39,383 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:39,383 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:39,384 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:39,384 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1546418425] [2022-02-20 18:10:39,384 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1546418425] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:39,384 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:39,384 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:39,384 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2029306874] [2022-02-20 18:10:39,384 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:39,384 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:39,385 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:39,385 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:39,418 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:39,419 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:39,419 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:39,419 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:39,419 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:39,419 INFO L87 Difference]: Start difference. First operand 56 states and 71 transitions. Second operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:39,526 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,526 INFO L93 Difference]: Finished difference Result 140 states and 182 transitions. [2022-02-20 18:10:39,526 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:39,527 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:39,527 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:39,527 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:39,529 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 182 transitions. [2022-02-20 18:10:39,529 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:39,531 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 182 transitions. [2022-02-20 18:10:39,531 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 182 transitions. [2022-02-20 18:10:39,652 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 182 edges. 182 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:39,653 INFO L225 Difference]: With dead ends: 140 [2022-02-20 18:10:39,653 INFO L226 Difference]: Without dead ends: 91 [2022-02-20 18:10:39,654 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:39,654 INFO L933 BasicCegarLoop]: 72 mSDtfsCounter, 45 mSDsluCounter, 45 mSDsCounter, 0 mSdLazyCounter, 7 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 117 SdHoareTripleChecker+Invalid, 10 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 7 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:39,655 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 117 Invalid, 10 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 7 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:39,655 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2022-02-20 18:10:39,659 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 89. [2022-02-20 18:10:39,659 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:39,660 INFO L82 GeneralOperation]: Start isEquivalent. First operand 91 states. Second operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:39,660 INFO L74 IsIncluded]: Start isIncluded. First operand 91 states. Second operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:39,660 INFO L87 Difference]: Start difference. First operand 91 states. Second operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:39,663 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,663 INFO L93 Difference]: Finished difference Result 91 states and 114 transitions. [2022-02-20 18:10:39,663 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 114 transitions. [2022-02-20 18:10:39,663 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,664 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,664 INFO L74 IsIncluded]: Start isIncluded. First operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 91 states. [2022-02-20 18:10:39,664 INFO L87 Difference]: Start difference. First operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 91 states. [2022-02-20 18:10:39,666 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,666 INFO L93 Difference]: Finished difference Result 91 states and 114 transitions. [2022-02-20 18:10:39,666 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 114 transitions. [2022-02-20 18:10:39,667 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,667 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,667 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:39,667 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:39,667 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 89 states, 72 states have (on average 1.3194444444444444) internal successors, (95), 79 states have internal predecessors, (95), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:39,669 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 89 states to 89 states and 113 transitions. [2022-02-20 18:10:39,669 INFO L78 Accepts]: Start accepts. Automaton has 89 states and 113 transitions. Word has length 29 [2022-02-20 18:10:39,670 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:39,670 INFO L470 AbstractCegarLoop]: Abstraction has 89 states and 113 transitions. [2022-02-20 18:10:39,670 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:39,670 INFO L276 IsEmpty]: Start isEmpty. Operand 89 states and 113 transitions. [2022-02-20 18:10:39,670 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-02-20 18:10:39,671 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:39,671 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:39,677 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:39,877 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:39,877 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:39,878 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:39,878 INFO L85 PathProgramCache]: Analyzing trace with hash 234187366, now seen corresponding path program 1 times [2022-02-20 18:10:39,878 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:39,878 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [918508613] [2022-02-20 18:10:39,878 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:39,878 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:39,879 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:39,879 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:39,881 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-02-20 18:10:39,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:39,921 INFO L263 TraceCheckSpWp]: Trace formula consists of 162 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:39,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:39,938 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:40,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {1976#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {1976#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {1976#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 3: Hoare triple {1976#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 4: Hoare triple {1976#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 5: Hoare triple {1976#true} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 6: Hoare triple {1976#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 7: Hoare triple {1976#true} assume !false; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 8: Hoare triple {1976#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 9: Hoare triple {1976#true} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {1976#true} is VALID [2022-02-20 18:10:40,015 INFO L290 TraceCheckUtils]: 10: Hoare triple {1976#true} assume !(0bv32 != test_~tmp~4#1); {1976#true} is VALID [2022-02-20 18:10:40,016 INFO L290 TraceCheckUtils]: 11: Hoare triple {1976#true} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1976#true} is VALID [2022-02-20 18:10:40,016 INFO L290 TraceCheckUtils]: 12: Hoare triple {1976#true} assume !(0bv32 != test_~tmp___0~1#1); {1976#true} is VALID [2022-02-20 18:10:40,018 INFO L290 TraceCheckUtils]: 13: Hoare triple {1976#true} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {1976#true} is VALID [2022-02-20 18:10:40,018 INFO L290 TraceCheckUtils]: 14: Hoare triple {1976#true} assume 0bv32 != test_~tmp___2~0#1; {1976#true} is VALID [2022-02-20 18:10:40,018 INFO L272 TraceCheckUtils]: 15: Hoare triple {1976#true} call timeShift(); {1976#true} is VALID [2022-02-20 18:10:40,018 INFO L290 TraceCheckUtils]: 16: Hoare triple {1976#true} assume !(0bv32 != ~pumpRunning~0); {1976#true} is VALID [2022-02-20 18:10:40,019 INFO L290 TraceCheckUtils]: 17: Hoare triple {1976#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {1976#true} is VALID [2022-02-20 18:10:40,019 INFO L290 TraceCheckUtils]: 18: Hoare triple {1976#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {1976#true} is VALID [2022-02-20 18:10:40,020 INFO L290 TraceCheckUtils]: 19: Hoare triple {1976#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {2038#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} is VALID [2022-02-20 18:10:40,021 INFO L290 TraceCheckUtils]: 20: Hoare triple {2038#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {2042#(= |timeShift_isHighWaterLevel_~tmp~7#1| (_ bv1 32))} is VALID [2022-02-20 18:10:40,021 INFO L290 TraceCheckUtils]: 21: Hoare triple {2042#(= |timeShift_isHighWaterLevel_~tmp~7#1| (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {1977#false} is VALID [2022-02-20 18:10:40,022 INFO L290 TraceCheckUtils]: 22: Hoare triple {1977#false} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 23: Hoare triple {1977#false} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 24: Hoare triple {1977#false} assume !(0bv32 != processEnvironment_~tmp~5#1); {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L272 TraceCheckUtils]: 25: Hoare triple {1977#false} call processEnvironment__wrappee__base(); {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 26: Hoare triple {1977#false} assume true; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {1977#false} {1977#false} #211#return; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 28: Hoare triple {1977#false} assume { :end_inline_processEnvironment } true; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 29: Hoare triple {1977#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 30: Hoare triple {1977#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 31: Hoare triple {1977#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {1977#false} is VALID [2022-02-20 18:10:40,032 INFO L290 TraceCheckUtils]: 32: Hoare triple {1977#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {1977#false} is VALID [2022-02-20 18:10:40,033 INFO L290 TraceCheckUtils]: 33: Hoare triple {1977#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1977#false} is VALID [2022-02-20 18:10:40,033 INFO L290 TraceCheckUtils]: 34: Hoare triple {1977#false} assume !false; {1977#false} is VALID [2022-02-20 18:10:40,033 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:40,033 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:40,033 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:40,033 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [918508613] [2022-02-20 18:10:40,033 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [918508613] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:40,033 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:40,033 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:40,033 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [976518282] [2022-02-20 18:10:40,033 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:40,034 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:40,034 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:40,034 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,067 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:40,067 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:10:40,067 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:40,067 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:10:40,068 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:10:40,068 INFO L87 Difference]: Start difference. First operand 89 states and 113 transitions. Second operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,224 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:40,224 INFO L93 Difference]: Finished difference Result 203 states and 264 transitions. [2022-02-20 18:10:40,224 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:10:40,225 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:40,225 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:40,225 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,227 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 163 transitions. [2022-02-20 18:10:40,227 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,228 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 163 transitions. [2022-02-20 18:10:40,229 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 163 transitions. [2022-02-20 18:10:40,330 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 163 edges. 163 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:40,332 INFO L225 Difference]: With dead ends: 203 [2022-02-20 18:10:40,332 INFO L226 Difference]: Without dead ends: 121 [2022-02-20 18:10:40,333 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 32 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:40,333 INFO L933 BasicCegarLoop]: 70 mSDtfsCounter, 45 mSDsluCounter, 134 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 204 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:40,334 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 204 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:40,334 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 121 states. [2022-02-20 18:10:40,340 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 121 to 91. [2022-02-20 18:10:40,340 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:40,340 INFO L82 GeneralOperation]: Start isEquivalent. First operand 121 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,341 INFO L74 IsIncluded]: Start isIncluded. First operand 121 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,341 INFO L87 Difference]: Start difference. First operand 121 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,344 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:40,344 INFO L93 Difference]: Finished difference Result 121 states and 153 transitions. [2022-02-20 18:10:40,344 INFO L276 IsEmpty]: Start isEmpty. Operand 121 states and 153 transitions. [2022-02-20 18:10:40,345 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:40,345 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:40,345 INFO L74 IsIncluded]: Start isIncluded. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 121 states. [2022-02-20 18:10:40,345 INFO L87 Difference]: Start difference. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 121 states. [2022-02-20 18:10:40,348 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:40,348 INFO L93 Difference]: Finished difference Result 121 states and 153 transitions. [2022-02-20 18:10:40,348 INFO L276 IsEmpty]: Start isEmpty. Operand 121 states and 153 transitions. [2022-02-20 18:10:40,349 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:40,349 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:40,349 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:40,349 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:40,349 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,351 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 91 states to 91 states and 115 transitions. [2022-02-20 18:10:40,351 INFO L78 Accepts]: Start accepts. Automaton has 91 states and 115 transitions. Word has length 35 [2022-02-20 18:10:40,351 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:40,352 INFO L470 AbstractCegarLoop]: Abstraction has 91 states and 115 transitions. [2022-02-20 18:10:40,352 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 4 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,352 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 115 transitions. [2022-02-20 18:10:40,352 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-02-20 18:10:40,352 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:40,352 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:40,361 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:40,559 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:40,561 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:40,561 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:40,561 INFO L85 PathProgramCache]: Analyzing trace with hash 1245304616, now seen corresponding path program 1 times [2022-02-20 18:10:40,562 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:40,562 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [502093947] [2022-02-20 18:10:40,562 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:40,562 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:40,562 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:40,563 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:40,567 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Waiting until timeout for monitored process [2022-02-20 18:10:40,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:40,606 INFO L263 TraceCheckSpWp]: Trace formula consists of 162 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:10:40,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:40,613 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:40,715 INFO L290 TraceCheckUtils]: 0: Hoare triple {2749#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,715 INFO L290 TraceCheckUtils]: 1: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,715 INFO L290 TraceCheckUtils]: 2: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,716 INFO L290 TraceCheckUtils]: 3: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,716 INFO L290 TraceCheckUtils]: 4: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,716 INFO L290 TraceCheckUtils]: 5: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,717 INFO L290 TraceCheckUtils]: 6: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,717 INFO L290 TraceCheckUtils]: 7: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume !false; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,717 INFO L290 TraceCheckUtils]: 8: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,718 INFO L290 TraceCheckUtils]: 9: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,718 INFO L290 TraceCheckUtils]: 10: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~4#1); {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,718 INFO L290 TraceCheckUtils]: 11: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,718 INFO L290 TraceCheckUtils]: 12: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,719 INFO L290 TraceCheckUtils]: 13: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,719 INFO L290 TraceCheckUtils]: 14: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,719 INFO L272 TraceCheckUtils]: 15: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} call timeShift(); {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,720 INFO L290 TraceCheckUtils]: 16: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,720 INFO L290 TraceCheckUtils]: 17: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,720 INFO L290 TraceCheckUtils]: 18: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,721 INFO L290 TraceCheckUtils]: 19: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,721 INFO L290 TraceCheckUtils]: 20: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,721 INFO L290 TraceCheckUtils]: 21: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,721 INFO L290 TraceCheckUtils]: 22: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,722 INFO L290 TraceCheckUtils]: 23: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,722 INFO L290 TraceCheckUtils]: 24: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != processEnvironment_~tmp~5#1); {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,722 INFO L272 TraceCheckUtils]: 25: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} call processEnvironment__wrappee__base(); {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,723 INFO L290 TraceCheckUtils]: 26: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume true; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,723 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {2754#(= ~waterLevel~0 (_ bv1 32))} {2754#(= ~waterLevel~0 (_ bv1 32))} #211#return; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,723 INFO L290 TraceCheckUtils]: 28: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_processEnvironment } true; {2754#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,724 INFO L290 TraceCheckUtils]: 29: Hoare triple {2754#(= ~waterLevel~0 (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {2842#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:40,724 INFO L290 TraceCheckUtils]: 30: Hoare triple {2842#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {2846#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv1 32))} is VALID [2022-02-20 18:10:40,724 INFO L290 TraceCheckUtils]: 31: Hoare triple {2846#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv1 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {2750#false} is VALID [2022-02-20 18:10:40,725 INFO L290 TraceCheckUtils]: 32: Hoare triple {2750#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {2750#false} is VALID [2022-02-20 18:10:40,725 INFO L290 TraceCheckUtils]: 33: Hoare triple {2750#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {2750#false} is VALID [2022-02-20 18:10:40,725 INFO L290 TraceCheckUtils]: 34: Hoare triple {2750#false} assume !false; {2750#false} is VALID [2022-02-20 18:10:40,726 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:40,726 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:40,726 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:40,726 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [502093947] [2022-02-20 18:10:40,726 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [502093947] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:40,726 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:40,726 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:40,726 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1190868511] [2022-02-20 18:10:40,727 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:40,727 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.4) internal successors, (32), 4 states have internal predecessors, (32), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:40,727 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:40,727 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.4) internal successors, (32), 4 states have internal predecessors, (32), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,750 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:40,750 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:40,751 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:40,752 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:40,752 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:40,752 INFO L87 Difference]: Start difference. First operand 91 states and 115 transitions. Second operand has 5 states, 5 states have (on average 6.4) internal successors, (32), 4 states have internal predecessors, (32), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,948 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:40,948 INFO L93 Difference]: Finished difference Result 241 states and 320 transitions. [2022-02-20 18:10:40,949 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:40,949 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.4) internal successors, (32), 4 states have internal predecessors, (32), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-20 18:10:40,949 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:40,949 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.4) internal successors, (32), 4 states have internal predecessors, (32), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,951 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 192 transitions. [2022-02-20 18:10:40,951 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.4) internal successors, (32), 4 states have internal predecessors, (32), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,959 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 192 transitions. [2022-02-20 18:10:40,959 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 192 transitions. [2022-02-20 18:10:41,082 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 192 edges. 192 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:41,090 INFO L225 Difference]: With dead ends: 241 [2022-02-20 18:10:41,090 INFO L226 Difference]: Without dead ends: 157 [2022-02-20 18:10:41,091 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 36 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:41,094 INFO L933 BasicCegarLoop]: 69 mSDtfsCounter, 31 mSDsluCounter, 197 mSDsCounter, 0 mSdLazyCounter, 25 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 31 SdHoareTripleChecker+Valid, 266 SdHoareTripleChecker+Invalid, 29 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 25 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:41,094 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [31 Valid, 266 Invalid, 29 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 25 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:41,096 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 157 states. [2022-02-20 18:10:41,105 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 157 to 157. [2022-02-20 18:10:41,105 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:41,106 INFO L82 GeneralOperation]: Start isEquivalent. First operand 157 states. Second operand has 157 states, 128 states have (on average 1.28125) internal successors, (164), 138 states have internal predecessors, (164), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,106 INFO L74 IsIncluded]: Start isIncluded. First operand 157 states. Second operand has 157 states, 128 states have (on average 1.28125) internal successors, (164), 138 states have internal predecessors, (164), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,107 INFO L87 Difference]: Start difference. First operand 157 states. Second operand has 157 states, 128 states have (on average 1.28125) internal successors, (164), 138 states have internal predecessors, (164), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,110 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,110 INFO L93 Difference]: Finished difference Result 157 states and 200 transitions. [2022-02-20 18:10:41,110 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 200 transitions. [2022-02-20 18:10:41,111 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:41,111 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:41,111 INFO L74 IsIncluded]: Start isIncluded. First operand has 157 states, 128 states have (on average 1.28125) internal successors, (164), 138 states have internal predecessors, (164), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 157 states. [2022-02-20 18:10:41,112 INFO L87 Difference]: Start difference. First operand has 157 states, 128 states have (on average 1.28125) internal successors, (164), 138 states have internal predecessors, (164), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 157 states. [2022-02-20 18:10:41,115 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,115 INFO L93 Difference]: Finished difference Result 157 states and 200 transitions. [2022-02-20 18:10:41,115 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 200 transitions. [2022-02-20 18:10:41,116 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:41,116 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:41,116 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:41,116 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:41,117 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 157 states, 128 states have (on average 1.28125) internal successors, (164), 138 states have internal predecessors, (164), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,120 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 157 states to 157 states and 200 transitions. [2022-02-20 18:10:41,120 INFO L78 Accepts]: Start accepts. Automaton has 157 states and 200 transitions. Word has length 35 [2022-02-20 18:10:41,120 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:41,120 INFO L470 AbstractCegarLoop]: Abstraction has 157 states and 200 transitions. [2022-02-20 18:10:41,121 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.4) internal successors, (32), 4 states have internal predecessors, (32), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,121 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 200 transitions. [2022-02-20 18:10:41,121 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-20 18:10:41,121 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:41,122 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:41,129 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:41,328 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:41,329 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:41,329 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:41,329 INFO L85 PathProgramCache]: Analyzing trace with hash -2121318334, now seen corresponding path program 1 times [2022-02-20 18:10:41,329 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:41,330 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [242128639] [2022-02-20 18:10:41,330 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:41,330 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:41,330 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:41,331 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:41,332 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-02-20 18:10:41,372 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:41,374 INFO L263 TraceCheckSpWp]: Trace formula consists of 169 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:10:41,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:41,388 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:41,539 INFO L290 TraceCheckUtils]: 0: Hoare triple {3745#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,540 INFO L290 TraceCheckUtils]: 2: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,540 INFO L290 TraceCheckUtils]: 3: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,540 INFO L290 TraceCheckUtils]: 4: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,541 INFO L290 TraceCheckUtils]: 5: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,541 INFO L290 TraceCheckUtils]: 6: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,541 INFO L290 TraceCheckUtils]: 7: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume !false; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,541 INFO L290 TraceCheckUtils]: 8: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,542 INFO L290 TraceCheckUtils]: 9: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,542 INFO L290 TraceCheckUtils]: 10: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~4#1; {3750#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,543 INFO L272 TraceCheckUtils]: 11: Hoare triple {3750#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {3784#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:41,543 INFO L290 TraceCheckUtils]: 12: Hoare triple {3784#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {3788#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:41,551 INFO L290 TraceCheckUtils]: 13: Hoare triple {3788#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} assume true; {3788#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:41,552 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {3788#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} {3750#(= ~waterLevel~0 (_ bv1 32))} #215#return; {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,554 INFO L290 TraceCheckUtils]: 15: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,554 INFO L290 TraceCheckUtils]: 16: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,555 INFO L290 TraceCheckUtils]: 17: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,555 INFO L290 TraceCheckUtils]: 18: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,555 INFO L272 TraceCheckUtils]: 19: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,556 INFO L290 TraceCheckUtils]: 20: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,556 INFO L290 TraceCheckUtils]: 21: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,566 INFO L290 TraceCheckUtils]: 22: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:41,566 INFO L290 TraceCheckUtils]: 23: Hoare triple {3795#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {3746#false} is VALID [2022-02-20 18:10:41,566 INFO L290 TraceCheckUtils]: 24: Hoare triple {3746#false} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 25: Hoare triple {3746#false} assume 0bv32 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 26: Hoare triple {3746#false} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 27: Hoare triple {3746#false} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 28: Hoare triple {3746#false} assume !(0bv32 != processEnvironment_~tmp~5#1); {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L272 TraceCheckUtils]: 29: Hoare triple {3746#false} call processEnvironment__wrappee__base(); {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 30: Hoare triple {3746#false} assume true; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {3746#false} {3746#false} #211#return; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 32: Hoare triple {3746#false} assume { :end_inline_processEnvironment } true; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 33: Hoare triple {3746#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 34: Hoare triple {3746#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 35: Hoare triple {3746#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 36: Hoare triple {3746#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 37: Hoare triple {3746#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {3746#false} is VALID [2022-02-20 18:10:41,567 INFO L290 TraceCheckUtils]: 38: Hoare triple {3746#false} assume !false; {3746#false} is VALID [2022-02-20 18:10:41,568 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:41,568 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:41,568 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:41,568 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [242128639] [2022-02-20 18:10:41,568 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [242128639] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:41,568 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:41,568 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:41,568 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [773526554] [2022-02-20 18:10:41,568 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:41,569 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 4 states have internal predecessors, (34), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 39 [2022-02-20 18:10:41,569 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:41,569 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 4 states have internal predecessors, (34), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:41,609 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:41,609 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:41,609 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:41,609 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:41,610 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:41,610 INFO L87 Difference]: Start difference. First operand 157 states and 200 transitions. Second operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 4 states have internal predecessors, (34), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,166 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:42,167 INFO L93 Difference]: Finished difference Result 475 states and 619 transitions. [2022-02-20 18:10:42,167 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:10:42,167 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 4 states have internal predecessors, (34), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 39 [2022-02-20 18:10:42,167 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:42,168 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 4 states have internal predecessors, (34), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,171 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 330 transitions. [2022-02-20 18:10:42,171 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 4 states have internal predecessors, (34), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,174 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 330 transitions. [2022-02-20 18:10:42,174 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 330 transitions. [2022-02-20 18:10:42,411 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 330 edges. 330 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:42,422 INFO L225 Difference]: With dead ends: 475 [2022-02-20 18:10:42,422 INFO L226 Difference]: Without dead ends: 391 [2022-02-20 18:10:42,423 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 41 GetRequests, 33 SyntacticMatches, 1 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:10:42,423 INFO L933 BasicCegarLoop]: 125 mSDtfsCounter, 215 mSDsluCounter, 302 mSDsCounter, 0 mSdLazyCounter, 156 mSolverCounterSat, 28 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 221 SdHoareTripleChecker+Valid, 427 SdHoareTripleChecker+Invalid, 184 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 28 IncrementalHoareTripleChecker+Valid, 156 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:42,423 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [221 Valid, 427 Invalid, 184 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [28 Valid, 156 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:42,424 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 391 states. [2022-02-20 18:10:42,447 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 391 to 374. [2022-02-20 18:10:42,447 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:42,448 INFO L82 GeneralOperation]: Start isEquivalent. First operand 391 states. Second operand has 374 states, 310 states have (on average 1.2806451612903227) internal successors, (397), 338 states have internal predecessors, (397), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:42,449 INFO L74 IsIncluded]: Start isIncluded. First operand 391 states. Second operand has 374 states, 310 states have (on average 1.2806451612903227) internal successors, (397), 338 states have internal predecessors, (397), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:42,450 INFO L87 Difference]: Start difference. First operand 391 states. Second operand has 374 states, 310 states have (on average 1.2806451612903227) internal successors, (397), 338 states have internal predecessors, (397), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:42,460 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:42,461 INFO L93 Difference]: Finished difference Result 391 states and 490 transitions. [2022-02-20 18:10:42,461 INFO L276 IsEmpty]: Start isEmpty. Operand 391 states and 490 transitions. [2022-02-20 18:10:42,462 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:42,462 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:42,463 INFO L74 IsIncluded]: Start isIncluded. First operand has 374 states, 310 states have (on average 1.2806451612903227) internal successors, (397), 338 states have internal predecessors, (397), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) Second operand 391 states. [2022-02-20 18:10:42,463 INFO L87 Difference]: Start difference. First operand has 374 states, 310 states have (on average 1.2806451612903227) internal successors, (397), 338 states have internal predecessors, (397), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) Second operand 391 states. [2022-02-20 18:10:42,474 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:42,474 INFO L93 Difference]: Finished difference Result 391 states and 490 transitions. [2022-02-20 18:10:42,474 INFO L276 IsEmpty]: Start isEmpty. Operand 391 states and 490 transitions. [2022-02-20 18:10:42,475 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:42,475 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:42,475 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:42,475 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:42,476 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 374 states, 310 states have (on average 1.2806451612903227) internal successors, (397), 338 states have internal predecessors, (397), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:42,486 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 374 states to 374 states and 475 transitions. [2022-02-20 18:10:42,486 INFO L78 Accepts]: Start accepts. Automaton has 374 states and 475 transitions. Word has length 39 [2022-02-20 18:10:42,487 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:42,487 INFO L470 AbstractCegarLoop]: Abstraction has 374 states and 475 transitions. [2022-02-20 18:10:42,487 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 4 states have internal predecessors, (34), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,487 INFO L276 IsEmpty]: Start isEmpty. Operand 374 states and 475 transitions. [2022-02-20 18:10:42,487 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-20 18:10:42,487 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:42,487 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:42,497 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:42,694 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:42,694 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:42,695 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:42,695 INFO L85 PathProgramCache]: Analyzing trace with hash 141463358, now seen corresponding path program 1 times [2022-02-20 18:10:42,695 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:42,695 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [906470209] [2022-02-20 18:10:42,695 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:42,695 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:42,696 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:42,696 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:42,698 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-02-20 18:10:42,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:42,737 INFO L263 TraceCheckSpWp]: Trace formula consists of 169 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 18:10:42,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:42,749 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {5871#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {5871#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 2: Hoare triple {5871#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 3: Hoare triple {5871#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 4: Hoare triple {5871#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 5: Hoare triple {5871#true} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 6: Hoare triple {5871#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 7: Hoare triple {5871#true} assume !false; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 8: Hoare triple {5871#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 9: Hoare triple {5871#true} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L290 TraceCheckUtils]: 10: Hoare triple {5871#true} assume 0bv32 != test_~tmp~4#1; {5871#true} is VALID [2022-02-20 18:10:42,840 INFO L272 TraceCheckUtils]: 11: Hoare triple {5871#true} call waterRise(); {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 12: Hoare triple {5871#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 13: Hoare triple {5871#true} assume true; {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5871#true} {5871#true} #215#return; {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 15: Hoare triple {5871#true} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 16: Hoare triple {5871#true} assume !(0bv32 != test_~tmp___0~1#1); {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 17: Hoare triple {5871#true} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 18: Hoare triple {5871#true} assume 0bv32 != test_~tmp___2~0#1; {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L272 TraceCheckUtils]: 19: Hoare triple {5871#true} call timeShift(); {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 20: Hoare triple {5871#true} assume !(0bv32 != ~pumpRunning~0); {5871#true} is VALID [2022-02-20 18:10:42,841 INFO L290 TraceCheckUtils]: 21: Hoare triple {5871#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {5871#true} is VALID [2022-02-20 18:10:42,842 INFO L290 TraceCheckUtils]: 22: Hoare triple {5871#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {5871#true} is VALID [2022-02-20 18:10:42,842 INFO L290 TraceCheckUtils]: 23: Hoare triple {5871#true} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {5871#true} is VALID [2022-02-20 18:10:42,842 INFO L290 TraceCheckUtils]: 24: Hoare triple {5871#true} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {5871#true} is VALID [2022-02-20 18:10:42,843 INFO L290 TraceCheckUtils]: 25: Hoare triple {5871#true} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {5951#(= (_ bv1 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} is VALID [2022-02-20 18:10:42,844 INFO L290 TraceCheckUtils]: 26: Hoare triple {5951#(= (_ bv1 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {5955#(= |timeShift_isHighWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:42,844 INFO L290 TraceCheckUtils]: 27: Hoare triple {5955#(= |timeShift_isHighWaterLevel_#res#1| (_ bv1 32))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {5959#(= |timeShift_processEnvironment_~tmp~5#1| (_ bv1 32))} is VALID [2022-02-20 18:10:42,844 INFO L290 TraceCheckUtils]: 28: Hoare triple {5959#(= |timeShift_processEnvironment_~tmp~5#1| (_ bv1 32))} assume !(0bv32 != processEnvironment_~tmp~5#1); {5872#false} is VALID [2022-02-20 18:10:42,844 INFO L272 TraceCheckUtils]: 29: Hoare triple {5872#false} call processEnvironment__wrappee__base(); {5872#false} is VALID [2022-02-20 18:10:42,844 INFO L290 TraceCheckUtils]: 30: Hoare triple {5872#false} assume true; {5872#false} is VALID [2022-02-20 18:10:42,852 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {5872#false} {5872#false} #211#return; {5872#false} is VALID [2022-02-20 18:10:42,852 INFO L290 TraceCheckUtils]: 32: Hoare triple {5872#false} assume { :end_inline_processEnvironment } true; {5872#false} is VALID [2022-02-20 18:10:42,853 INFO L290 TraceCheckUtils]: 33: Hoare triple {5872#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {5872#false} is VALID [2022-02-20 18:10:42,853 INFO L290 TraceCheckUtils]: 34: Hoare triple {5872#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {5872#false} is VALID [2022-02-20 18:10:42,853 INFO L290 TraceCheckUtils]: 35: Hoare triple {5872#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {5872#false} is VALID [2022-02-20 18:10:42,853 INFO L290 TraceCheckUtils]: 36: Hoare triple {5872#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {5872#false} is VALID [2022-02-20 18:10:42,853 INFO L290 TraceCheckUtils]: 37: Hoare triple {5872#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {5872#false} is VALID [2022-02-20 18:10:42,853 INFO L290 TraceCheckUtils]: 38: Hoare triple {5872#false} assume !false; {5872#false} is VALID [2022-02-20 18:10:42,853 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:42,853 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:42,853 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:42,853 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [906470209] [2022-02-20 18:10:42,853 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [906470209] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:42,853 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:42,853 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:42,853 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1473337598] [2022-02-20 18:10:42,853 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:42,854 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.8) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 39 [2022-02-20 18:10:42,855 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:42,855 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.8) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,882 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:42,882 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:42,882 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:42,883 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:42,883 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:42,883 INFO L87 Difference]: Start difference. First operand 374 states and 475 transitions. Second operand has 5 states, 5 states have (on average 6.8) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,134 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:43,135 INFO L93 Difference]: Finished difference Result 763 states and 980 transitions. [2022-02-20 18:10:43,135 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:43,135 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.8) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 39 [2022-02-20 18:10:43,135 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:43,136 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.8) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,137 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 158 transitions. [2022-02-20 18:10:43,138 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.8) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,139 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 158 transitions. [2022-02-20 18:10:43,139 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 158 transitions. [2022-02-20 18:10:43,247 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 158 edges. 158 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:43,261 INFO L225 Difference]: With dead ends: 763 [2022-02-20 18:10:43,261 INFO L226 Difference]: Without dead ends: 457 [2022-02-20 18:10:43,262 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:43,263 INFO L933 BasicCegarLoop]: 89 mSDtfsCounter, 57 mSDsluCounter, 205 mSDsCounter, 0 mSdLazyCounter, 14 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 294 SdHoareTripleChecker+Invalid, 14 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 14 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:43,263 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [57 Valid, 294 Invalid, 14 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 14 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:43,263 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 457 states. [2022-02-20 18:10:43,279 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 457 to 383. [2022-02-20 18:10:43,279 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:43,280 INFO L82 GeneralOperation]: Start isEquivalent. First operand 457 states. Second operand has 383 states, 319 states have (on average 1.2727272727272727) internal successors, (406), 347 states have internal predecessors, (406), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:43,281 INFO L74 IsIncluded]: Start isIncluded. First operand 457 states. Second operand has 383 states, 319 states have (on average 1.2727272727272727) internal successors, (406), 347 states have internal predecessors, (406), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:43,282 INFO L87 Difference]: Start difference. First operand 457 states. Second operand has 383 states, 319 states have (on average 1.2727272727272727) internal successors, (406), 347 states have internal predecessors, (406), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:43,294 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:43,294 INFO L93 Difference]: Finished difference Result 457 states and 580 transitions. [2022-02-20 18:10:43,294 INFO L276 IsEmpty]: Start isEmpty. Operand 457 states and 580 transitions. [2022-02-20 18:10:43,295 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:43,296 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:43,297 INFO L74 IsIncluded]: Start isIncluded. First operand has 383 states, 319 states have (on average 1.2727272727272727) internal successors, (406), 347 states have internal predecessors, (406), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) Second operand 457 states. [2022-02-20 18:10:43,298 INFO L87 Difference]: Start difference. First operand has 383 states, 319 states have (on average 1.2727272727272727) internal successors, (406), 347 states have internal predecessors, (406), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) Second operand 457 states. [2022-02-20 18:10:43,311 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:43,312 INFO L93 Difference]: Finished difference Result 457 states and 580 transitions. [2022-02-20 18:10:43,312 INFO L276 IsEmpty]: Start isEmpty. Operand 457 states and 580 transitions. [2022-02-20 18:10:43,313 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:43,313 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:43,313 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:43,313 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:43,314 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 383 states, 319 states have (on average 1.2727272727272727) internal successors, (406), 347 states have internal predecessors, (406), 31 states have call successors, (31), 28 states have call predecessors, (31), 32 states have return successors, (47), 29 states have call predecessors, (47), 31 states have call successors, (47) [2022-02-20 18:10:43,326 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 383 states to 383 states and 484 transitions. [2022-02-20 18:10:43,326 INFO L78 Accepts]: Start accepts. Automaton has 383 states and 484 transitions. Word has length 39 [2022-02-20 18:10:43,326 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:43,326 INFO L470 AbstractCegarLoop]: Abstraction has 383 states and 484 transitions. [2022-02-20 18:10:43,327 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.8) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,327 INFO L276 IsEmpty]: Start isEmpty. Operand 383 states and 484 transitions. [2022-02-20 18:10:43,327 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-20 18:10:43,327 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:43,328 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:43,353 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:43,536 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:43,539 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:43,539 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:43,539 INFO L85 PathProgramCache]: Analyzing trace with hash 1152580608, now seen corresponding path program 1 times [2022-02-20 18:10:43,540 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:43,540 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1377102312] [2022-02-20 18:10:43,540 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:43,540 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:43,540 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:43,541 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:43,543 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-02-20 18:10:43,581 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:43,583 INFO L263 TraceCheckSpWp]: Trace formula consists of 169 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:43,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:43,593 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:43,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {8564#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {8564#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 2: Hoare triple {8564#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 3: Hoare triple {8564#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 4: Hoare triple {8564#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 5: Hoare triple {8564#true} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 6: Hoare triple {8564#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 7: Hoare triple {8564#true} assume !false; {8564#true} is VALID [2022-02-20 18:10:43,681 INFO L290 TraceCheckUtils]: 8: Hoare triple {8564#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L290 TraceCheckUtils]: 9: Hoare triple {8564#true} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L290 TraceCheckUtils]: 10: Hoare triple {8564#true} assume 0bv32 != test_~tmp~4#1; {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L272 TraceCheckUtils]: 11: Hoare triple {8564#true} call waterRise(); {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L290 TraceCheckUtils]: 12: Hoare triple {8564#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L290 TraceCheckUtils]: 13: Hoare triple {8564#true} assume true; {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {8564#true} {8564#true} #215#return; {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L290 TraceCheckUtils]: 15: Hoare triple {8564#true} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {8564#true} is VALID [2022-02-20 18:10:43,682 INFO L290 TraceCheckUtils]: 16: Hoare triple {8564#true} assume !(0bv32 != test_~tmp___0~1#1); {8564#true} is VALID [2022-02-20 18:10:43,683 INFO L290 TraceCheckUtils]: 17: Hoare triple {8564#true} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {8564#true} is VALID [2022-02-20 18:10:43,683 INFO L290 TraceCheckUtils]: 18: Hoare triple {8564#true} assume 0bv32 != test_~tmp___2~0#1; {8564#true} is VALID [2022-02-20 18:10:43,683 INFO L272 TraceCheckUtils]: 19: Hoare triple {8564#true} call timeShift(); {8564#true} is VALID [2022-02-20 18:10:43,683 INFO L290 TraceCheckUtils]: 20: Hoare triple {8564#true} assume !(0bv32 != ~pumpRunning~0); {8564#true} is VALID [2022-02-20 18:10:43,683 INFO L290 TraceCheckUtils]: 21: Hoare triple {8564#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {8564#true} is VALID [2022-02-20 18:10:43,683 INFO L290 TraceCheckUtils]: 22: Hoare triple {8564#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {8564#true} is VALID [2022-02-20 18:10:43,685 INFO L290 TraceCheckUtils]: 23: Hoare triple {8564#true} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {8638#(= |timeShift_isHighWaterSensorDry_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:43,685 INFO L290 TraceCheckUtils]: 24: Hoare triple {8638#(= |timeShift_isHighWaterSensorDry_#res#1| (_ bv0 32))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {8642#(= |timeShift_isHighWaterLevel_~tmp~7#1| (_ bv0 32))} is VALID [2022-02-20 18:10:43,686 INFO L290 TraceCheckUtils]: 25: Hoare triple {8642#(= |timeShift_isHighWaterLevel_~tmp~7#1| (_ bv0 32))} assume 0bv32 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {8565#false} is VALID [2022-02-20 18:10:43,686 INFO L290 TraceCheckUtils]: 26: Hoare triple {8565#false} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {8565#false} is VALID [2022-02-20 18:10:43,686 INFO L290 TraceCheckUtils]: 27: Hoare triple {8565#false} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {8565#false} is VALID [2022-02-20 18:10:43,686 INFO L290 TraceCheckUtils]: 28: Hoare triple {8565#false} assume !(0bv32 != processEnvironment_~tmp~5#1); {8565#false} is VALID [2022-02-20 18:10:43,686 INFO L272 TraceCheckUtils]: 29: Hoare triple {8565#false} call processEnvironment__wrappee__base(); {8565#false} is VALID [2022-02-20 18:10:43,686 INFO L290 TraceCheckUtils]: 30: Hoare triple {8565#false} assume true; {8565#false} is VALID [2022-02-20 18:10:43,687 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8565#false} {8565#false} #211#return; {8565#false} is VALID [2022-02-20 18:10:43,687 INFO L290 TraceCheckUtils]: 32: Hoare triple {8565#false} assume { :end_inline_processEnvironment } true; {8565#false} is VALID [2022-02-20 18:10:43,687 INFO L290 TraceCheckUtils]: 33: Hoare triple {8565#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8565#false} is VALID [2022-02-20 18:10:43,687 INFO L290 TraceCheckUtils]: 34: Hoare triple {8565#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {8565#false} is VALID [2022-02-20 18:10:43,687 INFO L290 TraceCheckUtils]: 35: Hoare triple {8565#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {8565#false} is VALID [2022-02-20 18:10:43,687 INFO L290 TraceCheckUtils]: 36: Hoare triple {8565#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {8565#false} is VALID [2022-02-20 18:10:43,687 INFO L290 TraceCheckUtils]: 37: Hoare triple {8565#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {8565#false} is VALID [2022-02-20 18:10:43,688 INFO L290 TraceCheckUtils]: 38: Hoare triple {8565#false} assume !false; {8565#false} is VALID [2022-02-20 18:10:43,688 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:43,688 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:43,688 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:43,688 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1377102312] [2022-02-20 18:10:43,688 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1377102312] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:43,688 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:43,688 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:43,688 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [863821688] [2022-02-20 18:10:43,689 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:43,689 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.5) internal successors, (34), 4 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 39 [2022-02-20 18:10:43,689 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:43,689 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 8.5) internal successors, (34), 4 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,715 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:43,715 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:10:43,715 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:43,716 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:10:43,716 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:10:43,716 INFO L87 Difference]: Start difference. First operand 383 states and 484 transitions. Second operand has 4 states, 4 states have (on average 8.5) internal successors, (34), 4 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,876 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:43,876 INFO L93 Difference]: Finished difference Result 742 states and 955 transitions. [2022-02-20 18:10:43,876 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:10:43,876 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.5) internal successors, (34), 4 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 39 [2022-02-20 18:10:43,876 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:43,877 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.5) internal successors, (34), 4 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,878 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 159 transitions. [2022-02-20 18:10:43,878 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.5) internal successors, (34), 4 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,879 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 159 transitions. [2022-02-20 18:10:43,879 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 159 transitions. [2022-02-20 18:10:43,993 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 159 edges. 159 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:44,006 INFO L225 Difference]: With dead ends: 742 [2022-02-20 18:10:44,006 INFO L226 Difference]: Without dead ends: 427 [2022-02-20 18:10:44,007 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 36 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:44,008 INFO L933 BasicCegarLoop]: 86 mSDtfsCounter, 43 mSDsluCounter, 135 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 43 SdHoareTripleChecker+Valid, 221 SdHoareTripleChecker+Invalid, 8 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:44,008 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [43 Valid, 221 Invalid, 8 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:44,008 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 427 states. [2022-02-20 18:10:44,021 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 427 to 377. [2022-02-20 18:10:44,021 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:44,022 INFO L82 GeneralOperation]: Start isEquivalent. First operand 427 states. Second operand has 377 states, 315 states have (on average 1.2634920634920634) internal successors, (398), 342 states have internal predecessors, (398), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,022 INFO L74 IsIncluded]: Start isIncluded. First operand 427 states. Second operand has 377 states, 315 states have (on average 1.2634920634920634) internal successors, (398), 342 states have internal predecessors, (398), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,023 INFO L87 Difference]: Start difference. First operand 427 states. Second operand has 377 states, 315 states have (on average 1.2634920634920634) internal successors, (398), 342 states have internal predecessors, (398), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,032 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:44,032 INFO L93 Difference]: Finished difference Result 427 states and 539 transitions. [2022-02-20 18:10:44,032 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 539 transitions. [2022-02-20 18:10:44,033 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:44,033 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:44,034 INFO L74 IsIncluded]: Start isIncluded. First operand has 377 states, 315 states have (on average 1.2634920634920634) internal successors, (398), 342 states have internal predecessors, (398), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) Second operand 427 states. [2022-02-20 18:10:44,034 INFO L87 Difference]: Start difference. First operand has 377 states, 315 states have (on average 1.2634920634920634) internal successors, (398), 342 states have internal predecessors, (398), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) Second operand 427 states. [2022-02-20 18:10:44,043 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:44,043 INFO L93 Difference]: Finished difference Result 427 states and 539 transitions. [2022-02-20 18:10:44,044 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 539 transitions. [2022-02-20 18:10:44,044 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:44,044 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:44,045 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:44,045 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:44,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 377 states, 315 states have (on average 1.2634920634920634) internal successors, (398), 342 states have internal predecessors, (398), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,054 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 377 states to 377 states and 474 transitions. [2022-02-20 18:10:44,054 INFO L78 Accepts]: Start accepts. Automaton has 377 states and 474 transitions. Word has length 39 [2022-02-20 18:10:44,054 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:44,054 INFO L470 AbstractCegarLoop]: Abstraction has 377 states and 474 transitions. [2022-02-20 18:10:44,054 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 8.5) internal successors, (34), 4 states have internal predecessors, (34), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:44,055 INFO L276 IsEmpty]: Start isEmpty. Operand 377 states and 474 transitions. [2022-02-20 18:10:44,055 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 18:10:44,055 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:44,055 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:44,064 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:44,262 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:44,262 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:44,262 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:44,262 INFO L85 PathProgramCache]: Analyzing trace with hash -1655387280, now seen corresponding path program 1 times [2022-02-20 18:10:44,263 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:44,263 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [835737880] [2022-02-20 18:10:44,263 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:44,263 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:44,263 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:44,264 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:44,265 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Waiting until timeout for monitored process [2022-02-20 18:10:44,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:44,308 INFO L263 TraceCheckSpWp]: Trace formula consists of 171 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:10:44,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:44,317 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:44,423 INFO L290 TraceCheckUtils]: 0: Hoare triple {11151#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,423 INFO L290 TraceCheckUtils]: 1: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,424 INFO L290 TraceCheckUtils]: 2: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,424 INFO L290 TraceCheckUtils]: 3: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,424 INFO L290 TraceCheckUtils]: 4: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,425 INFO L290 TraceCheckUtils]: 5: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,425 INFO L290 TraceCheckUtils]: 6: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,425 INFO L290 TraceCheckUtils]: 7: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !false; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,426 INFO L290 TraceCheckUtils]: 8: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,426 INFO L290 TraceCheckUtils]: 9: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,426 INFO L290 TraceCheckUtils]: 10: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != test_~tmp~4#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,426 INFO L272 TraceCheckUtils]: 11: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} call waterRise(); {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,427 INFO L290 TraceCheckUtils]: 12: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,427 INFO L290 TraceCheckUtils]: 13: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume true; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,427 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} #215#return; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,428 INFO L290 TraceCheckUtils]: 15: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,428 INFO L290 TraceCheckUtils]: 16: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp___0~1#1); {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,428 INFO L290 TraceCheckUtils]: 17: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,429 INFO L290 TraceCheckUtils]: 18: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != test_~tmp___2~0#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,429 INFO L272 TraceCheckUtils]: 19: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} call timeShift(); {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,429 INFO L290 TraceCheckUtils]: 20: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~pumpRunning~0); {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,430 INFO L290 TraceCheckUtils]: 21: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,430 INFO L290 TraceCheckUtils]: 22: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,430 INFO L290 TraceCheckUtils]: 23: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,430 INFO L290 TraceCheckUtils]: 24: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,432 INFO L290 TraceCheckUtils]: 25: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,432 INFO L290 TraceCheckUtils]: 26: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,432 INFO L290 TraceCheckUtils]: 27: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:44,433 INFO L290 TraceCheckUtils]: 28: Hoare triple {11156#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {11241#(= |timeShift_isMethaneLevelCritical_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:44,433 INFO L290 TraceCheckUtils]: 29: Hoare triple {11241#(= |timeShift_isMethaneLevelCritical_#res#1| (_ bv0 32))} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {11245#(= |timeShift_isMethaneAlarm_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:44,433 INFO L290 TraceCheckUtils]: 30: Hoare triple {11245#(= |timeShift_isMethaneAlarm_#res#1| (_ bv0 32))} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {11249#(= |timeShift_activatePump_~tmp~6#1| (_ bv0 32))} is VALID [2022-02-20 18:10:44,433 INFO L290 TraceCheckUtils]: 31: Hoare triple {11249#(= |timeShift_activatePump_~tmp~6#1| (_ bv0 32))} assume 0bv32 != activatePump_~tmp~6#1; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 32: Hoare triple {11152#false} assume { :end_inline_activatePump } true; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 33: Hoare triple {11152#false} assume { :end_inline_processEnvironment } true; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 34: Hoare triple {11152#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 35: Hoare triple {11152#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 36: Hoare triple {11152#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 37: Hoare triple {11152#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 38: Hoare triple {11152#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {11152#false} is VALID [2022-02-20 18:10:44,434 INFO L290 TraceCheckUtils]: 39: Hoare triple {11152#false} assume !false; {11152#false} is VALID [2022-02-20 18:10:44,435 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:44,435 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:44,435 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:44,435 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [835737880] [2022-02-20 18:10:44,435 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [835737880] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:44,435 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:44,435 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:44,435 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1813320177] [2022-02-20 18:10:44,436 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:44,436 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 18:10:44,436 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:44,436 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:44,465 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:44,466 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:44,466 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:44,466 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:44,466 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:44,466 INFO L87 Difference]: Start difference. First operand 377 states and 474 transitions. Second operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:44,814 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:44,814 INFO L93 Difference]: Finished difference Result 1152 states and 1481 transitions. [2022-02-20 18:10:44,814 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:10:44,814 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 18:10:44,815 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:44,815 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:44,816 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 227 transitions. [2022-02-20 18:10:44,816 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:44,818 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 227 transitions. [2022-02-20 18:10:44,818 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 227 transitions. [2022-02-20 18:10:44,957 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 227 edges. 227 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:44,991 INFO L225 Difference]: With dead ends: 1152 [2022-02-20 18:10:44,991 INFO L226 Difference]: Without dead ends: 782 [2022-02-20 18:10:44,992 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:10:44,992 INFO L933 BasicCegarLoop]: 80 mSDtfsCounter, 103 mSDsluCounter, 337 mSDsCounter, 0 mSdLazyCounter, 19 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 103 SdHoareTripleChecker+Valid, 417 SdHoareTripleChecker+Invalid, 22 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 19 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:44,993 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [103 Valid, 417 Invalid, 22 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 19 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:44,993 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 782 states. [2022-02-20 18:10:45,027 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 782 to 740. [2022-02-20 18:10:45,027 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:45,028 INFO L82 GeneralOperation]: Start isEquivalent. First operand 782 states. Second operand has 740 states, 618 states have (on average 1.2475728155339805) internal successors, (771), 664 states have internal predecessors, (771), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,029 INFO L74 IsIncluded]: Start isIncluded. First operand 782 states. Second operand has 740 states, 618 states have (on average 1.2475728155339805) internal successors, (771), 664 states have internal predecessors, (771), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,030 INFO L87 Difference]: Start difference. First operand 782 states. Second operand has 740 states, 618 states have (on average 1.2475728155339805) internal successors, (771), 664 states have internal predecessors, (771), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,054 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,055 INFO L93 Difference]: Finished difference Result 782 states and 980 transitions. [2022-02-20 18:10:45,055 INFO L276 IsEmpty]: Start isEmpty. Operand 782 states and 980 transitions. [2022-02-20 18:10:45,056 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,056 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,058 INFO L74 IsIncluded]: Start isIncluded. First operand has 740 states, 618 states have (on average 1.2475728155339805) internal successors, (771), 664 states have internal predecessors, (771), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 782 states. [2022-02-20 18:10:45,058 INFO L87 Difference]: Start difference. First operand has 740 states, 618 states have (on average 1.2475728155339805) internal successors, (771), 664 states have internal predecessors, (771), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 782 states. [2022-02-20 18:10:45,082 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,083 INFO L93 Difference]: Finished difference Result 782 states and 980 transitions. [2022-02-20 18:10:45,083 INFO L276 IsEmpty]: Start isEmpty. Operand 782 states and 980 transitions. [2022-02-20 18:10:45,084 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,084 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,085 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:45,085 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:45,086 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 740 states, 618 states have (on average 1.2475728155339805) internal successors, (771), 664 states have internal predecessors, (771), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,112 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 740 states to 740 states and 929 transitions. [2022-02-20 18:10:45,112 INFO L78 Accepts]: Start accepts. Automaton has 740 states and 929 transitions. Word has length 40 [2022-02-20 18:10:45,112 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:45,112 INFO L470 AbstractCegarLoop]: Abstraction has 740 states and 929 transitions. [2022-02-20 18:10:45,112 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:45,113 INFO L276 IsEmpty]: Start isEmpty. Operand 740 states and 929 transitions. [2022-02-20 18:10:45,113 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 18:10:45,113 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:45,113 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:45,127 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:45,320 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:45,320 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:45,320 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:45,320 INFO L85 PathProgramCache]: Analyzing trace with hash 1393598081, now seen corresponding path program 1 times [2022-02-20 18:10:45,320 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:45,321 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1307751760] [2022-02-20 18:10:45,321 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:45,321 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:45,321 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:45,322 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:45,325 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Waiting until timeout for monitored process [2022-02-20 18:10:45,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:45,364 INFO L263 TraceCheckSpWp]: Trace formula consists of 173 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:10:45,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:45,374 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:45,538 INFO L290 TraceCheckUtils]: 0: Hoare triple {15552#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,539 INFO L290 TraceCheckUtils]: 2: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,539 INFO L290 TraceCheckUtils]: 3: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,540 INFO L290 TraceCheckUtils]: 4: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,540 INFO L290 TraceCheckUtils]: 5: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,540 INFO L290 TraceCheckUtils]: 6: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,541 INFO L290 TraceCheckUtils]: 7: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume !false; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,541 INFO L290 TraceCheckUtils]: 8: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,541 INFO L290 TraceCheckUtils]: 9: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,542 INFO L290 TraceCheckUtils]: 10: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~4#1; {15557#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:45,542 INFO L272 TraceCheckUtils]: 11: Hoare triple {15557#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {15591#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:45,542 INFO L290 TraceCheckUtils]: 12: Hoare triple {15591#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {15595#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:45,549 INFO L290 TraceCheckUtils]: 13: Hoare triple {15595#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} assume true; {15595#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:45,550 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {15595#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} {15557#(= ~waterLevel~0 (_ bv1 32))} #215#return; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,550 INFO L290 TraceCheckUtils]: 15: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,550 INFO L290 TraceCheckUtils]: 16: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,551 INFO L290 TraceCheckUtils]: 17: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,551 INFO L290 TraceCheckUtils]: 18: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,551 INFO L272 TraceCheckUtils]: 19: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,552 INFO L290 TraceCheckUtils]: 20: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,552 INFO L290 TraceCheckUtils]: 21: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,552 INFO L290 TraceCheckUtils]: 22: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,553 INFO L290 TraceCheckUtils]: 23: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,553 INFO L290 TraceCheckUtils]: 24: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,554 INFO L290 TraceCheckUtils]: 25: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,554 INFO L290 TraceCheckUtils]: 26: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,554 INFO L290 TraceCheckUtils]: 27: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,555 INFO L290 TraceCheckUtils]: 28: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,555 INFO L290 TraceCheckUtils]: 29: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,555 INFO L290 TraceCheckUtils]: 30: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,556 INFO L290 TraceCheckUtils]: 31: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,556 INFO L290 TraceCheckUtils]: 32: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,556 INFO L290 TraceCheckUtils]: 33: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :end_inline_activatePump } true; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,557 INFO L290 TraceCheckUtils]: 34: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :end_inline_processEnvironment } true; {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:45,557 INFO L290 TraceCheckUtils]: 35: Hoare triple {15602#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {15666#(= |timeShift_getWaterLevel_#res#1| (_ bv2 32))} is VALID [2022-02-20 18:10:45,557 INFO L290 TraceCheckUtils]: 36: Hoare triple {15666#(= |timeShift_getWaterLevel_#res#1| (_ bv2 32))} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {15670#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv2 32))} is VALID [2022-02-20 18:10:45,558 INFO L290 TraceCheckUtils]: 37: Hoare triple {15670#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv2 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {15553#false} is VALID [2022-02-20 18:10:45,558 INFO L290 TraceCheckUtils]: 38: Hoare triple {15553#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {15553#false} is VALID [2022-02-20 18:10:45,558 INFO L290 TraceCheckUtils]: 39: Hoare triple {15553#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {15553#false} is VALID [2022-02-20 18:10:45,558 INFO L290 TraceCheckUtils]: 40: Hoare triple {15553#false} assume !false; {15553#false} is VALID [2022-02-20 18:10:45,558 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:45,558 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:45,558 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:45,558 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1307751760] [2022-02-20 18:10:45,558 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1307751760] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:45,558 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:45,559 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:45,559 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1239732702] [2022-02-20 18:10:45,559 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:45,559 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.75) internal successors, (38), 6 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 18:10:45,559 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:45,559 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 4.75) internal successors, (38), 6 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:45,604 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:45,604 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:10:45,604 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:45,605 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:10:45,605 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:45,605 INFO L87 Difference]: Start difference. First operand 740 states and 929 transitions. Second operand has 8 states, 8 states have (on average 4.75) internal successors, (38), 6 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:46,557 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:46,558 INFO L93 Difference]: Finished difference Result 1360 states and 1705 transitions. [2022-02-20 18:10:46,558 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:46,558 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.75) internal successors, (38), 6 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 18:10:46,558 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:46,558 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.75) internal successors, (38), 6 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:46,560 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 311 transitions. [2022-02-20 18:10:46,561 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.75) internal successors, (38), 6 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:46,562 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 311 transitions. [2022-02-20 18:10:46,563 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 311 transitions. [2022-02-20 18:10:46,803 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 311 edges. 311 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:46,834 INFO L225 Difference]: With dead ends: 1360 [2022-02-20 18:10:46,834 INFO L226 Difference]: Without dead ends: 748 [2022-02-20 18:10:46,836 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 45 GetRequests, 33 SyntacticMatches, 1 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=39, Invalid=117, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:10:46,836 INFO L933 BasicCegarLoop]: 124 mSDtfsCounter, 194 mSDsluCounter, 526 mSDsCounter, 0 mSdLazyCounter, 223 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 200 SdHoareTripleChecker+Valid, 650 SdHoareTripleChecker+Invalid, 242 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 223 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:46,836 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [200 Valid, 650 Invalid, 242 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 223 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:10:46,837 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 748 states. [2022-02-20 18:10:46,865 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 748 to 734. [2022-02-20 18:10:46,865 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:46,867 INFO L82 GeneralOperation]: Start isEquivalent. First operand 748 states. Second operand has 734 states, 612 states have (on average 1.2401960784313726) internal successors, (759), 658 states have internal predecessors, (759), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:46,869 INFO L74 IsIncluded]: Start isIncluded. First operand 748 states. Second operand has 734 states, 612 states have (on average 1.2401960784313726) internal successors, (759), 658 states have internal predecessors, (759), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:46,870 INFO L87 Difference]: Start difference. First operand 748 states. Second operand has 734 states, 612 states have (on average 1.2401960784313726) internal successors, (759), 658 states have internal predecessors, (759), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:46,890 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:46,891 INFO L93 Difference]: Finished difference Result 748 states and 928 transitions. [2022-02-20 18:10:46,891 INFO L276 IsEmpty]: Start isEmpty. Operand 748 states and 928 transitions. [2022-02-20 18:10:46,894 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:46,894 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:46,895 INFO L74 IsIncluded]: Start isIncluded. First operand has 734 states, 612 states have (on average 1.2401960784313726) internal successors, (759), 658 states have internal predecessors, (759), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 748 states. [2022-02-20 18:10:46,896 INFO L87 Difference]: Start difference. First operand has 734 states, 612 states have (on average 1.2401960784313726) internal successors, (759), 658 states have internal predecessors, (759), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 748 states. [2022-02-20 18:10:46,919 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:46,919 INFO L93 Difference]: Finished difference Result 748 states and 928 transitions. [2022-02-20 18:10:46,919 INFO L276 IsEmpty]: Start isEmpty. Operand 748 states and 928 transitions. [2022-02-20 18:10:46,921 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:46,921 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:46,921 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:46,921 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:46,922 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 734 states, 612 states have (on average 1.2401960784313726) internal successors, (759), 658 states have internal predecessors, (759), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:46,949 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 734 states to 734 states and 917 transitions. [2022-02-20 18:10:46,949 INFO L78 Accepts]: Start accepts. Automaton has 734 states and 917 transitions. Word has length 41 [2022-02-20 18:10:46,949 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:46,950 INFO L470 AbstractCegarLoop]: Abstraction has 734 states and 917 transitions. [2022-02-20 18:10:46,950 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 4.75) internal successors, (38), 6 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:46,950 INFO L276 IsEmpty]: Start isEmpty. Operand 734 states and 917 transitions. [2022-02-20 18:10:46,951 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2022-02-20 18:10:46,951 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:46,951 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:46,959 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:47,158 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,158 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:47,158 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:47,159 INFO L85 PathProgramCache]: Analyzing trace with hash 1662063762, now seen corresponding path program 1 times [2022-02-20 18:10:47,159 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:47,159 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1391051580] [2022-02-20 18:10:47,159 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:47,159 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,159 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:47,160 INFO L229 MonitoredProcess]: Starting monitored process 13 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:47,161 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Waiting until timeout for monitored process [2022-02-20 18:10:47,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:47,209 INFO L263 TraceCheckSpWp]: Trace formula consists of 198 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 18:10:47,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:47,223 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:47,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {20180#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {20180#true} is VALID [2022-02-20 18:10:47,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {20180#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {20180#true} is VALID [2022-02-20 18:10:47,334 INFO L290 TraceCheckUtils]: 2: Hoare triple {20180#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {20180#true} is VALID [2022-02-20 18:10:47,335 INFO L290 TraceCheckUtils]: 3: Hoare triple {20180#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {20180#true} is VALID [2022-02-20 18:10:47,335 INFO L290 TraceCheckUtils]: 4: Hoare triple {20180#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {20180#true} is VALID [2022-02-20 18:10:47,335 INFO L290 TraceCheckUtils]: 5: Hoare triple {20180#true} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {20180#true} is VALID [2022-02-20 18:10:47,335 INFO L290 TraceCheckUtils]: 6: Hoare triple {20180#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {20180#true} is VALID [2022-02-20 18:10:47,336 INFO L290 TraceCheckUtils]: 7: Hoare triple {20180#true} assume !false; {20180#true} is VALID [2022-02-20 18:10:47,336 INFO L290 TraceCheckUtils]: 8: Hoare triple {20180#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {20180#true} is VALID [2022-02-20 18:10:47,338 INFO L290 TraceCheckUtils]: 9: Hoare triple {20180#true} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {20180#true} is VALID [2022-02-20 18:10:47,340 INFO L290 TraceCheckUtils]: 10: Hoare triple {20180#true} assume !(0bv32 != test_~tmp~4#1); {20180#true} is VALID [2022-02-20 18:10:47,341 INFO L290 TraceCheckUtils]: 11: Hoare triple {20180#true} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {20180#true} is VALID [2022-02-20 18:10:47,342 INFO L290 TraceCheckUtils]: 12: Hoare triple {20180#true} assume !(0bv32 != test_~tmp___0~1#1); {20180#true} is VALID [2022-02-20 18:10:47,342 INFO L290 TraceCheckUtils]: 13: Hoare triple {20180#true} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {20180#true} is VALID [2022-02-20 18:10:47,342 INFO L290 TraceCheckUtils]: 14: Hoare triple {20180#true} assume 0bv32 != test_~tmp___2~0#1; {20180#true} is VALID [2022-02-20 18:10:47,342 INFO L272 TraceCheckUtils]: 15: Hoare triple {20180#true} call timeShift(); {20180#true} is VALID [2022-02-20 18:10:47,342 INFO L290 TraceCheckUtils]: 16: Hoare triple {20180#true} assume !(0bv32 != ~pumpRunning~0); {20180#true} is VALID [2022-02-20 18:10:47,343 INFO L290 TraceCheckUtils]: 17: Hoare triple {20180#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {20180#true} is VALID [2022-02-20 18:10:47,343 INFO L290 TraceCheckUtils]: 18: Hoare triple {20180#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {20180#true} is VALID [2022-02-20 18:10:47,343 INFO L290 TraceCheckUtils]: 19: Hoare triple {20180#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {20180#true} is VALID [2022-02-20 18:10:47,343 INFO L290 TraceCheckUtils]: 20: Hoare triple {20180#true} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {20180#true} is VALID [2022-02-20 18:10:47,344 INFO L290 TraceCheckUtils]: 21: Hoare triple {20180#true} assume 0bv32 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {20248#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} is VALID [2022-02-20 18:10:47,344 INFO L290 TraceCheckUtils]: 22: Hoare triple {20248#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {20252#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 23: Hoare triple {20252#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {20256#(= |timeShift_processEnvironment_~tmp~5#1| (_ bv0 32))} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 24: Hoare triple {20256#(= |timeShift_processEnvironment_~tmp~5#1| (_ bv0 32))} assume 0bv32 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 25: Hoare triple {20181#false} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 26: Hoare triple {20181#false} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 27: Hoare triple {20181#false} assume !(0bv32 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 28: Hoare triple {20181#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 29: Hoare triple {20181#false} assume { :end_inline_activatePump } true; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 30: Hoare triple {20181#false} assume { :end_inline_processEnvironment } true; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 31: Hoare triple {20181#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 32: Hoare triple {20181#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 33: Hoare triple {20181#false} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1); {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 34: Hoare triple {20181#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 35: Hoare triple {20181#false} assume true; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {20181#false} {20180#true} #219#return; {20181#false} is VALID [2022-02-20 18:10:47,345 INFO L290 TraceCheckUtils]: 37: Hoare triple {20181#false} assume !false; {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L290 TraceCheckUtils]: 38: Hoare triple {20181#false} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L290 TraceCheckUtils]: 39: Hoare triple {20181#false} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L290 TraceCheckUtils]: 40: Hoare triple {20181#false} assume !(0bv32 != test_~tmp~4#1); {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L290 TraceCheckUtils]: 41: Hoare triple {20181#false} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L290 TraceCheckUtils]: 42: Hoare triple {20181#false} assume !(0bv32 != test_~tmp___0~1#1); {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L290 TraceCheckUtils]: 43: Hoare triple {20181#false} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L290 TraceCheckUtils]: 44: Hoare triple {20181#false} assume 0bv32 != test_~tmp___2~0#1; {20181#false} is VALID [2022-02-20 18:10:47,346 INFO L272 TraceCheckUtils]: 45: Hoare triple {20181#false} call timeShift(); {20181#false} is VALID [2022-02-20 18:10:47,347 INFO L290 TraceCheckUtils]: 46: Hoare triple {20181#false} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {20181#false} is VALID [2022-02-20 18:10:47,347 INFO L290 TraceCheckUtils]: 47: Hoare triple {20181#false} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {20181#false} is VALID [2022-02-20 18:10:47,347 INFO L290 TraceCheckUtils]: 48: Hoare triple {20181#false} assume { :end_inline_lowerWaterLevel } true; {20181#false} is VALID [2022-02-20 18:10:47,347 INFO L290 TraceCheckUtils]: 49: Hoare triple {20181#false} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {20181#false} is VALID [2022-02-20 18:10:47,347 INFO L290 TraceCheckUtils]: 50: Hoare triple {20181#false} assume !(0bv32 == ~pumpRunning~0); {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L272 TraceCheckUtils]: 51: Hoare triple {20181#false} call processEnvironment__wrappee__base(); {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L290 TraceCheckUtils]: 52: Hoare triple {20181#false} assume true; {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {20181#false} {20181#false} #213#return; {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L290 TraceCheckUtils]: 54: Hoare triple {20181#false} assume { :end_inline_processEnvironment } true; {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L290 TraceCheckUtils]: 55: Hoare triple {20181#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L290 TraceCheckUtils]: 56: Hoare triple {20181#false} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L290 TraceCheckUtils]: 57: Hoare triple {20181#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {20181#false} is VALID [2022-02-20 18:10:47,348 INFO L290 TraceCheckUtils]: 58: Hoare triple {20181#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {20181#false} is VALID [2022-02-20 18:10:47,349 INFO L290 TraceCheckUtils]: 59: Hoare triple {20181#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {20181#false} is VALID [2022-02-20 18:10:47,349 INFO L290 TraceCheckUtils]: 60: Hoare triple {20181#false} assume !false; {20181#false} is VALID [2022-02-20 18:10:47,349 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:47,349 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:47,349 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:47,349 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1391051580] [2022-02-20 18:10:47,349 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1391051580] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:47,349 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:47,350 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:47,350 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1068989574] [2022-02-20 18:10:47,350 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:47,350 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.6) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 61 [2022-02-20 18:10:47,350 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:47,350 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 10.6) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:47,389 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 58 edges. 58 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:47,389 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:47,389 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:47,389 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:47,389 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:47,390 INFO L87 Difference]: Start difference. First operand 734 states and 917 transitions. Second operand has 5 states, 5 states have (on average 10.6) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:47,668 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,668 INFO L93 Difference]: Finished difference Result 1386 states and 1752 transitions. [2022-02-20 18:10:47,668 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:47,668 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.6) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 61 [2022-02-20 18:10:47,669 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:47,669 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 10.6) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:47,670 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 151 transitions. [2022-02-20 18:10:47,670 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 10.6) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:47,671 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 151 transitions. [2022-02-20 18:10:47,671 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 151 transitions. [2022-02-20 18:10:47,765 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 151 edges. 151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:47,787 INFO L225 Difference]: With dead ends: 1386 [2022-02-20 18:10:47,788 INFO L226 Difference]: Without dead ends: 659 [2022-02-20 18:10:47,789 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 62 GetRequests, 57 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:47,790 INFO L933 BasicCegarLoop]: 73 mSDtfsCounter, 39 mSDsluCounter, 196 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 269 SdHoareTripleChecker+Invalid, 16 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:47,790 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [39 Valid, 269 Invalid, 16 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:47,790 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 659 states. [2022-02-20 18:10:47,809 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 659 to 639. [2022-02-20 18:10:47,809 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:47,810 INFO L82 GeneralOperation]: Start isEquivalent. First operand 659 states. Second operand has 639 states, 527 states have (on average 1.2258064516129032) internal successors, (646), 564 states have internal predecessors, (646), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:47,811 INFO L74 IsIncluded]: Start isIncluded. First operand 659 states. Second operand has 639 states, 527 states have (on average 1.2258064516129032) internal successors, (646), 564 states have internal predecessors, (646), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:47,812 INFO L87 Difference]: Start difference. First operand 659 states. Second operand has 639 states, 527 states have (on average 1.2258064516129032) internal successors, (646), 564 states have internal predecessors, (646), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:47,828 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,828 INFO L93 Difference]: Finished difference Result 659 states and 808 transitions. [2022-02-20 18:10:47,829 INFO L276 IsEmpty]: Start isEmpty. Operand 659 states and 808 transitions. [2022-02-20 18:10:47,830 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:47,830 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:47,831 INFO L74 IsIncluded]: Start isIncluded. First operand has 639 states, 527 states have (on average 1.2258064516129032) internal successors, (646), 564 states have internal predecessors, (646), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) Second operand 659 states. [2022-02-20 18:10:47,832 INFO L87 Difference]: Start difference. First operand has 639 states, 527 states have (on average 1.2258064516129032) internal successors, (646), 564 states have internal predecessors, (646), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) Second operand 659 states. [2022-02-20 18:10:47,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,849 INFO L93 Difference]: Finished difference Result 659 states and 808 transitions. [2022-02-20 18:10:47,849 INFO L276 IsEmpty]: Start isEmpty. Operand 659 states and 808 transitions. [2022-02-20 18:10:47,850 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:47,850 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:47,850 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:47,850 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:47,852 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 639 states, 527 states have (on average 1.2258064516129032) internal successors, (646), 564 states have internal predecessors, (646), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:47,872 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 639 states to 639 states and 783 transitions. [2022-02-20 18:10:47,872 INFO L78 Accepts]: Start accepts. Automaton has 639 states and 783 transitions. Word has length 61 [2022-02-20 18:10:47,873 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:47,873 INFO L470 AbstractCegarLoop]: Abstraction has 639 states and 783 transitions. [2022-02-20 18:10:47,873 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 10.6) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:47,873 INFO L276 IsEmpty]: Start isEmpty. Operand 639 states and 783 transitions. [2022-02-20 18:10:47,874 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 66 [2022-02-20 18:10:47,874 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:47,874 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:47,885 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:48,081 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 13 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:48,081 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:48,081 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:48,082 INFO L85 PathProgramCache]: Analyzing trace with hash 960970024, now seen corresponding path program 1 times [2022-02-20 18:10:48,082 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:48,082 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [112391050] [2022-02-20 18:10:48,082 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:48,082 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:48,082 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:48,083 INFO L229 MonitoredProcess]: Starting monitored process 14 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:48,084 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (14)] Waiting until timeout for monitored process [2022-02-20 18:10:48,127 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:48,130 INFO L263 TraceCheckSpWp]: Trace formula consists of 205 conjuncts, 13 conjunts are in the unsatisfiable core [2022-02-20 18:10:48,141 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:48,142 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:48,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {24564#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,387 INFO L290 TraceCheckUtils]: 2: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,387 INFO L290 TraceCheckUtils]: 3: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,387 INFO L290 TraceCheckUtils]: 4: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,387 INFO L290 TraceCheckUtils]: 5: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,388 INFO L290 TraceCheckUtils]: 6: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,388 INFO L290 TraceCheckUtils]: 7: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume !false; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,388 INFO L290 TraceCheckUtils]: 8: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,389 INFO L290 TraceCheckUtils]: 9: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,389 INFO L290 TraceCheckUtils]: 10: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~4#1; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,390 INFO L272 TraceCheckUtils]: 11: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,390 INFO L290 TraceCheckUtils]: 12: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {24607#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:48,399 INFO L290 TraceCheckUtils]: 13: Hoare triple {24607#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} assume true; {24607#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:48,400 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {24607#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} {24569#(= ~waterLevel~0 (_ bv1 32))} #215#return; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,401 INFO L290 TraceCheckUtils]: 15: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,402 INFO L290 TraceCheckUtils]: 16: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume !(0bv32 != test_~tmp___0~1#1); {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,402 INFO L290 TraceCheckUtils]: 17: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,403 INFO L290 TraceCheckUtils]: 18: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume 0bv32 != test_~tmp___2~0#1; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,403 INFO L272 TraceCheckUtils]: 19: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} call timeShift(); {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,403 INFO L290 TraceCheckUtils]: 20: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != ~pumpRunning~0); {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,404 INFO L290 TraceCheckUtils]: 21: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,404 INFO L290 TraceCheckUtils]: 22: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,404 INFO L290 TraceCheckUtils]: 23: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,405 INFO L290 TraceCheckUtils]: 24: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,405 INFO L290 TraceCheckUtils]: 25: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,405 INFO L290 TraceCheckUtils]: 26: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,406 INFO L290 TraceCheckUtils]: 27: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,406 INFO L290 TraceCheckUtils]: 28: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,407 INFO L290 TraceCheckUtils]: 29: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,407 INFO L290 TraceCheckUtils]: 30: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,407 INFO L290 TraceCheckUtils]: 31: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,408 INFO L290 TraceCheckUtils]: 32: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,408 INFO L290 TraceCheckUtils]: 33: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_activatePump } true; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,408 INFO L290 TraceCheckUtils]: 34: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_processEnvironment } true; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,409 INFO L290 TraceCheckUtils]: 35: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,409 INFO L290 TraceCheckUtils]: 36: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,409 INFO L290 TraceCheckUtils]: 37: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1); {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,410 INFO L290 TraceCheckUtils]: 38: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,410 INFO L290 TraceCheckUtils]: 39: Hoare triple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume true; {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:48,410 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {24603#(= ~waterLevel~0 |old(~waterLevel~0)|)} {24614#(= ~waterLevel~0 (_ bv2 32))} #219#return; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,411 INFO L290 TraceCheckUtils]: 41: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume !false; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,411 INFO L290 TraceCheckUtils]: 42: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,411 INFO L290 TraceCheckUtils]: 43: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,412 INFO L290 TraceCheckUtils]: 44: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume !(0bv32 != test_~tmp~4#1); {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,412 INFO L290 TraceCheckUtils]: 45: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,412 INFO L290 TraceCheckUtils]: 46: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume !(0bv32 != test_~tmp___0~1#1); {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,413 INFO L290 TraceCheckUtils]: 47: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,413 INFO L290 TraceCheckUtils]: 48: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume 0bv32 != test_~tmp___2~0#1; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,414 INFO L272 TraceCheckUtils]: 49: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} call timeShift(); {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,414 INFO L290 TraceCheckUtils]: 50: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {24614#(= ~waterLevel~0 (_ bv2 32))} is VALID [2022-02-20 18:10:48,414 INFO L290 TraceCheckUtils]: 51: Hoare triple {24614#(= ~waterLevel~0 (_ bv2 32))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,415 INFO L290 TraceCheckUtils]: 52: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_lowerWaterLevel } true; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,415 INFO L290 TraceCheckUtils]: 53: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,415 INFO L290 TraceCheckUtils]: 54: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 == ~pumpRunning~0); {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,415 INFO L272 TraceCheckUtils]: 55: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} call processEnvironment__wrappee__base(); {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,416 INFO L290 TraceCheckUtils]: 56: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume true; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,416 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {24569#(= ~waterLevel~0 (_ bv1 32))} {24569#(= ~waterLevel~0 (_ bv1 32))} #213#return; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,416 INFO L290 TraceCheckUtils]: 58: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_processEnvironment } true; {24569#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:48,417 INFO L290 TraceCheckUtils]: 59: Hoare triple {24569#(= ~waterLevel~0 (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {24750#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:48,417 INFO L290 TraceCheckUtils]: 60: Hoare triple {24750#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {24754#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv1 32))} is VALID [2022-02-20 18:10:48,417 INFO L290 TraceCheckUtils]: 61: Hoare triple {24754#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv1 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {24565#false} is VALID [2022-02-20 18:10:48,418 INFO L290 TraceCheckUtils]: 62: Hoare triple {24565#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {24565#false} is VALID [2022-02-20 18:10:48,418 INFO L290 TraceCheckUtils]: 63: Hoare triple {24565#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {24565#false} is VALID [2022-02-20 18:10:48,418 INFO L290 TraceCheckUtils]: 64: Hoare triple {24565#false} assume !false; {24565#false} is VALID [2022-02-20 18:10:48,418 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 0 proven. 11 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:10:48,418 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:48,879 INFO L290 TraceCheckUtils]: 64: Hoare triple {24565#false} assume !false; {24565#false} is VALID [2022-02-20 18:10:48,879 INFO L290 TraceCheckUtils]: 63: Hoare triple {24565#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {24565#false} is VALID [2022-02-20 18:10:48,879 INFO L290 TraceCheckUtils]: 62: Hoare triple {24565#false} __utac_acc__Specification4_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret10#1;havoc __utac_acc__Specification4_spec__1_#t~ret10#1; {24565#false} is VALID [2022-02-20 18:10:48,880 INFO L290 TraceCheckUtils]: 61: Hoare triple {24776#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv0 32)))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {24565#false} is VALID [2022-02-20 18:10:48,880 INFO L290 TraceCheckUtils]: 60: Hoare triple {24780#(not (= |timeShift_getWaterLevel_#res#1| (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {24776#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~0#1| (_ bv0 32)))} is VALID [2022-02-20 18:10:48,880 INFO L290 TraceCheckUtils]: 59: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {24780#(not (= |timeShift_getWaterLevel_#res#1| (_ bv0 32)))} is VALID [2022-02-20 18:10:48,881 INFO L290 TraceCheckUtils]: 58: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_processEnvironment } true; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,881 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {24564#true} {24784#(not (= ~waterLevel~0 (_ bv0 32)))} #213#return; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,881 INFO L290 TraceCheckUtils]: 56: Hoare triple {24564#true} assume true; {24564#true} is VALID [2022-02-20 18:10:48,881 INFO L272 TraceCheckUtils]: 55: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} call processEnvironment__wrappee__base(); {24564#true} is VALID [2022-02-20 18:10:48,881 INFO L290 TraceCheckUtils]: 54: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume !(0bv32 == ~pumpRunning~0); {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,883 INFO L290 TraceCheckUtils]: 53: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,884 INFO L290 TraceCheckUtils]: 52: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_lowerWaterLevel } true; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,884 INFO L290 TraceCheckUtils]: 51: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,886 INFO L290 TraceCheckUtils]: 50: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,886 INFO L272 TraceCheckUtils]: 49: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} call timeShift(); {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,886 INFO L290 TraceCheckUtils]: 48: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != test_~tmp___2~0#1; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,887 INFO L290 TraceCheckUtils]: 47: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,887 INFO L290 TraceCheckUtils]: 46: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~1#1); {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,887 INFO L290 TraceCheckUtils]: 45: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,887 INFO L290 TraceCheckUtils]: 44: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp~4#1); {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,888 INFO L290 TraceCheckUtils]: 43: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,888 INFO L290 TraceCheckUtils]: 42: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,888 INFO L290 TraceCheckUtils]: 41: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !false; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,889 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} #219#return; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,889 INFO L290 TraceCheckUtils]: 39: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume true; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,889 INFO L290 TraceCheckUtils]: 38: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,890 INFO L290 TraceCheckUtils]: 37: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~0#1); {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,890 INFO L290 TraceCheckUtils]: 36: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret9#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~0#1 := __utac_acc__Specification4_spec__1_#t~ret9#1;havoc __utac_acc__Specification4_spec__1_#t~ret9#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,890 INFO L290 TraceCheckUtils]: 35: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret9#1, __utac_acc__Specification4_spec__1_#t~ret10#1, __utac_acc__Specification4_spec__1_~tmp~0#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~0#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,891 INFO L290 TraceCheckUtils]: 34: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_processEnvironment } true; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,891 INFO L290 TraceCheckUtils]: 33: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_activatePump } true; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,891 INFO L290 TraceCheckUtils]: 32: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,892 INFO L290 TraceCheckUtils]: 31: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,892 INFO L290 TraceCheckUtils]: 30: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} activatePump_#t~ret40#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~6#1 := activatePump_#t~ret40#1;havoc activatePump_#t~ret40#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,893 INFO L290 TraceCheckUtils]: 29: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isMethaneAlarm_#t~ret41#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~8#1 := isMethaneAlarm_#t~ret41#1;havoc isMethaneAlarm_#t~ret41#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~8#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,893 INFO L290 TraceCheckUtils]: 28: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret40#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret41#1, isMethaneAlarm_~retValue_acc~8#1;havoc isMethaneAlarm_~retValue_acc~8#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,893 INFO L290 TraceCheckUtils]: 27: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} processEnvironment_#t~ret39#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret39#1;havoc processEnvironment_#t~ret39#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,894 INFO L290 TraceCheckUtils]: 26: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isHighWaterLevel_~retValue_acc~10#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~10#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,894 INFO L290 TraceCheckUtils]: 25: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,894 INFO L290 TraceCheckUtils]: 24: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isHighWaterLevel_#t~ret50#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret50#1;havoc isHighWaterLevel_#t~ret50#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,895 INFO L290 TraceCheckUtils]: 23: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,895 INFO L290 TraceCheckUtils]: 22: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret50#1, isHighWaterLevel_~retValue_acc~10#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~10#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,895 INFO L290 TraceCheckUtils]: 21: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret39#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,896 INFO L290 TraceCheckUtils]: 20: Hoare triple {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != ~pumpRunning~0); {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,896 INFO L272 TraceCheckUtils]: 19: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} call timeShift(); {24846#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,896 INFO L290 TraceCheckUtils]: 18: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != test_~tmp___2~0#1; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,897 INFO L290 TraceCheckUtils]: 17: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,897 INFO L290 TraceCheckUtils]: 16: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~1#1); {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,897 INFO L290 TraceCheckUtils]: 15: Hoare triple {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___0~1#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,898 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {24925#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} {24784#(not (= ~waterLevel~0 (_ bv0 32)))} #215#return; {24809#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:48,898 INFO L290 TraceCheckUtils]: 13: Hoare triple {24925#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} assume true; {24925#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:48,899 INFO L290 TraceCheckUtils]: 12: Hoare triple {24932#(or (not (= ~waterLevel~0 (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {24925#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:48,899 INFO L272 TraceCheckUtils]: 11: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} call waterRise(); {24932#(or (not (= ~waterLevel~0 (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:48,899 INFO L290 TraceCheckUtils]: 10: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != test_~tmp~4#1; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,899 INFO L290 TraceCheckUtils]: 9: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} test_~tmp~4#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,900 INFO L290 TraceCheckUtils]: 8: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,900 INFO L290 TraceCheckUtils]: 7: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume !false; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,900 INFO L290 TraceCheckUtils]: 6: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,900 INFO L290 TraceCheckUtils]: 5: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != main_~tmp~8#1;assume { :begin_inline_setup } true; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,901 INFO L290 TraceCheckUtils]: 4: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,901 INFO L290 TraceCheckUtils]: 3: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,901 INFO L290 TraceCheckUtils]: 2: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {24784#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,903 INFO L290 TraceCheckUtils]: 0: Hoare triple {24564#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32; {24784#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:48,904 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 1 proven. 10 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:10:48,904 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:48,904 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [112391050] [2022-02-20 18:10:48,904 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [112391050] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:48,904 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 18:10:48,904 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 9] total 15 [2022-02-20 18:10:48,904 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1777932814] [2022-02-20 18:10:48,904 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:48,905 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 14 states have internal predecessors, (105), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) Word has length 65 [2022-02-20 18:10:48,905 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:48,905 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 15 states have (on average 7.0) internal successors, (105), 14 states have internal predecessors, (105), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:49,003 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:49,003 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:10:49,003 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:49,003 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:10:49,003 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=42, Invalid=168, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:10:49,004 INFO L87 Difference]: Start difference. First operand 639 states and 783 transitions. Second operand has 15 states, 15 states have (on average 7.0) internal successors, (105), 14 states have internal predecessors, (105), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:51,193 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:51,194 INFO L93 Difference]: Finished difference Result 1738 states and 2270 transitions. [2022-02-20 18:10:51,194 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-02-20 18:10:51,194 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 14 states have internal predecessors, (105), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) Word has length 65 [2022-02-20 18:10:51,194 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:51,195 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 7.0) internal successors, (105), 14 states have internal predecessors, (105), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:51,199 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 530 transitions. [2022-02-20 18:10:51,199 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 7.0) internal successors, (105), 14 states have internal predecessors, (105), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:51,205 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 530 transitions. [2022-02-20 18:10:51,205 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 34 states and 530 transitions. [2022-02-20 18:10:51,618 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 530 edges. 530 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:51,685 INFO L225 Difference]: With dead ends: 1738 [2022-02-20 18:10:51,685 INFO L226 Difference]: Without dead ends: 1172 [2022-02-20 18:10:51,687 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 157 GetRequests, 117 SyntacticMatches, 2 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 307 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=335, Invalid=1225, Unknown=0, NotChecked=0, Total=1560 [2022-02-20 18:10:51,690 INFO L933 BasicCegarLoop]: 131 mSDtfsCounter, 613 mSDsluCounter, 648 mSDsCounter, 0 mSdLazyCounter, 486 mSolverCounterSat, 239 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 622 SdHoareTripleChecker+Valid, 779 SdHoareTripleChecker+Invalid, 725 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 239 IncrementalHoareTripleChecker+Valid, 486 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:51,690 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [622 Valid, 779 Invalid, 725 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [239 Valid, 486 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 18:10:51,692 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1172 states. [2022-02-20 18:10:51,751 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1172 to 1108. [2022-02-20 18:10:51,751 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:51,753 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1172 states. Second operand has 1108 states, 901 states have (on average 1.223085460599334) internal successors, (1102), 962 states have internal predecessors, (1102), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:51,755 INFO L74 IsIncluded]: Start isIncluded. First operand 1172 states. Second operand has 1108 states, 901 states have (on average 1.223085460599334) internal successors, (1102), 962 states have internal predecessors, (1102), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:51,756 INFO L87 Difference]: Start difference. First operand 1172 states. Second operand has 1108 states, 901 states have (on average 1.223085460599334) internal successors, (1102), 962 states have internal predecessors, (1102), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:51,824 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:51,825 INFO L93 Difference]: Finished difference Result 1172 states and 1492 transitions. [2022-02-20 18:10:51,825 INFO L276 IsEmpty]: Start isEmpty. Operand 1172 states and 1492 transitions. [2022-02-20 18:10:51,830 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:51,831 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:51,833 INFO L74 IsIncluded]: Start isIncluded. First operand has 1108 states, 901 states have (on average 1.223085460599334) internal successors, (1102), 962 states have internal predecessors, (1102), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) Second operand 1172 states. [2022-02-20 18:10:51,835 INFO L87 Difference]: Start difference. First operand has 1108 states, 901 states have (on average 1.223085460599334) internal successors, (1102), 962 states have internal predecessors, (1102), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) Second operand 1172 states. [2022-02-20 18:10:51,906 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:51,906 INFO L93 Difference]: Finished difference Result 1172 states and 1492 transitions. [2022-02-20 18:10:51,906 INFO L276 IsEmpty]: Start isEmpty. Operand 1172 states and 1492 transitions. [2022-02-20 18:10:51,910 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:51,910 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:51,910 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:51,910 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:51,913 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1108 states, 901 states have (on average 1.223085460599334) internal successors, (1102), 962 states have internal predecessors, (1102), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:51,999 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1108 states to 1108 states and 1395 transitions. [2022-02-20 18:10:52,000 INFO L78 Accepts]: Start accepts. Automaton has 1108 states and 1395 transitions. Word has length 65 [2022-02-20 18:10:52,000 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:52,000 INFO L470 AbstractCegarLoop]: Abstraction has 1108 states and 1395 transitions. [2022-02-20 18:10:52,001 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 14 states have internal predecessors, (105), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:52,001 INFO L276 IsEmpty]: Start isEmpty. Operand 1108 states and 1395 transitions. [2022-02-20 18:10:52,002 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 90 [2022-02-20 18:10:52,002 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:52,002 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:52,023 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (14)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:52,223 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:52,223 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:52,224 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:52,224 INFO L85 PathProgramCache]: Analyzing trace with hash 1753618127, now seen corresponding path program 2 times [2022-02-20 18:10:52,224 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:52,224 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [667475142] [2022-02-20 18:10:52,224 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-02-20 18:10:52,224 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:52,224 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:52,225 INFO L229 MonitoredProcess]: Starting monitored process 15 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:52,227 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (15)] Waiting until timeout for monitored process [2022-02-20 18:10:52,286 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-02-20 18:10:52,286 INFO L229 tOrderPrioritization]: Conjunction of SSA is sat [2022-02-20 18:10:52,286 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:10:52,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:52,381 INFO L138 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-02-20 18:10:52,381 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:10:52,382 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:52,396 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (15)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:52,594 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 15 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:52,597 INFO L732 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:52,599 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:52,629 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:10:52,629 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:10:52,632 INFO L158 Benchmark]: Toolchain (without parser) took 16506.72ms. Allocated memory was 58.7MB in the beginning and 157.3MB in the end (delta: 98.6MB). Free memory was 37.4MB in the beginning and 58.1MB in the end (delta: -20.7MB). Peak memory consumption was 78.0MB. Max. memory is 16.1GB. [2022-02-20 18:10:52,632 INFO L158 Benchmark]: CDTParser took 0.16ms. Allocated memory is still 58.7MB. Free memory was 41.7MB in the beginning and 41.7MB in the end (delta: 42.5kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:52,632 INFO L158 Benchmark]: CACSL2BoogieTranslator took 486.48ms. Allocated memory was 58.7MB in the beginning and 73.4MB in the end (delta: 14.7MB). Free memory was 37.3MB in the beginning and 54.4MB in the end (delta: -17.1MB). Peak memory consumption was 15.6MB. Max. memory is 16.1GB. [2022-02-20 18:10:52,633 INFO L158 Benchmark]: Boogie Procedure Inliner took 47.13ms. Allocated memory is still 73.4MB. Free memory was 54.1MB in the beginning and 51.5MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:52,633 INFO L158 Benchmark]: Boogie Preprocessor took 27.10ms. Allocated memory is still 73.4MB. Free memory was 51.5MB in the beginning and 49.9MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:52,633 INFO L158 Benchmark]: RCFGBuilder took 438.13ms. Allocated memory is still 73.4MB. Free memory was 49.6MB in the beginning and 53.0MB in the end (delta: -3.4MB). Peak memory consumption was 15.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:52,633 INFO L158 Benchmark]: TraceAbstraction took 15502.27ms. Allocated memory was 73.4MB in the beginning and 157.3MB in the end (delta: 83.9MB). Free memory was 52.6MB in the beginning and 58.1MB in the end (delta: -5.6MB). Peak memory consumption was 78.6MB. Max. memory is 16.1GB. [2022-02-20 18:10:52,634 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.16ms. Allocated memory is still 58.7MB. Free memory was 41.7MB in the beginning and 41.7MB in the end (delta: 42.5kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 486.48ms. Allocated memory was 58.7MB in the beginning and 73.4MB in the end (delta: 14.7MB). Free memory was 37.3MB in the beginning and 54.4MB in the end (delta: -17.1MB). Peak memory consumption was 15.6MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 47.13ms. Allocated memory is still 73.4MB. Free memory was 54.1MB in the beginning and 51.5MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 27.10ms. Allocated memory is still 73.4MB. Free memory was 51.5MB in the beginning and 49.9MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 438.13ms. Allocated memory is still 73.4MB. Free memory was 49.6MB in the beginning and 53.0MB in the end (delta: -3.4MB). Peak memory consumption was 15.2MB. Max. memory is 16.1GB. * TraceAbstraction took 15502.27ms. Allocated memory was 73.4MB in the beginning and 157.3MB in the end (delta: 83.9MB). Free memory was 52.6MB in the beginning and 58.1MB in the end (delta: -5.6MB). Peak memory consumption was 78.6MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:10:52,659 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: ERROR: ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator