./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 190527f0b5c755657048457e241e1db06174c0bd15c9c37dddb3c55b0e7d73ce --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:24,737 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:24,740 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:24,762 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:24,762 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:24,764 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:24,766 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:24,768 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:24,769 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:24,772 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:24,773 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:24,774 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:24,774 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:24,776 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:24,777 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:24,778 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:24,779 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:24,779 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:24,782 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:24,785 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:24,787 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:24,787 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:24,788 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:24,789 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:24,792 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:24,795 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:24,795 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:24,796 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:24,796 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:24,797 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:24,797 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:24,798 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:24,798 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:24,799 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:24,800 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:24,800 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:24,801 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:24,801 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:24,801 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:24,802 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:24,802 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:24,803 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:10:24,822 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:24,826 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:24,826 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:24,827 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:24,827 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:24,827 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:24,828 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:24,828 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:24,828 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:24,828 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:24,829 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:24,829 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:10:24,829 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:24,829 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:24,829 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:24,830 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:24,830 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:24,830 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:24,830 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:24,830 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:24,830 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:24,830 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:24,831 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:24,831 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:24,831 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:24,831 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:24,831 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:24,832 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:24,832 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:10:24,832 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:10:24,832 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:24,832 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:24,832 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:24,833 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 190527f0b5c755657048457e241e1db06174c0bd15c9c37dddb3c55b0e7d73ce [2022-02-20 18:10:25,046 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:25,065 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:25,068 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:25,069 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:25,069 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:25,070 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c [2022-02-20 18:10:25,125 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/23c5fc969/c545c1b5237f412c999e67c8395eb9a5/FLAG840f514a7 [2022-02-20 18:10:25,533 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:25,534 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c [2022-02-20 18:10:25,547 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/23c5fc969/c545c1b5237f412c999e67c8395eb9a5/FLAG840f514a7 [2022-02-20 18:10:25,557 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/23c5fc969/c545c1b5237f412c999e67c8395eb9a5 [2022-02-20 18:10:25,559 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:25,560 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:25,563 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:25,564 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:25,566 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:25,569 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,570 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@48bfb191 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:25, skipping insertion in model container [2022-02-20 18:10:25,570 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:25" (1/1) ... [2022-02-20 18:10:25,576 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:25,637 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:25,910 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c[17943,17956] [2022-02-20 18:10:25,912 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:25,924 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:26,008 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c[17943,17956] [2022-02-20 18:10:26,012 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:26,027 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:26,028 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26 WrapperNode [2022-02-20 18:10:26,028 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:26,029 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:26,029 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:26,029 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:26,034 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,059 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,082 INFO L137 Inliner]: procedures = 54, calls = 152, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 249 [2022-02-20 18:10:26,085 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:26,087 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:26,087 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:26,087 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:26,092 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,093 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,096 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,097 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,108 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,111 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,112 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,113 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:26,114 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:26,114 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:26,114 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:26,115 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (1/1) ... [2022-02-20 18:10:26,120 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:26,132 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:26,146 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:26,151 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:26,177 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:26,177 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:26,177 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:26,177 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:26,177 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:26,178 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:26,178 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:26,178 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:26,179 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:26,180 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:10:26,180 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:26,180 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:26,180 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:26,180 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:26,256 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:26,257 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:26,577 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:26,582 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:26,582 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:26,584 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:26 BoogieIcfgContainer [2022-02-20 18:10:26,584 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:26,585 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:26,585 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:26,588 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:26,588 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:25" (1/3) ... [2022-02-20 18:10:26,589 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@195d645e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:26, skipping insertion in model container [2022-02-20 18:10:26,589 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:26" (2/3) ... [2022-02-20 18:10:26,589 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@195d645e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:26, skipping insertion in model container [2022-02-20 18:10:26,590 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:26" (3/3) ... [2022-02-20 18:10:26,590 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product42.cil.c [2022-02-20 18:10:26,594 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:26,594 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:26,642 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:26,648 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:26,648 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:26,670 INFO L276 IsEmpty]: Start isEmpty. Operand has 75 states, 60 states have (on average 1.4) internal successors, (84), 66 states have internal predecessors, (84), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:10:26,677 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:26,677 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:26,677 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:26,678 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:26,682 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:26,682 INFO L85 PathProgramCache]: Analyzing trace with hash 1725577786, now seen corresponding path program 1 times [2022-02-20 18:10:26,688 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:26,689 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1145996338] [2022-02-20 18:10:26,689 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:26,690 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:26,816 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:26,891 INFO L290 TraceCheckUtils]: 0: Hoare triple {78#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {78#true} is VALID [2022-02-20 18:10:26,891 INFO L290 TraceCheckUtils]: 1: Hoare triple {78#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {78#true} is VALID [2022-02-20 18:10:26,892 INFO L290 TraceCheckUtils]: 2: Hoare triple {78#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {78#true} is VALID [2022-02-20 18:10:26,892 INFO L290 TraceCheckUtils]: 3: Hoare triple {78#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {78#true} is VALID [2022-02-20 18:10:26,892 INFO L290 TraceCheckUtils]: 4: Hoare triple {78#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {78#true} is VALID [2022-02-20 18:10:26,892 INFO L290 TraceCheckUtils]: 5: Hoare triple {78#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {78#true} is VALID [2022-02-20 18:10:26,893 INFO L290 TraceCheckUtils]: 6: Hoare triple {78#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {78#true} is VALID [2022-02-20 18:10:26,893 INFO L290 TraceCheckUtils]: 7: Hoare triple {78#true} assume false; {79#false} is VALID [2022-02-20 18:10:26,894 INFO L272 TraceCheckUtils]: 8: Hoare triple {79#false} call cleanup(); {79#false} is VALID [2022-02-20 18:10:26,894 INFO L290 TraceCheckUtils]: 9: Hoare triple {79#false} havoc ~i~0;havoc ~__cil_tmp2~0; {79#false} is VALID [2022-02-20 18:10:26,894 INFO L272 TraceCheckUtils]: 10: Hoare triple {79#false} call timeShift(); {79#false} is VALID [2022-02-20 18:10:26,894 INFO L290 TraceCheckUtils]: 11: Hoare triple {79#false} assume !(0 != ~pumpRunning~0); {79#false} is VALID [2022-02-20 18:10:26,895 INFO L290 TraceCheckUtils]: 12: Hoare triple {79#false} assume !(0 != ~systemActive~0); {79#false} is VALID [2022-02-20 18:10:26,895 INFO L290 TraceCheckUtils]: 13: Hoare triple {79#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {79#false} is VALID [2022-02-20 18:10:26,895 INFO L290 TraceCheckUtils]: 14: Hoare triple {79#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {79#false} is VALID [2022-02-20 18:10:26,895 INFO L290 TraceCheckUtils]: 15: Hoare triple {79#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {79#false} is VALID [2022-02-20 18:10:26,896 INFO L290 TraceCheckUtils]: 16: Hoare triple {79#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {79#false} is VALID [2022-02-20 18:10:26,896 INFO L290 TraceCheckUtils]: 17: Hoare triple {79#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {79#false} is VALID [2022-02-20 18:10:26,896 INFO L290 TraceCheckUtils]: 18: Hoare triple {79#false} assume !false; {79#false} is VALID [2022-02-20 18:10:26,897 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:26,898 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:26,898 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1145996338] [2022-02-20 18:10:26,898 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1145996338] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:26,899 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:26,899 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:26,900 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1847528055] [2022-02-20 18:10:26,900 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:26,904 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:26,905 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:26,907 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:26,940 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:26,941 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:26,941 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:26,957 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:26,958 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:26,961 INFO L87 Difference]: Start difference. First operand has 75 states, 60 states have (on average 1.4) internal successors, (84), 66 states have internal predecessors, (84), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,037 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,038 INFO L93 Difference]: Finished difference Result 142 states and 195 transitions. [2022-02-20 18:10:27,038 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:27,038 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:27,038 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:27,039 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,046 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 195 transitions. [2022-02-20 18:10:27,047 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,051 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 195 transitions. [2022-02-20 18:10:27,051 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 195 transitions. [2022-02-20 18:10:27,197 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 195 edges. 195 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,204 INFO L225 Difference]: With dead ends: 142 [2022-02-20 18:10:27,205 INFO L226 Difference]: Without dead ends: 66 [2022-02-20 18:10:27,207 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:27,209 INFO L933 BasicCegarLoop]: 94 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 94 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:27,210 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 94 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:27,221 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 66 states. [2022-02-20 18:10:27,232 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 66 to 66. [2022-02-20 18:10:27,232 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:27,233 INFO L82 GeneralOperation]: Start isEquivalent. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,234 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,234 INFO L87 Difference]: Start difference. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,238 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,238 INFO L93 Difference]: Finished difference Result 66 states and 85 transitions. [2022-02-20 18:10:27,238 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 85 transitions. [2022-02-20 18:10:27,239 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,239 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,239 INFO L74 IsIncluded]: Start isIncluded. First operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 66 states. [2022-02-20 18:10:27,240 INFO L87 Difference]: Start difference. First operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 66 states. [2022-02-20 18:10:27,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,243 INFO L93 Difference]: Finished difference Result 66 states and 85 transitions. [2022-02-20 18:10:27,244 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 85 transitions. [2022-02-20 18:10:27,244 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,244 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,244 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:27,245 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:27,245 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:27,247 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 85 transitions. [2022-02-20 18:10:27,249 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 85 transitions. Word has length 19 [2022-02-20 18:10:27,249 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:27,249 INFO L470 AbstractCegarLoop]: Abstraction has 66 states and 85 transitions. [2022-02-20 18:10:27,249 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,249 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 85 transitions. [2022-02-20 18:10:27,250 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:27,250 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:27,250 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:27,251 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:10:27,251 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:27,251 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:27,252 INFO L85 PathProgramCache]: Analyzing trace with hash -1606599487, now seen corresponding path program 1 times [2022-02-20 18:10:27,252 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:27,252 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1481150289] [2022-02-20 18:10:27,252 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:27,252 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:27,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,304 INFO L290 TraceCheckUtils]: 0: Hoare triple {520#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {520#true} is VALID [2022-02-20 18:10:27,304 INFO L290 TraceCheckUtils]: 1: Hoare triple {520#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {520#true} is VALID [2022-02-20 18:10:27,304 INFO L290 TraceCheckUtils]: 2: Hoare triple {520#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {520#true} is VALID [2022-02-20 18:10:27,304 INFO L290 TraceCheckUtils]: 3: Hoare triple {520#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {520#true} is VALID [2022-02-20 18:10:27,304 INFO L290 TraceCheckUtils]: 4: Hoare triple {520#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {520#true} is VALID [2022-02-20 18:10:27,304 INFO L290 TraceCheckUtils]: 5: Hoare triple {520#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {520#true} is VALID [2022-02-20 18:10:27,305 INFO L290 TraceCheckUtils]: 6: Hoare triple {520#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {522#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:27,305 INFO L290 TraceCheckUtils]: 7: Hoare triple {522#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {522#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:27,306 INFO L290 TraceCheckUtils]: 8: Hoare triple {522#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {521#false} is VALID [2022-02-20 18:10:27,306 INFO L272 TraceCheckUtils]: 9: Hoare triple {521#false} call cleanup(); {521#false} is VALID [2022-02-20 18:10:27,306 INFO L290 TraceCheckUtils]: 10: Hoare triple {521#false} havoc ~i~0;havoc ~__cil_tmp2~0; {521#false} is VALID [2022-02-20 18:10:27,306 INFO L272 TraceCheckUtils]: 11: Hoare triple {521#false} call timeShift(); {521#false} is VALID [2022-02-20 18:10:27,306 INFO L290 TraceCheckUtils]: 12: Hoare triple {521#false} assume !(0 != ~pumpRunning~0); {521#false} is VALID [2022-02-20 18:10:27,307 INFO L290 TraceCheckUtils]: 13: Hoare triple {521#false} assume !(0 != ~systemActive~0); {521#false} is VALID [2022-02-20 18:10:27,307 INFO L290 TraceCheckUtils]: 14: Hoare triple {521#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {521#false} is VALID [2022-02-20 18:10:27,307 INFO L290 TraceCheckUtils]: 15: Hoare triple {521#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {521#false} is VALID [2022-02-20 18:10:27,307 INFO L290 TraceCheckUtils]: 16: Hoare triple {521#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {521#false} is VALID [2022-02-20 18:10:27,307 INFO L290 TraceCheckUtils]: 17: Hoare triple {521#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {521#false} is VALID [2022-02-20 18:10:27,307 INFO L290 TraceCheckUtils]: 18: Hoare triple {521#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {521#false} is VALID [2022-02-20 18:10:27,307 INFO L290 TraceCheckUtils]: 19: Hoare triple {521#false} assume !false; {521#false} is VALID [2022-02-20 18:10:27,308 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:27,308 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:27,308 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1481150289] [2022-02-20 18:10:27,308 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1481150289] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:27,308 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:27,308 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:27,308 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1658991683] [2022-02-20 18:10:27,308 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:27,309 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:27,309 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:27,310 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,323 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,323 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:27,323 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:27,324 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:27,324 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:27,324 INFO L87 Difference]: Start difference. First operand 66 states and 85 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,390 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,390 INFO L93 Difference]: Finished difference Result 97 states and 125 transitions. [2022-02-20 18:10:27,390 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:27,391 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:27,391 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:27,391 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,393 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 125 transitions. [2022-02-20 18:10:27,393 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,394 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 125 transitions. [2022-02-20 18:10:27,394 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 125 transitions. [2022-02-20 18:10:27,516 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 125 edges. 125 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,517 INFO L225 Difference]: With dead ends: 97 [2022-02-20 18:10:27,517 INFO L226 Difference]: Without dead ends: 57 [2022-02-20 18:10:27,518 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:27,519 INFO L933 BasicCegarLoop]: 72 mSDtfsCounter, 13 mSDsluCounter, 55 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 127 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:27,519 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [16 Valid, 127 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:27,520 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2022-02-20 18:10:27,523 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 57. [2022-02-20 18:10:27,523 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:27,534 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,534 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,534 INFO L87 Difference]: Start difference. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,536 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,536 INFO L93 Difference]: Finished difference Result 57 states and 73 transitions. [2022-02-20 18:10:27,536 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 73 transitions. [2022-02-20 18:10:27,537 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,537 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,537 INFO L74 IsIncluded]: Start isIncluded. First operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:27,537 INFO L87 Difference]: Start difference. First operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:27,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,539 INFO L93 Difference]: Finished difference Result 57 states and 73 transitions. [2022-02-20 18:10:27,539 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 73 transitions. [2022-02-20 18:10:27,540 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:27,540 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:27,540 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:27,540 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:27,540 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,541 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 73 transitions. [2022-02-20 18:10:27,541 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 73 transitions. Word has length 20 [2022-02-20 18:10:27,542 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:27,542 INFO L470 AbstractCegarLoop]: Abstraction has 57 states and 73 transitions. [2022-02-20 18:10:27,542 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,542 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 73 transitions. [2022-02-20 18:10:27,542 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:10:27,542 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:27,543 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:27,543 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:10:27,543 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:27,543 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:27,543 INFO L85 PathProgramCache]: Analyzing trace with hash 1615154650, now seen corresponding path program 1 times [2022-02-20 18:10:27,543 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:27,543 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2127260297] [2022-02-20 18:10:27,544 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:27,544 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:27,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:27,645 INFO L290 TraceCheckUtils]: 0: Hoare triple {865#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {867#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,646 INFO L290 TraceCheckUtils]: 1: Hoare triple {867#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {867#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,646 INFO L290 TraceCheckUtils]: 2: Hoare triple {867#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {867#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:27,648 INFO L290 TraceCheckUtils]: 3: Hoare triple {867#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {868#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:10:27,648 INFO L290 TraceCheckUtils]: 4: Hoare triple {868#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {869#(= |ULTIMATE.start_main_~tmp~4#1| ~systemActive~0)} is VALID [2022-02-20 18:10:27,649 INFO L290 TraceCheckUtils]: 5: Hoare triple {869#(= |ULTIMATE.start_main_~tmp~4#1| ~systemActive~0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,649 INFO L290 TraceCheckUtils]: 6: Hoare triple {870#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,650 INFO L290 TraceCheckUtils]: 7: Hoare triple {870#(not (= 0 ~systemActive~0))} assume !false; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,650 INFO L290 TraceCheckUtils]: 8: Hoare triple {870#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,650 INFO L290 TraceCheckUtils]: 9: Hoare triple {870#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,651 INFO L290 TraceCheckUtils]: 10: Hoare triple {870#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~5#1); {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,651 INFO L290 TraceCheckUtils]: 11: Hoare triple {870#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,654 INFO L290 TraceCheckUtils]: 12: Hoare triple {870#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~1#1); {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,655 INFO L290 TraceCheckUtils]: 13: Hoare triple {870#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,656 INFO L290 TraceCheckUtils]: 14: Hoare triple {870#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,656 INFO L290 TraceCheckUtils]: 15: Hoare triple {870#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___1~0#1; {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,657 INFO L272 TraceCheckUtils]: 16: Hoare triple {870#(not (= 0 ~systemActive~0))} call timeShift(); {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,659 INFO L290 TraceCheckUtils]: 17: Hoare triple {870#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {870#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:27,659 INFO L290 TraceCheckUtils]: 18: Hoare triple {870#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {866#false} is VALID [2022-02-20 18:10:27,659 INFO L290 TraceCheckUtils]: 19: Hoare triple {866#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {866#false} is VALID [2022-02-20 18:10:27,659 INFO L290 TraceCheckUtils]: 20: Hoare triple {866#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {866#false} is VALID [2022-02-20 18:10:27,659 INFO L290 TraceCheckUtils]: 21: Hoare triple {866#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {866#false} is VALID [2022-02-20 18:10:27,660 INFO L290 TraceCheckUtils]: 22: Hoare triple {866#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {866#false} is VALID [2022-02-20 18:10:27,660 INFO L290 TraceCheckUtils]: 23: Hoare triple {866#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {866#false} is VALID [2022-02-20 18:10:27,661 INFO L290 TraceCheckUtils]: 24: Hoare triple {866#false} assume !false; {866#false} is VALID [2022-02-20 18:10:27,661 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:27,661 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:27,661 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2127260297] [2022-02-20 18:10:27,661 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2127260297] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:27,661 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:27,661 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:27,661 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [811043234] [2022-02-20 18:10:27,662 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:27,662 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 25 [2022-02-20 18:10:27,662 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:27,662 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,682 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,683 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:27,683 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:27,684 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:27,684 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:27,685 INFO L87 Difference]: Start difference. First operand 57 states and 73 transitions. Second operand has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,883 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:27,883 INFO L93 Difference]: Finished difference Result 107 states and 140 transitions. [2022-02-20 18:10:27,883 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:27,884 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 25 [2022-02-20 18:10:27,884 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:27,884 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,886 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 140 transitions. [2022-02-20 18:10:27,886 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:27,888 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 140 transitions. [2022-02-20 18:10:27,888 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 140 transitions. [2022-02-20 18:10:27,987 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 140 edges. 140 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:27,989 INFO L225 Difference]: With dead ends: 107 [2022-02-20 18:10:27,989 INFO L226 Difference]: Without dead ends: 57 [2022-02-20 18:10:27,989 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:27,990 INFO L933 BasicCegarLoop]: 66 mSDtfsCounter, 98 mSDsluCounter, 84 mSDsCounter, 0 mSdLazyCounter, 25 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 98 SdHoareTripleChecker+Valid, 150 SdHoareTripleChecker+Invalid, 38 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 25 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:27,991 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [98 Valid, 150 Invalid, 38 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 25 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:27,991 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2022-02-20 18:10:27,999 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 57. [2022-02-20 18:10:27,999 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:27,999 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,999 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:27,999 INFO L87 Difference]: Start difference. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:28,002 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,002 INFO L93 Difference]: Finished difference Result 57 states and 72 transitions. [2022-02-20 18:10:28,003 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 72 transitions. [2022-02-20 18:10:28,004 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,005 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,005 INFO L74 IsIncluded]: Start isIncluded. First operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:28,005 INFO L87 Difference]: Start difference. First operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:28,008 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,008 INFO L93 Difference]: Finished difference Result 57 states and 72 transitions. [2022-02-20 18:10:28,008 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 72 transitions. [2022-02-20 18:10:28,011 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,011 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,011 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:28,011 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:28,012 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:28,014 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 72 transitions. [2022-02-20 18:10:28,014 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 72 transitions. Word has length 25 [2022-02-20 18:10:28,014 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:28,014 INFO L470 AbstractCegarLoop]: Abstraction has 57 states and 72 transitions. [2022-02-20 18:10:28,014 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:28,014 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 72 transitions. [2022-02-20 18:10:28,015 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2022-02-20 18:10:28,015 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:28,015 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:28,016 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:10:28,016 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:28,016 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:28,016 INFO L85 PathProgramCache]: Analyzing trace with hash -1401083419, now seen corresponding path program 1 times [2022-02-20 18:10:28,016 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:28,016 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [45424439] [2022-02-20 18:10:28,017 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:28,017 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:28,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,102 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:10:28,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {1229#true} assume true; {1229#true} is VALID [2022-02-20 18:10:28,106 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1229#true} {1230#false} #211#return; {1230#false} is VALID [2022-02-20 18:10:28,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {1229#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {1231#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {1231#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,107 INFO L290 TraceCheckUtils]: 3: Hoare triple {1231#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,108 INFO L290 TraceCheckUtils]: 4: Hoare triple {1231#(= ~pumpRunning~0 0)} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,108 INFO L290 TraceCheckUtils]: 5: Hoare triple {1231#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,108 INFO L290 TraceCheckUtils]: 6: Hoare triple {1231#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,109 INFO L290 TraceCheckUtils]: 7: Hoare triple {1231#(= ~pumpRunning~0 0)} assume !false; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,109 INFO L290 TraceCheckUtils]: 8: Hoare triple {1231#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,109 INFO L290 TraceCheckUtils]: 9: Hoare triple {1231#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,110 INFO L290 TraceCheckUtils]: 10: Hoare triple {1231#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~5#1); {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,110 INFO L290 TraceCheckUtils]: 11: Hoare triple {1231#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,110 INFO L290 TraceCheckUtils]: 12: Hoare triple {1231#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~1#1); {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,111 INFO L290 TraceCheckUtils]: 13: Hoare triple {1231#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,111 INFO L290 TraceCheckUtils]: 14: Hoare triple {1231#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,111 INFO L290 TraceCheckUtils]: 15: Hoare triple {1231#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,112 INFO L272 TraceCheckUtils]: 16: Hoare triple {1231#(= ~pumpRunning~0 0)} call timeShift(); {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,112 INFO L290 TraceCheckUtils]: 17: Hoare triple {1231#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,112 INFO L290 TraceCheckUtils]: 18: Hoare triple {1231#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {1231#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:28,113 INFO L290 TraceCheckUtils]: 19: Hoare triple {1231#(= ~pumpRunning~0 0)} assume !(0 == ~pumpRunning~0); {1230#false} is VALID [2022-02-20 18:10:28,113 INFO L272 TraceCheckUtils]: 20: Hoare triple {1230#false} call processEnvironment__wrappee__base(); {1229#true} is VALID [2022-02-20 18:10:28,113 INFO L290 TraceCheckUtils]: 21: Hoare triple {1229#true} assume true; {1229#true} is VALID [2022-02-20 18:10:28,113 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1229#true} {1230#false} #211#return; {1230#false} is VALID [2022-02-20 18:10:28,113 INFO L290 TraceCheckUtils]: 23: Hoare triple {1230#false} assume { :end_inline_processEnvironment } true; {1230#false} is VALID [2022-02-20 18:10:28,113 INFO L290 TraceCheckUtils]: 24: Hoare triple {1230#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1230#false} is VALID [2022-02-20 18:10:28,113 INFO L290 TraceCheckUtils]: 25: Hoare triple {1230#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {1230#false} is VALID [2022-02-20 18:10:28,113 INFO L290 TraceCheckUtils]: 26: Hoare triple {1230#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {1230#false} is VALID [2022-02-20 18:10:28,113 INFO L290 TraceCheckUtils]: 27: Hoare triple {1230#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {1230#false} is VALID [2022-02-20 18:10:28,114 INFO L290 TraceCheckUtils]: 28: Hoare triple {1230#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1230#false} is VALID [2022-02-20 18:10:28,114 INFO L290 TraceCheckUtils]: 29: Hoare triple {1230#false} assume !false; {1230#false} is VALID [2022-02-20 18:10:28,114 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:28,114 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:28,114 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [45424439] [2022-02-20 18:10:28,114 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [45424439] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:28,114 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:28,114 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:28,114 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [896062829] [2022-02-20 18:10:28,115 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:28,115 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2022-02-20 18:10:28,115 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:28,115 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,134 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,136 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:28,136 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:28,137 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:28,137 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:28,138 INFO L87 Difference]: Start difference. First operand 57 states and 72 transitions. Second operand has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,203 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,203 INFO L93 Difference]: Finished difference Result 143 states and 185 transitions. [2022-02-20 18:10:28,204 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:28,204 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2022-02-20 18:10:28,204 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:28,204 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,210 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 185 transitions. [2022-02-20 18:10:28,211 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,213 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 185 transitions. [2022-02-20 18:10:28,213 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 185 transitions. [2022-02-20 18:10:28,326 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 185 edges. 185 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,330 INFO L225 Difference]: With dead ends: 143 [2022-02-20 18:10:28,330 INFO L226 Difference]: Without dead ends: 93 [2022-02-20 18:10:28,331 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:28,338 INFO L933 BasicCegarLoop]: 73 mSDtfsCounter, 45 mSDsluCounter, 46 mSDsCounter, 0 mSdLazyCounter, 7 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 119 SdHoareTripleChecker+Invalid, 10 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 7 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:28,340 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 119 Invalid, 10 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 7 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:28,343 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 93 states. [2022-02-20 18:10:28,350 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 93 to 91. [2022-02-20 18:10:28,350 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:28,350 INFO L82 GeneralOperation]: Start isEquivalent. First operand 93 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,351 INFO L74 IsIncluded]: Start isIncluded. First operand 93 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,351 INFO L87 Difference]: Start difference. First operand 93 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,354 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,354 INFO L93 Difference]: Finished difference Result 93 states and 116 transitions. [2022-02-20 18:10:28,354 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 116 transitions. [2022-02-20 18:10:28,354 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,355 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,355 INFO L74 IsIncluded]: Start isIncluded. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 93 states. [2022-02-20 18:10:28,355 INFO L87 Difference]: Start difference. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 93 states. [2022-02-20 18:10:28,358 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,358 INFO L93 Difference]: Finished difference Result 93 states and 116 transitions. [2022-02-20 18:10:28,358 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 116 transitions. [2022-02-20 18:10:28,358 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,358 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,358 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:28,358 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:28,359 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:28,361 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 91 states to 91 states and 115 transitions. [2022-02-20 18:10:28,361 INFO L78 Accepts]: Start accepts. Automaton has 91 states and 115 transitions. Word has length 30 [2022-02-20 18:10:28,361 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:28,362 INFO L470 AbstractCegarLoop]: Abstraction has 91 states and 115 transitions. [2022-02-20 18:10:28,362 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,362 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 115 transitions. [2022-02-20 18:10:28,362 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-02-20 18:10:28,363 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:28,363 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:28,363 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:10:28,363 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:28,363 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:28,363 INFO L85 PathProgramCache]: Analyzing trace with hash 435007003, now seen corresponding path program 1 times [2022-02-20 18:10:28,364 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:28,364 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1812591909] [2022-02-20 18:10:28,364 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:28,364 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:28,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 26 [2022-02-20 18:10:28,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {1758#true} assume true; {1758#true} is VALID [2022-02-20 18:10:28,416 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1758#true} {1759#false} #209#return; {1759#false} is VALID [2022-02-20 18:10:28,417 INFO L290 TraceCheckUtils]: 0: Hoare triple {1758#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {1760#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {1760#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,418 INFO L290 TraceCheckUtils]: 3: Hoare triple {1760#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,418 INFO L290 TraceCheckUtils]: 4: Hoare triple {1760#(= ~waterLevel~0 1)} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,418 INFO L290 TraceCheckUtils]: 5: Hoare triple {1760#(= ~waterLevel~0 1)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,419 INFO L290 TraceCheckUtils]: 6: Hoare triple {1760#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,419 INFO L290 TraceCheckUtils]: 7: Hoare triple {1760#(= ~waterLevel~0 1)} assume !false; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,419 INFO L290 TraceCheckUtils]: 8: Hoare triple {1760#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,420 INFO L290 TraceCheckUtils]: 9: Hoare triple {1760#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,420 INFO L290 TraceCheckUtils]: 10: Hoare triple {1760#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~5#1); {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,420 INFO L290 TraceCheckUtils]: 11: Hoare triple {1760#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,420 INFO L290 TraceCheckUtils]: 12: Hoare triple {1760#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~1#1); {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,421 INFO L290 TraceCheckUtils]: 13: Hoare triple {1760#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,421 INFO L290 TraceCheckUtils]: 14: Hoare triple {1760#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,421 INFO L290 TraceCheckUtils]: 15: Hoare triple {1760#(= ~waterLevel~0 1)} assume 0 != test_~tmp___1~0#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,422 INFO L272 TraceCheckUtils]: 16: Hoare triple {1760#(= ~waterLevel~0 1)} call timeShift(); {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,422 INFO L290 TraceCheckUtils]: 17: Hoare triple {1760#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,422 INFO L290 TraceCheckUtils]: 18: Hoare triple {1760#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,423 INFO L290 TraceCheckUtils]: 19: Hoare triple {1760#(= ~waterLevel~0 1)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {1760#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,423 INFO L290 TraceCheckUtils]: 20: Hoare triple {1760#(= ~waterLevel~0 1)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {1759#false} is VALID [2022-02-20 18:10:28,423 INFO L290 TraceCheckUtils]: 21: Hoare triple {1759#false} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {1759#false} is VALID [2022-02-20 18:10:28,423 INFO L290 TraceCheckUtils]: 22: Hoare triple {1759#false} assume 0 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0; {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 23: Hoare triple {1759#false} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 24: Hoare triple {1759#false} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 25: Hoare triple {1759#false} assume !(0 != processEnvironment_~tmp~6#1); {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L272 TraceCheckUtils]: 26: Hoare triple {1759#false} call processEnvironment__wrappee__base(); {1758#true} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 27: Hoare triple {1758#true} assume true; {1758#true} is VALID [2022-02-20 18:10:28,424 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {1758#true} {1759#false} #209#return; {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 29: Hoare triple {1759#false} assume { :end_inline_processEnvironment } true; {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 30: Hoare triple {1759#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 31: Hoare triple {1759#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {1759#false} is VALID [2022-02-20 18:10:28,424 INFO L290 TraceCheckUtils]: 32: Hoare triple {1759#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {1759#false} is VALID [2022-02-20 18:10:28,425 INFO L290 TraceCheckUtils]: 33: Hoare triple {1759#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {1759#false} is VALID [2022-02-20 18:10:28,425 INFO L290 TraceCheckUtils]: 34: Hoare triple {1759#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1759#false} is VALID [2022-02-20 18:10:28,425 INFO L290 TraceCheckUtils]: 35: Hoare triple {1759#false} assume !false; {1759#false} is VALID [2022-02-20 18:10:28,425 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:28,425 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:28,425 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1812591909] [2022-02-20 18:10:28,425 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1812591909] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:28,425 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:28,425 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:28,425 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [602960540] [2022-02-20 18:10:28,425 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:28,426 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:28,426 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:28,426 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,459 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,460 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:28,460 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:28,460 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:28,460 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:28,460 INFO L87 Difference]: Start difference. First operand 91 states and 115 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,560 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,560 INFO L93 Difference]: Finished difference Result 249 states and 330 transitions. [2022-02-20 18:10:28,560 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:28,561 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:28,561 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:28,561 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,564 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 200 transitions. [2022-02-20 18:10:28,564 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,566 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 200 transitions. [2022-02-20 18:10:28,566 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 200 transitions. [2022-02-20 18:10:28,686 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 200 edges. 200 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,691 INFO L225 Difference]: With dead ends: 249 [2022-02-20 18:10:28,691 INFO L226 Difference]: Without dead ends: 165 [2022-02-20 18:10:28,691 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 4 SyntacticMatches, 1 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:28,692 INFO L933 BasicCegarLoop]: 72 mSDtfsCounter, 41 mSDsluCounter, 60 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 132 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:28,692 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 132 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:28,693 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 165 states. [2022-02-20 18:10:28,702 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 165 to 163. [2022-02-20 18:10:28,702 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:28,703 INFO L82 GeneralOperation]: Start isEquivalent. First operand 165 states. Second operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:28,703 INFO L74 IsIncluded]: Start isIncluded. First operand 165 states. Second operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:28,704 INFO L87 Difference]: Start difference. First operand 165 states. Second operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:28,709 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,709 INFO L93 Difference]: Finished difference Result 165 states and 212 transitions. [2022-02-20 18:10:28,709 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 212 transitions. [2022-02-20 18:10:28,710 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,710 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,710 INFO L74 IsIncluded]: Start isIncluded. First operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 165 states. [2022-02-20 18:10:28,711 INFO L87 Difference]: Start difference. First operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 165 states. [2022-02-20 18:10:28,715 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:28,715 INFO L93 Difference]: Finished difference Result 165 states and 212 transitions. [2022-02-20 18:10:28,715 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 212 transitions. [2022-02-20 18:10:28,716 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:28,716 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:28,716 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:28,716 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:28,717 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:28,721 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 163 states to 163 states and 211 transitions. [2022-02-20 18:10:28,721 INFO L78 Accepts]: Start accepts. Automaton has 163 states and 211 transitions. Word has length 36 [2022-02-20 18:10:28,721 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:28,722 INFO L470 AbstractCegarLoop]: Abstraction has 163 states and 211 transitions. [2022-02-20 18:10:28,722 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,722 INFO L276 IsEmpty]: Start isEmpty. Operand 163 states and 211 transitions. [2022-02-20 18:10:28,723 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-02-20 18:10:28,723 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:28,723 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:28,723 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:10:28,723 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:28,724 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:28,724 INFO L85 PathProgramCache]: Analyzing trace with hash 1456075357, now seen corresponding path program 1 times [2022-02-20 18:10:28,724 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:28,724 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [262973469] [2022-02-20 18:10:28,724 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:28,724 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:28,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,823 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 26 [2022-02-20 18:10:28,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:28,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {2689#true} assume true; {2689#true} is VALID [2022-02-20 18:10:28,827 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {2689#true} {2694#(not (= ~waterLevel~0 0))} #209#return; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,827 INFO L290 TraceCheckUtils]: 0: Hoare triple {2689#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {2691#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,827 INFO L290 TraceCheckUtils]: 1: Hoare triple {2691#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {2691#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,828 INFO L290 TraceCheckUtils]: 2: Hoare triple {2691#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2691#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:28,828 INFO L290 TraceCheckUtils]: 3: Hoare triple {2691#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {2692#(= |ULTIMATE.start_valid_product_#res#1| ~waterLevel~0)} is VALID [2022-02-20 18:10:28,828 INFO L290 TraceCheckUtils]: 4: Hoare triple {2692#(= |ULTIMATE.start_valid_product_#res#1| ~waterLevel~0)} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {2693#(= ~waterLevel~0 |ULTIMATE.start_main_~tmp~4#1|)} is VALID [2022-02-20 18:10:28,829 INFO L290 TraceCheckUtils]: 5: Hoare triple {2693#(= ~waterLevel~0 |ULTIMATE.start_main_~tmp~4#1|)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,829 INFO L290 TraceCheckUtils]: 6: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,829 INFO L290 TraceCheckUtils]: 7: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume !false; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,829 INFO L290 TraceCheckUtils]: 8: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume test_~splverifierCounter~0#1 < 4; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,830 INFO L290 TraceCheckUtils]: 9: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,830 INFO L290 TraceCheckUtils]: 10: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp~5#1); {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,831 INFO L290 TraceCheckUtils]: 11: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,831 INFO L290 TraceCheckUtils]: 12: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp___0~1#1); {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,831 INFO L290 TraceCheckUtils]: 13: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,831 INFO L290 TraceCheckUtils]: 14: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,832 INFO L290 TraceCheckUtils]: 15: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume 0 != test_~tmp___1~0#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,832 INFO L272 TraceCheckUtils]: 16: Hoare triple {2694#(not (= ~waterLevel~0 0))} call timeShift(); {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,832 INFO L290 TraceCheckUtils]: 17: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume !(0 != ~pumpRunning~0); {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,833 INFO L290 TraceCheckUtils]: 18: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,833 INFO L290 TraceCheckUtils]: 19: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,833 INFO L290 TraceCheckUtils]: 20: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,834 INFO L290 TraceCheckUtils]: 21: Hoare triple {2694#(not (= ~waterLevel~0 0))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,834 INFO L290 TraceCheckUtils]: 22: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume 0 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,834 INFO L290 TraceCheckUtils]: 23: Hoare triple {2694#(not (= ~waterLevel~0 0))} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,834 INFO L290 TraceCheckUtils]: 24: Hoare triple {2694#(not (= ~waterLevel~0 0))} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,835 INFO L290 TraceCheckUtils]: 25: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume !(0 != processEnvironment_~tmp~6#1); {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,835 INFO L272 TraceCheckUtils]: 26: Hoare triple {2694#(not (= ~waterLevel~0 0))} call processEnvironment__wrappee__base(); {2689#true} is VALID [2022-02-20 18:10:28,835 INFO L290 TraceCheckUtils]: 27: Hoare triple {2689#true} assume true; {2689#true} is VALID [2022-02-20 18:10:28,835 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2689#true} {2694#(not (= ~waterLevel~0 0))} #209#return; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,836 INFO L290 TraceCheckUtils]: 29: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume { :end_inline_processEnvironment } true; {2694#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:28,836 INFO L290 TraceCheckUtils]: 30: Hoare triple {2694#(not (= ~waterLevel~0 0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {2697#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:10:28,836 INFO L290 TraceCheckUtils]: 31: Hoare triple {2697#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {2698#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| 0))} is VALID [2022-02-20 18:10:28,837 INFO L290 TraceCheckUtils]: 32: Hoare triple {2698#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {2690#false} is VALID [2022-02-20 18:10:28,837 INFO L290 TraceCheckUtils]: 33: Hoare triple {2690#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {2690#false} is VALID [2022-02-20 18:10:28,841 INFO L290 TraceCheckUtils]: 34: Hoare triple {2690#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {2690#false} is VALID [2022-02-20 18:10:28,843 INFO L290 TraceCheckUtils]: 35: Hoare triple {2690#false} assume !false; {2690#false} is VALID [2022-02-20 18:10:28,844 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:28,844 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:28,844 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [262973469] [2022-02-20 18:10:28,844 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [262973469] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:28,844 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:28,844 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:10:28,844 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [587252995] [2022-02-20 18:10:28,844 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:28,845 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.125) internal successors, (33), 8 states have internal predecessors, (33), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:28,845 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:28,845 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 4.125) internal successors, (33), 8 states have internal predecessors, (33), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:28,870 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:28,870 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:10:28,871 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:28,871 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:10:28,871 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:28,871 INFO L87 Difference]: Start difference. First operand 163 states and 211 transitions. Second operand has 8 states, 8 states have (on average 4.125) internal successors, (33), 8 states have internal predecessors, (33), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,323 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,323 INFO L93 Difference]: Finished difference Result 399 states and 548 transitions. [2022-02-20 18:10:29,323 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:29,324 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.125) internal successors, (33), 8 states have internal predecessors, (33), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:29,324 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:29,324 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.125) internal successors, (33), 8 states have internal predecessors, (33), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,327 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 265 transitions. [2022-02-20 18:10:29,327 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.125) internal successors, (33), 8 states have internal predecessors, (33), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,330 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 265 transitions. [2022-02-20 18:10:29,330 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 265 transitions. [2022-02-20 18:10:29,509 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 265 edges. 265 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:29,514 INFO L225 Difference]: With dead ends: 399 [2022-02-20 18:10:29,514 INFO L226 Difference]: Without dead ends: 243 [2022-02-20 18:10:29,515 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=51, Invalid=131, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:10:29,516 INFO L933 BasicCegarLoop]: 74 mSDtfsCounter, 138 mSDsluCounter, 376 mSDsCounter, 0 mSdLazyCounter, 116 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 138 SdHoareTripleChecker+Valid, 450 SdHoareTripleChecker+Invalid, 132 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 116 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:29,516 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [138 Valid, 450 Invalid, 132 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 116 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:29,517 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 243 states. [2022-02-20 18:10:29,530 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 243 to 233. [2022-02-20 18:10:29,530 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:29,531 INFO L82 GeneralOperation]: Start isEquivalent. First operand 243 states. Second operand has 233 states, 190 states have (on average 1.2842105263157895) internal successors, (244), 206 states have internal predecessors, (244), 21 states have call successors, (21), 21 states have call predecessors, (21), 21 states have return successors, (39), 21 states have call predecessors, (39), 21 states have call successors, (39) [2022-02-20 18:10:29,531 INFO L74 IsIncluded]: Start isIncluded. First operand 243 states. Second operand has 233 states, 190 states have (on average 1.2842105263157895) internal successors, (244), 206 states have internal predecessors, (244), 21 states have call successors, (21), 21 states have call predecessors, (21), 21 states have return successors, (39), 21 states have call predecessors, (39), 21 states have call successors, (39) [2022-02-20 18:10:29,532 INFO L87 Difference]: Start difference. First operand 243 states. Second operand has 233 states, 190 states have (on average 1.2842105263157895) internal successors, (244), 206 states have internal predecessors, (244), 21 states have call successors, (21), 21 states have call predecessors, (21), 21 states have return successors, (39), 21 states have call predecessors, (39), 21 states have call successors, (39) [2022-02-20 18:10:29,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,539 INFO L93 Difference]: Finished difference Result 243 states and 326 transitions. [2022-02-20 18:10:29,539 INFO L276 IsEmpty]: Start isEmpty. Operand 243 states and 326 transitions. [2022-02-20 18:10:29,540 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:29,540 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:29,541 INFO L74 IsIncluded]: Start isIncluded. First operand has 233 states, 190 states have (on average 1.2842105263157895) internal successors, (244), 206 states have internal predecessors, (244), 21 states have call successors, (21), 21 states have call predecessors, (21), 21 states have return successors, (39), 21 states have call predecessors, (39), 21 states have call successors, (39) Second operand 243 states. [2022-02-20 18:10:29,542 INFO L87 Difference]: Start difference. First operand has 233 states, 190 states have (on average 1.2842105263157895) internal successors, (244), 206 states have internal predecessors, (244), 21 states have call successors, (21), 21 states have call predecessors, (21), 21 states have return successors, (39), 21 states have call predecessors, (39), 21 states have call successors, (39) Second operand 243 states. [2022-02-20 18:10:29,549 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:29,549 INFO L93 Difference]: Finished difference Result 243 states and 326 transitions. [2022-02-20 18:10:29,549 INFO L276 IsEmpty]: Start isEmpty. Operand 243 states and 326 transitions. [2022-02-20 18:10:29,550 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:29,550 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:29,551 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:29,551 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:29,551 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 233 states, 190 states have (on average 1.2842105263157895) internal successors, (244), 206 states have internal predecessors, (244), 21 states have call successors, (21), 21 states have call predecessors, (21), 21 states have return successors, (39), 21 states have call predecessors, (39), 21 states have call successors, (39) [2022-02-20 18:10:29,558 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 233 states to 233 states and 304 transitions. [2022-02-20 18:10:29,559 INFO L78 Accepts]: Start accepts. Automaton has 233 states and 304 transitions. Word has length 36 [2022-02-20 18:10:29,559 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:29,559 INFO L470 AbstractCegarLoop]: Abstraction has 233 states and 304 transitions. [2022-02-20 18:10:29,559 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 4.125) internal successors, (33), 8 states have internal predecessors, (33), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:29,559 INFO L276 IsEmpty]: Start isEmpty. Operand 233 states and 304 transitions. [2022-02-20 18:10:29,560 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2022-02-20 18:10:29,560 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:29,561 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:29,561 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:10:29,561 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:29,561 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:29,561 INFO L85 PathProgramCache]: Analyzing trace with hash -260678510, now seen corresponding path program 1 times [2022-02-20 18:10:29,562 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:29,562 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [385028375] [2022-02-20 18:10:29,562 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:29,562 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:29,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:29,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 18:10:29,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:29,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {4133#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {4108#true} is VALID [2022-02-20 18:10:29,635 INFO L290 TraceCheckUtils]: 1: Hoare triple {4108#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {4108#true} is VALID [2022-02-20 18:10:29,635 INFO L290 TraceCheckUtils]: 2: Hoare triple {4108#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {4108#true} is VALID [2022-02-20 18:10:29,635 INFO L290 TraceCheckUtils]: 3: Hoare triple {4108#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {4108#true} is VALID [2022-02-20 18:10:29,635 INFO L290 TraceCheckUtils]: 4: Hoare triple {4108#true} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {4108#true} is VALID [2022-02-20 18:10:29,636 INFO L290 TraceCheckUtils]: 5: Hoare triple {4108#true} assume 0 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0; {4134#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:29,637 INFO L290 TraceCheckUtils]: 6: Hoare triple {4134#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {4135#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:10:29,637 INFO L290 TraceCheckUtils]: 7: Hoare triple {4135#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {4136#(= |timeShift_processEnvironment_~tmp~6#1| 0)} is VALID [2022-02-20 18:10:29,638 INFO L290 TraceCheckUtils]: 8: Hoare triple {4136#(= |timeShift_processEnvironment_~tmp~6#1| 0)} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {4109#false} is VALID [2022-02-20 18:10:29,638 INFO L290 TraceCheckUtils]: 9: Hoare triple {4109#false} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {4109#false} is VALID [2022-02-20 18:10:29,638 INFO L290 TraceCheckUtils]: 10: Hoare triple {4109#false} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {4109#false} is VALID [2022-02-20 18:10:29,638 INFO L290 TraceCheckUtils]: 11: Hoare triple {4109#false} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {4109#false} is VALID [2022-02-20 18:10:29,639 INFO L290 TraceCheckUtils]: 12: Hoare triple {4109#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {4109#false} is VALID [2022-02-20 18:10:29,639 INFO L290 TraceCheckUtils]: 13: Hoare triple {4109#false} assume { :end_inline_activatePump } true; {4109#false} is VALID [2022-02-20 18:10:29,639 INFO L290 TraceCheckUtils]: 14: Hoare triple {4109#false} assume { :end_inline_processEnvironment } true; {4109#false} is VALID [2022-02-20 18:10:29,639 INFO L290 TraceCheckUtils]: 15: Hoare triple {4109#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {4109#false} is VALID [2022-02-20 18:10:29,639 INFO L290 TraceCheckUtils]: 16: Hoare triple {4109#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {4109#false} is VALID [2022-02-20 18:10:29,639 INFO L290 TraceCheckUtils]: 17: Hoare triple {4109#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {4109#false} is VALID [2022-02-20 18:10:29,639 INFO L290 TraceCheckUtils]: 18: Hoare triple {4109#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {4109#false} is VALID [2022-02-20 18:10:29,640 INFO L290 TraceCheckUtils]: 19: Hoare triple {4109#false} assume true; {4109#false} is VALID [2022-02-20 18:10:29,640 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {4109#false} {4108#true} #221#return; {4109#false} is VALID [2022-02-20 18:10:29,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:10:29,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {4108#true} assume true; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {4108#true} {4109#false} #211#return; {4109#false} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {4108#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {4108#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {4108#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 3: Hoare triple {4108#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 4: Hoare triple {4108#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 5: Hoare triple {4108#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 6: Hoare triple {4108#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 7: Hoare triple {4108#true} assume !false; {4108#true} is VALID [2022-02-20 18:10:29,643 INFO L290 TraceCheckUtils]: 8: Hoare triple {4108#true} assume test_~splverifierCounter~0#1 < 4; {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L290 TraceCheckUtils]: 9: Hoare triple {4108#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L290 TraceCheckUtils]: 10: Hoare triple {4108#true} assume !(0 != test_~tmp~5#1); {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L290 TraceCheckUtils]: 11: Hoare triple {4108#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L290 TraceCheckUtils]: 12: Hoare triple {4108#true} assume !(0 != test_~tmp___0~1#1); {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L290 TraceCheckUtils]: 13: Hoare triple {4108#true} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L290 TraceCheckUtils]: 14: Hoare triple {4108#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L290 TraceCheckUtils]: 15: Hoare triple {4108#true} assume 0 != test_~tmp___1~0#1; {4108#true} is VALID [2022-02-20 18:10:29,644 INFO L272 TraceCheckUtils]: 16: Hoare triple {4108#true} call timeShift(); {4133#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:29,645 INFO L290 TraceCheckUtils]: 17: Hoare triple {4133#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {4108#true} is VALID [2022-02-20 18:10:29,645 INFO L290 TraceCheckUtils]: 18: Hoare triple {4108#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {4108#true} is VALID [2022-02-20 18:10:29,645 INFO L290 TraceCheckUtils]: 19: Hoare triple {4108#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {4108#true} is VALID [2022-02-20 18:10:29,645 INFO L290 TraceCheckUtils]: 20: Hoare triple {4108#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {4108#true} is VALID [2022-02-20 18:10:29,645 INFO L290 TraceCheckUtils]: 21: Hoare triple {4108#true} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {4108#true} is VALID [2022-02-20 18:10:29,645 INFO L290 TraceCheckUtils]: 22: Hoare triple {4108#true} assume 0 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0; {4134#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:29,645 INFO L290 TraceCheckUtils]: 23: Hoare triple {4134#(= |timeShift_isHighWaterLevel_~tmp___0~2#1| 0)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {4135#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 24: Hoare triple {4135#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {4136#(= |timeShift_processEnvironment_~tmp~6#1| 0)} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 25: Hoare triple {4136#(= |timeShift_processEnvironment_~tmp~6#1| 0)} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {4109#false} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 26: Hoare triple {4109#false} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {4109#false} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 27: Hoare triple {4109#false} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {4109#false} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 28: Hoare triple {4109#false} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {4109#false} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 29: Hoare triple {4109#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {4109#false} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 30: Hoare triple {4109#false} assume { :end_inline_activatePump } true; {4109#false} is VALID [2022-02-20 18:10:29,646 INFO L290 TraceCheckUtils]: 31: Hoare triple {4109#false} assume { :end_inline_processEnvironment } true; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 32: Hoare triple {4109#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 33: Hoare triple {4109#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 34: Hoare triple {4109#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 35: Hoare triple {4109#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 36: Hoare triple {4109#false} assume true; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {4109#false} {4108#true} #221#return; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 38: Hoare triple {4109#false} assume !false; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 39: Hoare triple {4109#false} assume test_~splverifierCounter~0#1 < 4; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 40: Hoare triple {4109#false} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 41: Hoare triple {4109#false} assume !(0 != test_~tmp~5#1); {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 42: Hoare triple {4109#false} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 43: Hoare triple {4109#false} assume !(0 != test_~tmp___0~1#1); {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 44: Hoare triple {4109#false} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {4109#false} is VALID [2022-02-20 18:10:29,647 INFO L290 TraceCheckUtils]: 45: Hoare triple {4109#false} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 46: Hoare triple {4109#false} assume 0 != test_~tmp___1~0#1; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L272 TraceCheckUtils]: 47: Hoare triple {4109#false} call timeShift(); {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 48: Hoare triple {4109#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 49: Hoare triple {4109#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 50: Hoare triple {4109#false} assume { :end_inline_lowerWaterLevel } true; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 51: Hoare triple {4109#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 52: Hoare triple {4109#false} assume !(0 == ~pumpRunning~0); {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L272 TraceCheckUtils]: 53: Hoare triple {4109#false} call processEnvironment__wrappee__base(); {4108#true} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 54: Hoare triple {4108#true} assume true; {4108#true} is VALID [2022-02-20 18:10:29,648 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {4108#true} {4109#false} #211#return; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 56: Hoare triple {4109#false} assume { :end_inline_processEnvironment } true; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 57: Hoare triple {4109#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {4109#false} is VALID [2022-02-20 18:10:29,648 INFO L290 TraceCheckUtils]: 58: Hoare triple {4109#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {4109#false} is VALID [2022-02-20 18:10:29,649 INFO L290 TraceCheckUtils]: 59: Hoare triple {4109#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {4109#false} is VALID [2022-02-20 18:10:29,649 INFO L290 TraceCheckUtils]: 60: Hoare triple {4109#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {4109#false} is VALID [2022-02-20 18:10:29,649 INFO L290 TraceCheckUtils]: 61: Hoare triple {4109#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {4109#false} is VALID [2022-02-20 18:10:29,649 INFO L290 TraceCheckUtils]: 62: Hoare triple {4109#false} assume !false; {4109#false} is VALID [2022-02-20 18:10:29,649 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:29,649 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:29,649 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [385028375] [2022-02-20 18:10:29,649 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [385028375] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:29,649 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:29,649 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:10:29,650 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [998266682] [2022-02-20 18:10:29,650 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:29,650 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 9.166666666666666) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:29,650 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:29,650 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 9.166666666666666) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:29,694 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 60 edges. 60 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:29,694 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:29,694 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:29,694 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:29,694 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:29,695 INFO L87 Difference]: Start difference. First operand 233 states and 304 transitions. Second operand has 6 states, 6 states have (on average 9.166666666666666) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,096 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:30,096 INFO L93 Difference]: Finished difference Result 628 states and 837 transitions. [2022-02-20 18:10:30,096 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:30,097 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 9.166666666666666) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:30,097 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:30,097 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 9.166666666666666) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,100 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 234 transitions. [2022-02-20 18:10:30,100 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 9.166666666666666) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,102 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 234 transitions. [2022-02-20 18:10:30,102 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 234 transitions. [2022-02-20 18:10:30,229 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 234 edges. 234 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:30,239 INFO L225 Difference]: With dead ends: 628 [2022-02-20 18:10:30,239 INFO L226 Difference]: Without dead ends: 402 [2022-02-20 18:10:30,240 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 12 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=45, Invalid=87, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:10:30,240 INFO L933 BasicCegarLoop]: 81 mSDtfsCounter, 132 mSDsluCounter, 241 mSDsCounter, 0 mSdLazyCounter, 119 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 134 SdHoareTripleChecker+Valid, 322 SdHoareTripleChecker+Invalid, 137 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 119 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:30,241 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [134 Valid, 322 Invalid, 137 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 119 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:30,241 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 402 states. [2022-02-20 18:10:30,255 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 402 to 309. [2022-02-20 18:10:30,255 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:30,256 INFO L82 GeneralOperation]: Start isEquivalent. First operand 402 states. Second operand has 309 states, 257 states have (on average 1.2568093385214008) internal successors, (323), 280 states have internal predecessors, (323), 24 states have call successors, (24), 21 states have call predecessors, (24), 27 states have return successors, (47), 24 states have call predecessors, (47), 24 states have call successors, (47) [2022-02-20 18:10:30,256 INFO L74 IsIncluded]: Start isIncluded. First operand 402 states. Second operand has 309 states, 257 states have (on average 1.2568093385214008) internal successors, (323), 280 states have internal predecessors, (323), 24 states have call successors, (24), 21 states have call predecessors, (24), 27 states have return successors, (47), 24 states have call predecessors, (47), 24 states have call successors, (47) [2022-02-20 18:10:30,257 INFO L87 Difference]: Start difference. First operand 402 states. Second operand has 309 states, 257 states have (on average 1.2568093385214008) internal successors, (323), 280 states have internal predecessors, (323), 24 states have call successors, (24), 21 states have call predecessors, (24), 27 states have return successors, (47), 24 states have call predecessors, (47), 24 states have call successors, (47) [2022-02-20 18:10:30,268 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:30,268 INFO L93 Difference]: Finished difference Result 402 states and 513 transitions. [2022-02-20 18:10:30,268 INFO L276 IsEmpty]: Start isEmpty. Operand 402 states and 513 transitions. [2022-02-20 18:10:30,270 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:30,270 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:30,270 INFO L74 IsIncluded]: Start isIncluded. First operand has 309 states, 257 states have (on average 1.2568093385214008) internal successors, (323), 280 states have internal predecessors, (323), 24 states have call successors, (24), 21 states have call predecessors, (24), 27 states have return successors, (47), 24 states have call predecessors, (47), 24 states have call successors, (47) Second operand 402 states. [2022-02-20 18:10:30,271 INFO L87 Difference]: Start difference. First operand has 309 states, 257 states have (on average 1.2568093385214008) internal successors, (323), 280 states have internal predecessors, (323), 24 states have call successors, (24), 21 states have call predecessors, (24), 27 states have return successors, (47), 24 states have call predecessors, (47), 24 states have call successors, (47) Second operand 402 states. [2022-02-20 18:10:30,281 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:30,281 INFO L93 Difference]: Finished difference Result 402 states and 513 transitions. [2022-02-20 18:10:30,281 INFO L276 IsEmpty]: Start isEmpty. Operand 402 states and 513 transitions. [2022-02-20 18:10:30,283 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:30,283 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:30,283 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:30,283 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:30,284 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 309 states, 257 states have (on average 1.2568093385214008) internal successors, (323), 280 states have internal predecessors, (323), 24 states have call successors, (24), 21 states have call predecessors, (24), 27 states have return successors, (47), 24 states have call predecessors, (47), 24 states have call successors, (47) [2022-02-20 18:10:30,291 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 309 states to 309 states and 394 transitions. [2022-02-20 18:10:30,291 INFO L78 Accepts]: Start accepts. Automaton has 309 states and 394 transitions. Word has length 63 [2022-02-20 18:10:30,291 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:30,291 INFO L470 AbstractCegarLoop]: Abstraction has 309 states and 394 transitions. [2022-02-20 18:10:30,291 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 9.166666666666666) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,291 INFO L276 IsEmpty]: Start isEmpty. Operand 309 states and 394 transitions. [2022-02-20 18:10:30,292 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2022-02-20 18:10:30,292 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:30,292 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:30,292 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:10:30,292 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:30,293 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:30,293 INFO L85 PathProgramCache]: Analyzing trace with hash 162968212, now seen corresponding path program 1 times [2022-02-20 18:10:30,293 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:30,293 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1527722922] [2022-02-20 18:10:30,293 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:30,293 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:30,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,351 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 18:10:30,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {6323#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {6296#true} is VALID [2022-02-20 18:10:30,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {6296#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {6296#true} is VALID [2022-02-20 18:10:30,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {6296#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {6296#true} is VALID [2022-02-20 18:10:30,379 INFO L290 TraceCheckUtils]: 3: Hoare triple {6296#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {6324#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:10:30,379 INFO L290 TraceCheckUtils]: 4: Hoare triple {6324#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {6325#(not (= |timeShift_isHighWaterLevel_~tmp~8#1| 0))} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 5: Hoare triple {6325#(not (= |timeShift_isHighWaterLevel_~tmp~8#1| 0))} assume !(0 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 6: Hoare triple {6297#false} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 7: Hoare triple {6297#false} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 8: Hoare triple {6297#false} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 9: Hoare triple {6297#false} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 10: Hoare triple {6297#false} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 11: Hoare triple {6297#false} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 12: Hoare triple {6297#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 13: Hoare triple {6297#false} assume { :end_inline_activatePump } true; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 14: Hoare triple {6297#false} assume { :end_inline_processEnvironment } true; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 15: Hoare triple {6297#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 16: Hoare triple {6297#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {6297#false} is VALID [2022-02-20 18:10:30,380 INFO L290 TraceCheckUtils]: 17: Hoare triple {6297#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {6297#false} is VALID [2022-02-20 18:10:30,381 INFO L290 TraceCheckUtils]: 18: Hoare triple {6297#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {6297#false} is VALID [2022-02-20 18:10:30,381 INFO L290 TraceCheckUtils]: 19: Hoare triple {6297#false} assume true; {6297#false} is VALID [2022-02-20 18:10:30,381 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {6297#false} {6296#true} #221#return; {6297#false} is VALID [2022-02-20 18:10:30,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:10:30,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:30,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {6296#true} assume true; {6296#true} is VALID [2022-02-20 18:10:30,384 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {6296#true} {6297#false} #211#return; {6297#false} is VALID [2022-02-20 18:10:30,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {6296#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {6296#true} is VALID [2022-02-20 18:10:30,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {6296#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {6296#true} is VALID [2022-02-20 18:10:30,385 INFO L290 TraceCheckUtils]: 2: Hoare triple {6296#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6296#true} is VALID [2022-02-20 18:10:30,386 INFO L290 TraceCheckUtils]: 3: Hoare triple {6296#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {6298#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:10:30,386 INFO L290 TraceCheckUtils]: 4: Hoare triple {6298#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {6299#(= |ULTIMATE.start_main_~tmp~4#1| 1)} is VALID [2022-02-20 18:10:30,386 INFO L290 TraceCheckUtils]: 5: Hoare triple {6299#(= |ULTIMATE.start_main_~tmp~4#1| 1)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {6296#true} is VALID [2022-02-20 18:10:30,386 INFO L290 TraceCheckUtils]: 6: Hoare triple {6296#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 7: Hoare triple {6296#true} assume !false; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 8: Hoare triple {6296#true} assume test_~splverifierCounter~0#1 < 4; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 9: Hoare triple {6296#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 10: Hoare triple {6296#true} assume !(0 != test_~tmp~5#1); {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 11: Hoare triple {6296#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 12: Hoare triple {6296#true} assume !(0 != test_~tmp___0~1#1); {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 13: Hoare triple {6296#true} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 14: Hoare triple {6296#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L290 TraceCheckUtils]: 15: Hoare triple {6296#true} assume 0 != test_~tmp___1~0#1; {6296#true} is VALID [2022-02-20 18:10:30,387 INFO L272 TraceCheckUtils]: 16: Hoare triple {6296#true} call timeShift(); {6323#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:30,388 INFO L290 TraceCheckUtils]: 17: Hoare triple {6323#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {6296#true} is VALID [2022-02-20 18:10:30,388 INFO L290 TraceCheckUtils]: 18: Hoare triple {6296#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {6296#true} is VALID [2022-02-20 18:10:30,388 INFO L290 TraceCheckUtils]: 19: Hoare triple {6296#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {6296#true} is VALID [2022-02-20 18:10:30,389 INFO L290 TraceCheckUtils]: 20: Hoare triple {6296#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {6324#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:10:30,389 INFO L290 TraceCheckUtils]: 21: Hoare triple {6324#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {6325#(not (= |timeShift_isHighWaterLevel_~tmp~8#1| 0))} is VALID [2022-02-20 18:10:30,389 INFO L290 TraceCheckUtils]: 22: Hoare triple {6325#(not (= |timeShift_isHighWaterLevel_~tmp~8#1| 0))} assume !(0 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1; {6297#false} is VALID [2022-02-20 18:10:30,389 INFO L290 TraceCheckUtils]: 23: Hoare triple {6297#false} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {6297#false} is VALID [2022-02-20 18:10:30,389 INFO L290 TraceCheckUtils]: 24: Hoare triple {6297#false} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 25: Hoare triple {6297#false} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 26: Hoare triple {6297#false} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 27: Hoare triple {6297#false} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 28: Hoare triple {6297#false} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 29: Hoare triple {6297#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 30: Hoare triple {6297#false} assume { :end_inline_activatePump } true; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 31: Hoare triple {6297#false} assume { :end_inline_processEnvironment } true; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 32: Hoare triple {6297#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 33: Hoare triple {6297#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 34: Hoare triple {6297#false} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 35: Hoare triple {6297#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 36: Hoare triple {6297#false} assume true; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {6297#false} {6296#true} #221#return; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 38: Hoare triple {6297#false} assume !false; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 39: Hoare triple {6297#false} assume test_~splverifierCounter~0#1 < 4; {6297#false} is VALID [2022-02-20 18:10:30,390 INFO L290 TraceCheckUtils]: 40: Hoare triple {6297#false} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 41: Hoare triple {6297#false} assume !(0 != test_~tmp~5#1); {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 42: Hoare triple {6297#false} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 43: Hoare triple {6297#false} assume !(0 != test_~tmp___0~1#1); {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 44: Hoare triple {6297#false} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 45: Hoare triple {6297#false} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 46: Hoare triple {6297#false} assume 0 != test_~tmp___1~0#1; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L272 TraceCheckUtils]: 47: Hoare triple {6297#false} call timeShift(); {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 48: Hoare triple {6297#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 49: Hoare triple {6297#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 50: Hoare triple {6297#false} assume { :end_inline_lowerWaterLevel } true; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 51: Hoare triple {6297#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 52: Hoare triple {6297#false} assume !(0 == ~pumpRunning~0); {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L272 TraceCheckUtils]: 53: Hoare triple {6297#false} call processEnvironment__wrappee__base(); {6296#true} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 54: Hoare triple {6296#true} assume true; {6296#true} is VALID [2022-02-20 18:10:30,391 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {6296#true} {6297#false} #211#return; {6297#false} is VALID [2022-02-20 18:10:30,391 INFO L290 TraceCheckUtils]: 56: Hoare triple {6297#false} assume { :end_inline_processEnvironment } true; {6297#false} is VALID [2022-02-20 18:10:30,392 INFO L290 TraceCheckUtils]: 57: Hoare triple {6297#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {6297#false} is VALID [2022-02-20 18:10:30,392 INFO L290 TraceCheckUtils]: 58: Hoare triple {6297#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {6297#false} is VALID [2022-02-20 18:10:30,392 INFO L290 TraceCheckUtils]: 59: Hoare triple {6297#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {6297#false} is VALID [2022-02-20 18:10:30,392 INFO L290 TraceCheckUtils]: 60: Hoare triple {6297#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {6297#false} is VALID [2022-02-20 18:10:30,392 INFO L290 TraceCheckUtils]: 61: Hoare triple {6297#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {6297#false} is VALID [2022-02-20 18:10:30,392 INFO L290 TraceCheckUtils]: 62: Hoare triple {6297#false} assume !false; {6297#false} is VALID [2022-02-20 18:10:30,392 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:30,392 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:30,392 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1527722922] [2022-02-20 18:10:30,392 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1527722922] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:30,392 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:30,392 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:30,392 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1301954487] [2022-02-20 18:10:30,392 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:30,393 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 7.857142857142857) internal successors, (55), 6 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:30,393 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:30,393 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 7.857142857142857) internal successors, (55), 6 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,423 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 60 edges. 60 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:30,423 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:10:30,423 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:30,424 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:10:30,424 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:30,424 INFO L87 Difference]: Start difference. First operand 309 states and 394 transitions. Second operand has 7 states, 7 states have (on average 7.857142857142857) internal successors, (55), 6 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,921 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:30,922 INFO L93 Difference]: Finished difference Result 593 states and 763 transitions. [2022-02-20 18:10:30,922 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:30,922 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 7.857142857142857) internal successors, (55), 6 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:30,922 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:30,922 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 7.857142857142857) internal successors, (55), 6 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,926 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 238 transitions. [2022-02-20 18:10:30,926 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 7.857142857142857) internal successors, (55), 6 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:30,928 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 238 transitions. [2022-02-20 18:10:30,928 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 238 transitions. [2022-02-20 18:10:31,099 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 238 edges. 238 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:31,105 INFO L225 Difference]: With dead ends: 593 [2022-02-20 18:10:31,105 INFO L226 Difference]: Without dead ends: 291 [2022-02-20 18:10:31,106 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=35, Invalid=97, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:10:31,107 INFO L933 BasicCegarLoop]: 68 mSDtfsCounter, 171 mSDsluCounter, 246 mSDsCounter, 0 mSdLazyCounter, 153 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 314 SdHoareTripleChecker+Invalid, 182 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 153 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:31,107 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 314 Invalid, 182 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 153 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:31,108 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 291 states. [2022-02-20 18:10:31,117 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 291 to 269. [2022-02-20 18:10:31,118 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:31,118 INFO L82 GeneralOperation]: Start isEquivalent. First operand 291 states. Second operand has 269 states, 221 states have (on average 1.2307692307692308) internal successors, (272), 239 states have internal predecessors, (272), 22 states have call successors, (22), 18 states have call predecessors, (22), 25 states have return successors, (40), 23 states have call predecessors, (40), 22 states have call successors, (40) [2022-02-20 18:10:31,119 INFO L74 IsIncluded]: Start isIncluded. First operand 291 states. Second operand has 269 states, 221 states have (on average 1.2307692307692308) internal successors, (272), 239 states have internal predecessors, (272), 22 states have call successors, (22), 18 states have call predecessors, (22), 25 states have return successors, (40), 23 states have call predecessors, (40), 22 states have call successors, (40) [2022-02-20 18:10:31,119 INFO L87 Difference]: Start difference. First operand 291 states. Second operand has 269 states, 221 states have (on average 1.2307692307692308) internal successors, (272), 239 states have internal predecessors, (272), 22 states have call successors, (22), 18 states have call predecessors, (22), 25 states have return successors, (40), 23 states have call predecessors, (40), 22 states have call successors, (40) [2022-02-20 18:10:31,125 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:31,125 INFO L93 Difference]: Finished difference Result 291 states and 359 transitions. [2022-02-20 18:10:31,126 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 359 transitions. [2022-02-20 18:10:31,126 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:31,126 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:31,128 INFO L74 IsIncluded]: Start isIncluded. First operand has 269 states, 221 states have (on average 1.2307692307692308) internal successors, (272), 239 states have internal predecessors, (272), 22 states have call successors, (22), 18 states have call predecessors, (22), 25 states have return successors, (40), 23 states have call predecessors, (40), 22 states have call successors, (40) Second operand 291 states. [2022-02-20 18:10:31,128 INFO L87 Difference]: Start difference. First operand has 269 states, 221 states have (on average 1.2307692307692308) internal successors, (272), 239 states have internal predecessors, (272), 22 states have call successors, (22), 18 states have call predecessors, (22), 25 states have return successors, (40), 23 states have call predecessors, (40), 22 states have call successors, (40) Second operand 291 states. [2022-02-20 18:10:31,133 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:31,134 INFO L93 Difference]: Finished difference Result 291 states and 359 transitions. [2022-02-20 18:10:31,134 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 359 transitions. [2022-02-20 18:10:31,135 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:31,135 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:31,135 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:31,135 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:31,135 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 269 states, 221 states have (on average 1.2307692307692308) internal successors, (272), 239 states have internal predecessors, (272), 22 states have call successors, (22), 18 states have call predecessors, (22), 25 states have return successors, (40), 23 states have call predecessors, (40), 22 states have call successors, (40) [2022-02-20 18:10:31,141 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 269 states to 269 states and 334 transitions. [2022-02-20 18:10:31,141 INFO L78 Accepts]: Start accepts. Automaton has 269 states and 334 transitions. Word has length 63 [2022-02-20 18:10:31,141 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:31,141 INFO L470 AbstractCegarLoop]: Abstraction has 269 states and 334 transitions. [2022-02-20 18:10:31,141 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 7.857142857142857) internal successors, (55), 6 states have internal predecessors, (55), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:31,142 INFO L276 IsEmpty]: Start isEmpty. Operand 269 states and 334 transitions. [2022-02-20 18:10:31,142 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 68 [2022-02-20 18:10:31,142 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:31,143 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:31,143 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:10:31,143 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:31,143 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:31,143 INFO L85 PathProgramCache]: Analyzing trace with hash 78012080, now seen corresponding path program 1 times [2022-02-20 18:10:31,144 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:31,144 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1542417097] [2022-02-20 18:10:31,144 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:31,144 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:31,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:31,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {8179#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {8147#true} is VALID [2022-02-20 18:10:31,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {8147#true} assume true; {8147#true} is VALID [2022-02-20 18:10:31,213 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8147#true} {8147#true} #217#return; {8147#true} is VALID [2022-02-20 18:10:31,218 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:10:31,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,242 INFO L290 TraceCheckUtils]: 0: Hoare triple {8180#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {8147#true} is VALID [2022-02-20 18:10:31,242 INFO L290 TraceCheckUtils]: 1: Hoare triple {8147#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8147#true} is VALID [2022-02-20 18:10:31,242 INFO L290 TraceCheckUtils]: 2: Hoare triple {8147#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {8147#true} is VALID [2022-02-20 18:10:31,242 INFO L290 TraceCheckUtils]: 3: Hoare triple {8147#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,243 INFO L290 TraceCheckUtils]: 4: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,243 INFO L290 TraceCheckUtils]: 5: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,243 INFO L290 TraceCheckUtils]: 6: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,244 INFO L290 TraceCheckUtils]: 7: Hoare triple {8173#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,244 INFO L290 TraceCheckUtils]: 8: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,247 INFO L290 TraceCheckUtils]: 9: Hoare triple {8173#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,250 INFO L290 TraceCheckUtils]: 10: Hoare triple {8173#(<= 2 ~waterLevel~0)} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,250 INFO L290 TraceCheckUtils]: 11: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,251 INFO L290 TraceCheckUtils]: 12: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,251 INFO L290 TraceCheckUtils]: 13: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,251 INFO L290 TraceCheckUtils]: 14: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,252 INFO L290 TraceCheckUtils]: 15: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,252 INFO L290 TraceCheckUtils]: 16: Hoare triple {8173#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,252 INFO L290 TraceCheckUtils]: 17: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,253 INFO L290 TraceCheckUtils]: 18: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,253 INFO L290 TraceCheckUtils]: 19: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,254 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {8173#(<= 2 ~waterLevel~0)} {8147#true} #221#return; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:10:31,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,258 INFO L290 TraceCheckUtils]: 0: Hoare triple {8147#true} assume true; {8147#true} is VALID [2022-02-20 18:10:31,258 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {8147#true} {8174#(<= 1 ~waterLevel~0)} #211#return; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {8147#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {8147#true} is VALID [2022-02-20 18:10:31,259 INFO L290 TraceCheckUtils]: 1: Hoare triple {8147#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {8147#true} is VALID [2022-02-20 18:10:31,259 INFO L290 TraceCheckUtils]: 2: Hoare triple {8147#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8147#true} is VALID [2022-02-20 18:10:31,260 INFO L290 TraceCheckUtils]: 3: Hoare triple {8147#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {8147#true} is VALID [2022-02-20 18:10:31,260 INFO L290 TraceCheckUtils]: 4: Hoare triple {8147#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {8147#true} is VALID [2022-02-20 18:10:31,260 INFO L290 TraceCheckUtils]: 5: Hoare triple {8147#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {8147#true} is VALID [2022-02-20 18:10:31,260 INFO L290 TraceCheckUtils]: 6: Hoare triple {8147#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {8147#true} is VALID [2022-02-20 18:10:31,260 INFO L290 TraceCheckUtils]: 7: Hoare triple {8147#true} assume !false; {8147#true} is VALID [2022-02-20 18:10:31,261 INFO L290 TraceCheckUtils]: 8: Hoare triple {8147#true} assume test_~splverifierCounter~0#1 < 4; {8147#true} is VALID [2022-02-20 18:10:31,261 INFO L290 TraceCheckUtils]: 9: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {8147#true} is VALID [2022-02-20 18:10:31,261 INFO L290 TraceCheckUtils]: 10: Hoare triple {8147#true} assume 0 != test_~tmp~5#1; {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L272 TraceCheckUtils]: 11: Hoare triple {8147#true} call waterRise(); {8179#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:31,265 INFO L290 TraceCheckUtils]: 12: Hoare triple {8179#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L290 TraceCheckUtils]: 13: Hoare triple {8147#true} assume true; {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {8147#true} {8147#true} #217#return; {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L290 TraceCheckUtils]: 15: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L290 TraceCheckUtils]: 16: Hoare triple {8147#true} assume !(0 != test_~tmp___0~1#1); {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L290 TraceCheckUtils]: 17: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L290 TraceCheckUtils]: 18: Hoare triple {8147#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {8147#true} is VALID [2022-02-20 18:10:31,265 INFO L290 TraceCheckUtils]: 19: Hoare triple {8147#true} assume 0 != test_~tmp___1~0#1; {8147#true} is VALID [2022-02-20 18:10:31,269 INFO L272 TraceCheckUtils]: 20: Hoare triple {8147#true} call timeShift(); {8180#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:31,269 INFO L290 TraceCheckUtils]: 21: Hoare triple {8180#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {8147#true} is VALID [2022-02-20 18:10:31,269 INFO L290 TraceCheckUtils]: 22: Hoare triple {8147#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8147#true} is VALID [2022-02-20 18:10:31,269 INFO L290 TraceCheckUtils]: 23: Hoare triple {8147#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {8147#true} is VALID [2022-02-20 18:10:31,270 INFO L290 TraceCheckUtils]: 24: Hoare triple {8147#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,270 INFO L290 TraceCheckUtils]: 25: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,270 INFO L290 TraceCheckUtils]: 26: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,270 INFO L290 TraceCheckUtils]: 27: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,271 INFO L290 TraceCheckUtils]: 28: Hoare triple {8173#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,271 INFO L290 TraceCheckUtils]: 29: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,271 INFO L290 TraceCheckUtils]: 30: Hoare triple {8173#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,271 INFO L290 TraceCheckUtils]: 31: Hoare triple {8173#(<= 2 ~waterLevel~0)} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,272 INFO L290 TraceCheckUtils]: 32: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,272 INFO L290 TraceCheckUtils]: 33: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,272 INFO L290 TraceCheckUtils]: 34: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,282 INFO L290 TraceCheckUtils]: 35: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,283 INFO L290 TraceCheckUtils]: 36: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,283 INFO L290 TraceCheckUtils]: 37: Hoare triple {8173#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,283 INFO L290 TraceCheckUtils]: 38: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,283 INFO L290 TraceCheckUtils]: 39: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,284 INFO L290 TraceCheckUtils]: 40: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,284 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8173#(<= 2 ~waterLevel~0)} {8147#true} #221#return; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,284 INFO L290 TraceCheckUtils]: 42: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !false; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,285 INFO L290 TraceCheckUtils]: 43: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,285 INFO L290 TraceCheckUtils]: 44: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,285 INFO L290 TraceCheckUtils]: 45: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~5#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,285 INFO L290 TraceCheckUtils]: 46: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,286 INFO L290 TraceCheckUtils]: 47: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~1#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,286 INFO L290 TraceCheckUtils]: 48: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,286 INFO L290 TraceCheckUtils]: 49: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,287 INFO L290 TraceCheckUtils]: 50: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___1~0#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,287 INFO L272 TraceCheckUtils]: 51: Hoare triple {8173#(<= 2 ~waterLevel~0)} call timeShift(); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,288 INFO L290 TraceCheckUtils]: 52: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,288 INFO L290 TraceCheckUtils]: 53: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,288 INFO L290 TraceCheckUtils]: 54: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,289 INFO L290 TraceCheckUtils]: 55: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,289 INFO L290 TraceCheckUtils]: 56: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,290 INFO L272 TraceCheckUtils]: 57: Hoare triple {8174#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {8147#true} is VALID [2022-02-20 18:10:31,290 INFO L290 TraceCheckUtils]: 58: Hoare triple {8147#true} assume true; {8147#true} is VALID [2022-02-20 18:10:31,290 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8147#true} {8174#(<= 1 ~waterLevel~0)} #211#return; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,290 INFO L290 TraceCheckUtils]: 60: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,291 INFO L290 TraceCheckUtils]: 61: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8177#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:10:31,291 INFO L290 TraceCheckUtils]: 62: Hoare triple {8177#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {8178#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| 0))} is VALID [2022-02-20 18:10:31,291 INFO L290 TraceCheckUtils]: 63: Hoare triple {8178#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {8148#false} is VALID [2022-02-20 18:10:31,291 INFO L290 TraceCheckUtils]: 64: Hoare triple {8148#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {8148#false} is VALID [2022-02-20 18:10:31,291 INFO L290 TraceCheckUtils]: 65: Hoare triple {8148#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {8148#false} is VALID [2022-02-20 18:10:31,291 INFO L290 TraceCheckUtils]: 66: Hoare triple {8148#false} assume !false; {8148#false} is VALID [2022-02-20 18:10:31,292 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 12 proven. 5 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:31,292 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:31,292 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1542417097] [2022-02-20 18:10:31,292 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1542417097] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:10:31,292 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [326989977] [2022-02-20 18:10:31,292 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:31,293 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:10:31,293 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:31,303 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:10:31,319 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:10:31,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,390 INFO L263 TraceCheckSpWp]: Trace formula consists of 408 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:10:31,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:31,427 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:31,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {8147#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {8147#true} is VALID [2022-02-20 18:10:31,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {8147#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {8147#true} is VALID [2022-02-20 18:10:31,717 INFO L290 TraceCheckUtils]: 2: Hoare triple {8147#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8147#true} is VALID [2022-02-20 18:10:31,717 INFO L290 TraceCheckUtils]: 3: Hoare triple {8147#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 4: Hoare triple {8147#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 5: Hoare triple {8147#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 6: Hoare triple {8147#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 7: Hoare triple {8147#true} assume !false; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 8: Hoare triple {8147#true} assume test_~splverifierCounter~0#1 < 4; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 9: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 10: Hoare triple {8147#true} assume 0 != test_~tmp~5#1; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L272 TraceCheckUtils]: 11: Hoare triple {8147#true} call waterRise(); {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 12: Hoare triple {8147#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 13: Hoare triple {8147#true} assume true; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {8147#true} {8147#true} #217#return; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 15: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {8147#true} is VALID [2022-02-20 18:10:31,718 INFO L290 TraceCheckUtils]: 16: Hoare triple {8147#true} assume !(0 != test_~tmp___0~1#1); {8147#true} is VALID [2022-02-20 18:10:31,719 INFO L290 TraceCheckUtils]: 17: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {8147#true} is VALID [2022-02-20 18:10:31,719 INFO L290 TraceCheckUtils]: 18: Hoare triple {8147#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {8147#true} is VALID [2022-02-20 18:10:31,719 INFO L290 TraceCheckUtils]: 19: Hoare triple {8147#true} assume 0 != test_~tmp___1~0#1; {8147#true} is VALID [2022-02-20 18:10:31,719 INFO L272 TraceCheckUtils]: 20: Hoare triple {8147#true} call timeShift(); {8147#true} is VALID [2022-02-20 18:10:31,719 INFO L290 TraceCheckUtils]: 21: Hoare triple {8147#true} assume !(0 != ~pumpRunning~0); {8147#true} is VALID [2022-02-20 18:10:31,719 INFO L290 TraceCheckUtils]: 22: Hoare triple {8147#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8147#true} is VALID [2022-02-20 18:10:31,719 INFO L290 TraceCheckUtils]: 23: Hoare triple {8147#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {8147#true} is VALID [2022-02-20 18:10:31,720 INFO L290 TraceCheckUtils]: 24: Hoare triple {8147#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,720 INFO L290 TraceCheckUtils]: 25: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,720 INFO L290 TraceCheckUtils]: 26: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,720 INFO L290 TraceCheckUtils]: 27: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,721 INFO L290 TraceCheckUtils]: 28: Hoare triple {8173#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,721 INFO L290 TraceCheckUtils]: 29: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,721 INFO L290 TraceCheckUtils]: 30: Hoare triple {8173#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,721 INFO L290 TraceCheckUtils]: 31: Hoare triple {8173#(<= 2 ~waterLevel~0)} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,722 INFO L290 TraceCheckUtils]: 32: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,722 INFO L290 TraceCheckUtils]: 33: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,722 INFO L290 TraceCheckUtils]: 34: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,723 INFO L290 TraceCheckUtils]: 35: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,723 INFO L290 TraceCheckUtils]: 36: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,723 INFO L290 TraceCheckUtils]: 37: Hoare triple {8173#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,723 INFO L290 TraceCheckUtils]: 38: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,724 INFO L290 TraceCheckUtils]: 39: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,724 INFO L290 TraceCheckUtils]: 40: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,724 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8173#(<= 2 ~waterLevel~0)} {8147#true} #221#return; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,725 INFO L290 TraceCheckUtils]: 42: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !false; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,725 INFO L290 TraceCheckUtils]: 43: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,725 INFO L290 TraceCheckUtils]: 44: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,726 INFO L290 TraceCheckUtils]: 45: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~5#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,726 INFO L290 TraceCheckUtils]: 46: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,726 INFO L290 TraceCheckUtils]: 47: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~1#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,726 INFO L290 TraceCheckUtils]: 48: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,727 INFO L290 TraceCheckUtils]: 49: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,727 INFO L290 TraceCheckUtils]: 50: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___1~0#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,727 INFO L272 TraceCheckUtils]: 51: Hoare triple {8173#(<= 2 ~waterLevel~0)} call timeShift(); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,728 INFO L290 TraceCheckUtils]: 52: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,728 INFO L290 TraceCheckUtils]: 53: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,728 INFO L290 TraceCheckUtils]: 54: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,729 INFO L290 TraceCheckUtils]: 55: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,729 INFO L290 TraceCheckUtils]: 56: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,729 INFO L272 TraceCheckUtils]: 57: Hoare triple {8174#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,730 INFO L290 TraceCheckUtils]: 58: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume true; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,730 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8174#(<= 1 ~waterLevel~0)} {8174#(<= 1 ~waterLevel~0)} #211#return; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,730 INFO L290 TraceCheckUtils]: 60: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:31,731 INFO L290 TraceCheckUtils]: 61: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8367#(<= 1 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:10:31,731 INFO L290 TraceCheckUtils]: 62: Hoare triple {8367#(<= 1 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {8371#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1|)} is VALID [2022-02-20 18:10:31,732 INFO L290 TraceCheckUtils]: 63: Hoare triple {8371#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1|)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {8148#false} is VALID [2022-02-20 18:10:31,732 INFO L290 TraceCheckUtils]: 64: Hoare triple {8148#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {8148#false} is VALID [2022-02-20 18:10:31,732 INFO L290 TraceCheckUtils]: 65: Hoare triple {8148#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {8148#false} is VALID [2022-02-20 18:10:31,732 INFO L290 TraceCheckUtils]: 66: Hoare triple {8148#false} assume !false; {8148#false} is VALID [2022-02-20 18:10:31,732 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 13 proven. 4 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:31,732 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:32,014 INFO L290 TraceCheckUtils]: 66: Hoare triple {8148#false} assume !false; {8148#false} is VALID [2022-02-20 18:10:32,014 INFO L290 TraceCheckUtils]: 65: Hoare triple {8148#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {8148#false} is VALID [2022-02-20 18:10:32,014 INFO L290 TraceCheckUtils]: 64: Hoare triple {8148#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret34#1 && __utac_acc__Specification4_spec__1_#t~ret34#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {8148#false} is VALID [2022-02-20 18:10:32,015 INFO L290 TraceCheckUtils]: 63: Hoare triple {8371#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1|)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {8148#false} is VALID [2022-02-20 18:10:32,015 INFO L290 TraceCheckUtils]: 62: Hoare triple {8367#(<= 1 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {8371#(<= 1 |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1|)} is VALID [2022-02-20 18:10:32,016 INFO L290 TraceCheckUtils]: 61: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8367#(<= 1 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:10:32,016 INFO L290 TraceCheckUtils]: 60: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,016 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8147#true} {8174#(<= 1 ~waterLevel~0)} #211#return; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,016 INFO L290 TraceCheckUtils]: 58: Hoare triple {8147#true} assume true; {8147#true} is VALID [2022-02-20 18:10:32,016 INFO L272 TraceCheckUtils]: 57: Hoare triple {8174#(<= 1 ~waterLevel~0)} call processEnvironment__wrappee__base(); {8147#true} is VALID [2022-02-20 18:10:32,017 INFO L290 TraceCheckUtils]: 56: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume !(0 == ~pumpRunning~0); {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,018 INFO L290 TraceCheckUtils]: 55: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,018 INFO L290 TraceCheckUtils]: 54: Hoare triple {8174#(<= 1 ~waterLevel~0)} assume { :end_inline_lowerWaterLevel } true; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,018 INFO L290 TraceCheckUtils]: 53: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {8174#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,019 INFO L290 TraceCheckUtils]: 52: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,019 INFO L272 TraceCheckUtils]: 51: Hoare triple {8173#(<= 2 ~waterLevel~0)} call timeShift(); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,020 INFO L290 TraceCheckUtils]: 50: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___1~0#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,020 INFO L290 TraceCheckUtils]: 49: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,020 INFO L290 TraceCheckUtils]: 48: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,020 INFO L290 TraceCheckUtils]: 47: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~1#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,021 INFO L290 TraceCheckUtils]: 46: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,021 INFO L290 TraceCheckUtils]: 45: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp~5#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,021 INFO L290 TraceCheckUtils]: 44: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,022 INFO L290 TraceCheckUtils]: 43: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,022 INFO L290 TraceCheckUtils]: 42: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !false; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,022 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8173#(<= 2 ~waterLevel~0)} {8147#true} #221#return; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,023 INFO L290 TraceCheckUtils]: 40: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,023 INFO L290 TraceCheckUtils]: 39: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,023 INFO L290 TraceCheckUtils]: 38: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~3#1); {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,023 INFO L290 TraceCheckUtils]: 37: Hoare triple {8173#(<= 2 ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret33#1 && __utac_acc__Specification4_spec__1_#t~ret33#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,024 INFO L290 TraceCheckUtils]: 36: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,024 INFO L290 TraceCheckUtils]: 35: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,024 INFO L290 TraceCheckUtils]: 34: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,024 INFO L290 TraceCheckUtils]: 33: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,025 INFO L290 TraceCheckUtils]: 32: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,025 INFO L290 TraceCheckUtils]: 31: Hoare triple {8173#(<= 2 ~waterLevel~0)} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret41#1 && activatePump_#t~ret41#1 <= 2147483647;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,025 INFO L290 TraceCheckUtils]: 30: Hoare triple {8173#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret42#1 && isMethaneAlarm_#t~ret42#1 <= 2147483647;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,026 INFO L290 TraceCheckUtils]: 29: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume 0 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,026 INFO L290 TraceCheckUtils]: 28: Hoare triple {8173#(<= 2 ~waterLevel~0)} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret40#1 && processEnvironment_#t~ret40#1 <= 2147483647;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,026 INFO L290 TraceCheckUtils]: 27: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,027 INFO L290 TraceCheckUtils]: 26: Hoare triple {8173#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,027 INFO L290 TraceCheckUtils]: 25: Hoare triple {8173#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret51#1 && isHighWaterLevel_#t~ret51#1 <= 2147483647;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,027 INFO L290 TraceCheckUtils]: 24: Hoare triple {8147#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {8173#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 23: Hoare triple {8147#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 22: Hoare triple {8147#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 21: Hoare triple {8147#true} assume !(0 != ~pumpRunning~0); {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L272 TraceCheckUtils]: 20: Hoare triple {8147#true} call timeShift(); {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 19: Hoare triple {8147#true} assume 0 != test_~tmp___1~0#1; {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 18: Hoare triple {8147#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet39#1 && test_#t~nondet39#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 17: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet38#1 && test_#t~nondet38#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 16: Hoare triple {8147#true} assume !(0 != test_~tmp___0~1#1); {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L290 TraceCheckUtils]: 15: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet37#1 && test_#t~nondet37#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {8147#true} is VALID [2022-02-20 18:10:32,028 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {8147#true} {8147#true} #217#return; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 13: Hoare triple {8147#true} assume true; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 12: Hoare triple {8147#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L272 TraceCheckUtils]: 11: Hoare triple {8147#true} call waterRise(); {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 10: Hoare triple {8147#true} assume 0 != test_~tmp~5#1; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 9: Hoare triple {8147#true} assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 8: Hoare triple {8147#true} assume test_~splverifierCounter~0#1 < 4; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 7: Hoare triple {8147#true} assume !false; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 6: Hoare triple {8147#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 5: Hoare triple {8147#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 4: Hoare triple {8147#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {8147#true} is VALID [2022-02-20 18:10:32,029 INFO L290 TraceCheckUtils]: 3: Hoare triple {8147#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {8147#true} is VALID [2022-02-20 18:10:32,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {8147#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8147#true} is VALID [2022-02-20 18:10:32,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {8147#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {8147#true} is VALID [2022-02-20 18:10:32,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {8147#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1; {8147#true} is VALID [2022-02-20 18:10:32,030 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 13 proven. 4 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:32,030 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [326989977] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:32,030 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:10:32,031 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 6, 6] total 10 [2022-02-20 18:10:32,031 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1074648339] [2022-02-20 18:10:32,031 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:32,031 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 6.6) internal successors, (66), 8 states have internal predecessors, (66), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 67 [2022-02-20 18:10:32,032 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:32,032 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 6.6) internal successors, (66), 8 states have internal predecessors, (66), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:32,084 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 77 edges. 77 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:32,084 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:10:32,084 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:32,084 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:10:32,085 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:10:32,085 INFO L87 Difference]: Start difference. First operand 269 states and 334 transitions. Second operand has 10 states, 10 states have (on average 6.6) internal successors, (66), 8 states have internal predecessors, (66), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:33,106 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:33,106 INFO L93 Difference]: Finished difference Result 608 states and 807 transitions. [2022-02-20 18:10:33,106 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-02-20 18:10:33,106 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 6.6) internal successors, (66), 8 states have internal predecessors, (66), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 67 [2022-02-20 18:10:33,107 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:33,107 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 6.6) internal successors, (66), 8 states have internal predecessors, (66), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:33,110 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 333 transitions. [2022-02-20 18:10:33,110 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 6.6) internal successors, (66), 8 states have internal predecessors, (66), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:33,112 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 333 transitions. [2022-02-20 18:10:33,113 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states and 333 transitions. [2022-02-20 18:10:33,349 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 333 edges. 333 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:33,358 INFO L225 Difference]: With dead ends: 608 [2022-02-20 18:10:33,358 INFO L226 Difference]: Without dead ends: 384 [2022-02-20 18:10:33,359 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 162 GetRequests, 137 SyntacticMatches, 3 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 110 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=161, Invalid=391, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:10:33,360 INFO L933 BasicCegarLoop]: 101 mSDtfsCounter, 263 mSDsluCounter, 523 mSDsCounter, 0 mSdLazyCounter, 304 mSolverCounterSat, 50 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 269 SdHoareTripleChecker+Valid, 624 SdHoareTripleChecker+Invalid, 354 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 50 IncrementalHoareTripleChecker+Valid, 304 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:33,360 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [269 Valid, 624 Invalid, 354 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [50 Valid, 304 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:10:33,361 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 384 states. [2022-02-20 18:10:33,422 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 384 to 342. [2022-02-20 18:10:33,422 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:33,422 INFO L82 GeneralOperation]: Start isEquivalent. First operand 384 states. Second operand has 342 states, 278 states have (on average 1.2302158273381294) internal successors, (342), 300 states have internal predecessors, (342), 31 states have call successors, (31), 27 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,424 INFO L74 IsIncluded]: Start isIncluded. First operand 384 states. Second operand has 342 states, 278 states have (on average 1.2302158273381294) internal successors, (342), 300 states have internal predecessors, (342), 31 states have call successors, (31), 27 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,424 INFO L87 Difference]: Start difference. First operand 384 states. Second operand has 342 states, 278 states have (on average 1.2302158273381294) internal successors, (342), 300 states have internal predecessors, (342), 31 states have call successors, (31), 27 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,433 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:33,434 INFO L93 Difference]: Finished difference Result 384 states and 492 transitions. [2022-02-20 18:10:33,434 INFO L276 IsEmpty]: Start isEmpty. Operand 384 states and 492 transitions. [2022-02-20 18:10:33,435 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:33,435 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:33,435 INFO L74 IsIncluded]: Start isIncluded. First operand has 342 states, 278 states have (on average 1.2302158273381294) internal successors, (342), 300 states have internal predecessors, (342), 31 states have call successors, (31), 27 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) Second operand 384 states. [2022-02-20 18:10:33,436 INFO L87 Difference]: Start difference. First operand has 342 states, 278 states have (on average 1.2302158273381294) internal successors, (342), 300 states have internal predecessors, (342), 31 states have call successors, (31), 27 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) Second operand 384 states. [2022-02-20 18:10:33,444 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:33,445 INFO L93 Difference]: Finished difference Result 384 states and 492 transitions. [2022-02-20 18:10:33,445 INFO L276 IsEmpty]: Start isEmpty. Operand 384 states and 492 transitions. [2022-02-20 18:10:33,447 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:33,447 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:33,447 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:33,447 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:33,448 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 342 states, 278 states have (on average 1.2302158273381294) internal successors, (342), 300 states have internal predecessors, (342), 31 states have call successors, (31), 27 states have call predecessors, (31), 32 states have return successors, (58), 28 states have call predecessors, (58), 31 states have call successors, (58) [2022-02-20 18:10:33,460 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 342 states to 342 states and 431 transitions. [2022-02-20 18:10:33,460 INFO L78 Accepts]: Start accepts. Automaton has 342 states and 431 transitions. Word has length 67 [2022-02-20 18:10:33,460 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:33,460 INFO L470 AbstractCegarLoop]: Abstraction has 342 states and 431 transitions. [2022-02-20 18:10:33,461 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 6.6) internal successors, (66), 8 states have internal predecessors, (66), 3 states have call successors, (7), 5 states have call predecessors, (7), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:10:33,461 INFO L276 IsEmpty]: Start isEmpty. Operand 342 states and 431 transitions. [2022-02-20 18:10:33,461 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 93 [2022-02-20 18:10:33,462 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:33,462 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:33,483 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:33,675 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:10:33,675 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:33,676 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:33,676 INFO L85 PathProgramCache]: Analyzing trace with hash -761796008, now seen corresponding path program 2 times [2022-02-20 18:10:33,676 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:33,676 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [672366291] [2022-02-20 18:10:33,676 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:33,676 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:33,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:33,716 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:10:33,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:33,757 INFO L138 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2022-02-20 18:10:33,757 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:10:33,758 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:33,760 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2022-02-20 18:10:33,762 INFO L732 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:33,766 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:33,799 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:10:33,800 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:10:33,803 INFO L158 Benchmark]: Toolchain (without parser) took 8242.14ms. Allocated memory was 109.1MB in the beginning and 192.9MB in the end (delta: 83.9MB). Free memory was 66.4MB in the beginning and 92.5MB in the end (delta: -26.1MB). Peak memory consumption was 57.0MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,803 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 109.1MB. Free memory is still 84.1MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:33,803 INFO L158 Benchmark]: CACSL2BoogieTranslator took 464.87ms. Allocated memory is still 109.1MB. Free memory was 66.2MB in the beginning and 71.9MB in the end (delta: -5.7MB). Peak memory consumption was 4.3MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,803 INFO L158 Benchmark]: Boogie Procedure Inliner took 56.99ms. Allocated memory is still 109.1MB. Free memory was 71.9MB in the beginning and 69.0MB in the end (delta: 2.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,803 INFO L158 Benchmark]: Boogie Preprocessor took 26.86ms. Allocated memory is still 109.1MB. Free memory was 69.0MB in the beginning and 67.5MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,804 INFO L158 Benchmark]: RCFGBuilder took 469.73ms. Allocated memory is still 109.1MB. Free memory was 67.5MB in the beginning and 47.4MB in the end (delta: 20.1MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,804 INFO L158 Benchmark]: TraceAbstraction took 7216.95ms. Allocated memory was 109.1MB in the beginning and 192.9MB in the end (delta: 83.9MB). Free memory was 46.8MB in the beginning and 92.5MB in the end (delta: -45.6MB). Peak memory consumption was 39.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:33,805 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 109.1MB. Free memory is still 84.1MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 464.87ms. Allocated memory is still 109.1MB. Free memory was 66.2MB in the beginning and 71.9MB in the end (delta: -5.7MB). Peak memory consumption was 4.3MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 56.99ms. Allocated memory is still 109.1MB. Free memory was 71.9MB in the beginning and 69.0MB in the end (delta: 2.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 26.86ms. Allocated memory is still 109.1MB. Free memory was 69.0MB in the beginning and 67.5MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 469.73ms. Allocated memory is still 109.1MB. Free memory was 67.5MB in the beginning and 47.4MB in the end (delta: 20.1MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 7216.95ms. Allocated memory was 109.1MB in the beginning and 192.9MB in the end (delta: 83.9MB). Free memory was 46.8MB in the beginning and 92.5MB in the end (delta: -45.6MB). Peak memory consumption was 39.9MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:10:33,836 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 190527f0b5c755657048457e241e1db06174c0bd15c9c37dddb3c55b0e7d73ce --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:35,536 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:35,539 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:35,562 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:35,563 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:35,564 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:35,564 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:35,565 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:35,566 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:35,567 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:35,568 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:35,571 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:35,572 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:35,576 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:35,577 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:35,578 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:35,581 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:35,582 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:35,585 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:35,586 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:35,587 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:35,589 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:35,590 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:35,591 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:35,598 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:35,598 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:35,598 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:35,608 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:35,608 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:35,609 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:35,609 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:35,609 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:35,610 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:35,611 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:35,611 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:35,611 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:35,612 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:35,612 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:35,612 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:35,613 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:35,614 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:35,628 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf [2022-02-20 18:10:35,668 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:35,668 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:35,669 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:35,669 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:35,670 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:35,670 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:35,671 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:35,671 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:35,671 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:35,671 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:35,672 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:35,672 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:35,672 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:35,672 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:35,672 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:35,673 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:35,673 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:35,674 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:35,674 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:35,674 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:35,674 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:35,674 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-02-20 18:10:35,674 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-02-20 18:10:35,674 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:35,674 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:35,675 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:35,675 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-02-20 18:10:35,675 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 190527f0b5c755657048457e241e1db06174c0bd15c9c37dddb3c55b0e7d73ce [2022-02-20 18:10:35,956 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:35,978 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:35,980 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:35,981 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:35,982 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:35,983 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c [2022-02-20 18:10:36,032 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/7a3da622a/c477bf360f264d00b83a7869029a6e38/FLAG32eceac0c [2022-02-20 18:10:36,442 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:36,442 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c [2022-02-20 18:10:36,463 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/7a3da622a/c477bf360f264d00b83a7869029a6e38/FLAG32eceac0c [2022-02-20 18:10:36,820 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/7a3da622a/c477bf360f264d00b83a7869029a6e38 [2022-02-20 18:10:36,822 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:36,823 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:36,826 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:36,826 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:36,829 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:36,830 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,831 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5cf290f8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:36, skipping insertion in model container [2022-02-20 18:10:36,831 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:36" (1/1) ... [2022-02-20 18:10:36,837 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:36,872 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:37,094 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c[17943,17956] [2022-02-20 18:10:37,095 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:37,109 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-02-20 18:10:37,113 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:37,180 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c[17943,17956] [2022-02-20 18:10:37,199 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:37,205 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:37,292 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product42.cil.c[17943,17956] [2022-02-20 18:10:37,293 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:37,306 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:37,307 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37 WrapperNode [2022-02-20 18:10:37,307 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:37,308 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:37,308 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:37,308 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:37,312 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,324 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,344 INFO L137 Inliner]: procedures = 56, calls = 152, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 238 [2022-02-20 18:10:37,345 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:37,345 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:37,346 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:37,346 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:37,351 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,351 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,353 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,354 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,363 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,372 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,373 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,375 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:37,376 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:37,376 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:37,376 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:37,376 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (1/1) ... [2022-02-20 18:10:37,390 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:37,398 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:37,407 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:37,413 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:37,438 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:37,438 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:37,438 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:37,438 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:37,438 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:37,438 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:37,438 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:37,438 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:37,438 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:37,439 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE1 [2022-02-20 18:10:37,439 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:37,439 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:37,439 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:37,439 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:37,501 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:37,502 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:37,774 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:37,780 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:37,781 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:37,784 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:37 BoogieIcfgContainer [2022-02-20 18:10:37,784 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:37,785 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:37,786 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:37,787 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:37,788 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:36" (1/3) ... [2022-02-20 18:10:37,788 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@cb478e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:37, skipping insertion in model container [2022-02-20 18:10:37,788 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:37" (2/3) ... [2022-02-20 18:10:37,789 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@cb478e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:37, skipping insertion in model container [2022-02-20 18:10:37,789 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:37" (3/3) ... [2022-02-20 18:10:37,790 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product42.cil.c [2022-02-20 18:10:37,795 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:37,795 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:37,832 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:37,842 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:37,842 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:37,855 INFO L276 IsEmpty]: Start isEmpty. Operand has 75 states, 60 states have (on average 1.4) internal successors, (84), 66 states have internal predecessors, (84), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:10:37,859 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:37,859 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:37,860 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:37,860 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:37,863 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:37,863 INFO L85 PathProgramCache]: Analyzing trace with hash 1725577786, now seen corresponding path program 1 times [2022-02-20 18:10:37,874 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:37,874 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1901136859] [2022-02-20 18:10:37,874 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:37,875 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:37,875 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:37,876 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:37,877 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-02-20 18:10:37,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,973 INFO L263 TraceCheckSpWp]: Trace formula consists of 144 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:10:37,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:37,984 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:38,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {78#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {78#true} is VALID [2022-02-20 18:10:38,054 INFO L290 TraceCheckUtils]: 1: Hoare triple {78#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {78#true} is VALID [2022-02-20 18:10:38,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {78#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {78#true} is VALID [2022-02-20 18:10:38,054 INFO L290 TraceCheckUtils]: 3: Hoare triple {78#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {78#true} is VALID [2022-02-20 18:10:38,055 INFO L290 TraceCheckUtils]: 4: Hoare triple {78#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {78#true} is VALID [2022-02-20 18:10:38,056 INFO L290 TraceCheckUtils]: 5: Hoare triple {78#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {78#true} is VALID [2022-02-20 18:10:38,056 INFO L290 TraceCheckUtils]: 6: Hoare triple {78#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {78#true} is VALID [2022-02-20 18:10:38,057 INFO L290 TraceCheckUtils]: 7: Hoare triple {78#true} assume false; {79#false} is VALID [2022-02-20 18:10:38,057 INFO L272 TraceCheckUtils]: 8: Hoare triple {79#false} call cleanup(); {79#false} is VALID [2022-02-20 18:10:38,058 INFO L290 TraceCheckUtils]: 9: Hoare triple {79#false} havoc ~i~0;havoc ~__cil_tmp2~0; {79#false} is VALID [2022-02-20 18:10:38,058 INFO L272 TraceCheckUtils]: 10: Hoare triple {79#false} call timeShift(); {79#false} is VALID [2022-02-20 18:10:38,058 INFO L290 TraceCheckUtils]: 11: Hoare triple {79#false} assume !(0bv32 != ~pumpRunning~0); {79#false} is VALID [2022-02-20 18:10:38,058 INFO L290 TraceCheckUtils]: 12: Hoare triple {79#false} assume !(0bv32 != ~systemActive~0); {79#false} is VALID [2022-02-20 18:10:38,058 INFO L290 TraceCheckUtils]: 13: Hoare triple {79#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {79#false} is VALID [2022-02-20 18:10:38,059 INFO L290 TraceCheckUtils]: 14: Hoare triple {79#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {79#false} is VALID [2022-02-20 18:10:38,059 INFO L290 TraceCheckUtils]: 15: Hoare triple {79#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {79#false} is VALID [2022-02-20 18:10:38,059 INFO L290 TraceCheckUtils]: 16: Hoare triple {79#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {79#false} is VALID [2022-02-20 18:10:38,059 INFO L290 TraceCheckUtils]: 17: Hoare triple {79#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {79#false} is VALID [2022-02-20 18:10:38,060 INFO L290 TraceCheckUtils]: 18: Hoare triple {79#false} assume !false; {79#false} is VALID [2022-02-20 18:10:38,061 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:38,061 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:38,061 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:38,062 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1901136859] [2022-02-20 18:10:38,062 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1901136859] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:38,062 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:38,062 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:38,063 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1230352418] [2022-02-20 18:10:38,064 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:38,067 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:38,068 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:38,070 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,089 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:38,089 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:38,089 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:38,110 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:38,111 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:38,113 INFO L87 Difference]: Start difference. First operand has 75 states, 60 states have (on average 1.4) internal successors, (84), 66 states have internal predecessors, (84), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,219 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,221 INFO L93 Difference]: Finished difference Result 142 states and 195 transitions. [2022-02-20 18:10:38,223 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:38,223 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:38,223 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:38,224 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,235 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 195 transitions. [2022-02-20 18:10:38,235 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,243 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 195 transitions. [2022-02-20 18:10:38,243 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 195 transitions. [2022-02-20 18:10:38,388 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 195 edges. 195 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:38,399 INFO L225 Difference]: With dead ends: 142 [2022-02-20 18:10:38,400 INFO L226 Difference]: Without dead ends: 66 [2022-02-20 18:10:38,403 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:38,407 INFO L933 BasicCegarLoop]: 94 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 94 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:38,409 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 94 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:38,420 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 66 states. [2022-02-20 18:10:38,435 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 66 to 66. [2022-02-20 18:10:38,436 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:38,437 INFO L82 GeneralOperation]: Start isEquivalent. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:38,442 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:38,444 INFO L87 Difference]: Start difference. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:38,451 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,451 INFO L93 Difference]: Finished difference Result 66 states and 85 transitions. [2022-02-20 18:10:38,451 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 85 transitions. [2022-02-20 18:10:38,452 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:38,452 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:38,453 INFO L74 IsIncluded]: Start isIncluded. First operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 66 states. [2022-02-20 18:10:38,454 INFO L87 Difference]: Start difference. First operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 66 states. [2022-02-20 18:10:38,458 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,459 INFO L93 Difference]: Finished difference Result 66 states and 85 transitions. [2022-02-20 18:10:38,459 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 85 transitions. [2022-02-20 18:10:38,460 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:38,460 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:38,460 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:38,460 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:38,460 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 53 states have (on average 1.320754716981132) internal successors, (70), 58 states have internal predecessors, (70), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:38,463 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 85 transitions. [2022-02-20 18:10:38,469 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 85 transitions. Word has length 19 [2022-02-20 18:10:38,469 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:38,469 INFO L470 AbstractCegarLoop]: Abstraction has 66 states and 85 transitions. [2022-02-20 18:10:38,470 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,470 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 85 transitions. [2022-02-20 18:10:38,470 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:38,471 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:38,471 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:38,480 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:38,679 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:38,679 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:38,680 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:38,680 INFO L85 PathProgramCache]: Analyzing trace with hash -1606599487, now seen corresponding path program 1 times [2022-02-20 18:10:38,680 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:38,680 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1594991326] [2022-02-20 18:10:38,680 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:38,681 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:38,681 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:38,682 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:38,691 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-02-20 18:10:38,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:38,754 INFO L263 TraceCheckSpWp]: Trace formula consists of 145 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:10:38,765 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:38,766 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:38,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {574#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {574#true} is VALID [2022-02-20 18:10:38,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {574#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {574#true} is VALID [2022-02-20 18:10:38,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {574#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {574#true} is VALID [2022-02-20 18:10:38,849 INFO L290 TraceCheckUtils]: 3: Hoare triple {574#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {574#true} is VALID [2022-02-20 18:10:38,849 INFO L290 TraceCheckUtils]: 4: Hoare triple {574#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {574#true} is VALID [2022-02-20 18:10:38,849 INFO L290 TraceCheckUtils]: 5: Hoare triple {574#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {574#true} is VALID [2022-02-20 18:10:38,850 INFO L290 TraceCheckUtils]: 6: Hoare triple {574#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {597#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:10:38,850 INFO L290 TraceCheckUtils]: 7: Hoare triple {597#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !false; {597#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:10:38,850 INFO L290 TraceCheckUtils]: 8: Hoare triple {597#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !~bvslt32(test_~splverifierCounter~0#1, 4bv32); {575#false} is VALID [2022-02-20 18:10:38,851 INFO L272 TraceCheckUtils]: 9: Hoare triple {575#false} call cleanup(); {575#false} is VALID [2022-02-20 18:10:38,851 INFO L290 TraceCheckUtils]: 10: Hoare triple {575#false} havoc ~i~0;havoc ~__cil_tmp2~0; {575#false} is VALID [2022-02-20 18:10:38,851 INFO L272 TraceCheckUtils]: 11: Hoare triple {575#false} call timeShift(); {575#false} is VALID [2022-02-20 18:10:38,851 INFO L290 TraceCheckUtils]: 12: Hoare triple {575#false} assume !(0bv32 != ~pumpRunning~0); {575#false} is VALID [2022-02-20 18:10:38,851 INFO L290 TraceCheckUtils]: 13: Hoare triple {575#false} assume !(0bv32 != ~systemActive~0); {575#false} is VALID [2022-02-20 18:10:38,852 INFO L290 TraceCheckUtils]: 14: Hoare triple {575#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {575#false} is VALID [2022-02-20 18:10:38,852 INFO L290 TraceCheckUtils]: 15: Hoare triple {575#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {575#false} is VALID [2022-02-20 18:10:38,852 INFO L290 TraceCheckUtils]: 16: Hoare triple {575#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {575#false} is VALID [2022-02-20 18:10:38,852 INFO L290 TraceCheckUtils]: 17: Hoare triple {575#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {575#false} is VALID [2022-02-20 18:10:38,852 INFO L290 TraceCheckUtils]: 18: Hoare triple {575#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {575#false} is VALID [2022-02-20 18:10:38,852 INFO L290 TraceCheckUtils]: 19: Hoare triple {575#false} assume !false; {575#false} is VALID [2022-02-20 18:10:38,853 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:38,853 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:38,853 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:38,853 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1594991326] [2022-02-20 18:10:38,853 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1594991326] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:38,854 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:38,854 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:38,854 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1950722166] [2022-02-20 18:10:38,854 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:38,855 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:38,855 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:38,856 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,872 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:38,872 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:38,873 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:38,873 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:38,873 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:38,873 INFO L87 Difference]: Start difference. First operand 66 states and 85 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:38,973 INFO L93 Difference]: Finished difference Result 97 states and 125 transitions. [2022-02-20 18:10:38,973 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:38,973 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:38,974 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:38,975 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,981 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 125 transitions. [2022-02-20 18:10:38,981 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:38,986 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 125 transitions. [2022-02-20 18:10:38,986 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 125 transitions. [2022-02-20 18:10:39,110 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 125 edges. 125 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:39,117 INFO L225 Difference]: With dead ends: 97 [2022-02-20 18:10:39,117 INFO L226 Difference]: Without dead ends: 57 [2022-02-20 18:10:39,118 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:39,120 INFO L933 BasicCegarLoop]: 72 mSDtfsCounter, 13 mSDsluCounter, 55 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 127 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:39,120 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [16 Valid, 127 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:39,122 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2022-02-20 18:10:39,132 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 57. [2022-02-20 18:10:39,132 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:39,133 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,133 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,133 INFO L87 Difference]: Start difference. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,137 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,137 INFO L93 Difference]: Finished difference Result 57 states and 73 transitions. [2022-02-20 18:10:39,138 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 73 transitions. [2022-02-20 18:10:39,141 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,141 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,142 INFO L74 IsIncluded]: Start isIncluded. First operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:39,142 INFO L87 Difference]: Start difference. First operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:39,147 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,147 INFO L93 Difference]: Finished difference Result 57 states and 73 transitions. [2022-02-20 18:10:39,147 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 73 transitions. [2022-02-20 18:10:39,147 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,147 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,148 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:39,148 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:39,148 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 57 states, 47 states have (on average 1.3404255319148937) internal successors, (63), 52 states have internal predecessors, (63), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,150 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 73 transitions. [2022-02-20 18:10:39,150 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 73 transitions. Word has length 20 [2022-02-20 18:10:39,151 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:39,151 INFO L470 AbstractCegarLoop]: Abstraction has 57 states and 73 transitions. [2022-02-20 18:10:39,151 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:39,151 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 73 transitions. [2022-02-20 18:10:39,154 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:10:39,155 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:39,155 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:39,168 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:39,359 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:39,360 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:39,360 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:39,360 INFO L85 PathProgramCache]: Analyzing trace with hash 1615154650, now seen corresponding path program 1 times [2022-02-20 18:10:39,360 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:39,361 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1439102493] [2022-02-20 18:10:39,361 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:39,361 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:39,361 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:39,362 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:39,363 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-02-20 18:10:39,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:39,403 INFO L263 TraceCheckSpWp]: Trace formula consists of 147 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:10:39,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:39,410 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:39,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {976#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,501 INFO L290 TraceCheckUtils]: 1: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,501 INFO L290 TraceCheckUtils]: 2: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,502 INFO L290 TraceCheckUtils]: 3: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,502 INFO L290 TraceCheckUtils]: 4: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,503 INFO L290 TraceCheckUtils]: 5: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,503 INFO L290 TraceCheckUtils]: 6: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,504 INFO L290 TraceCheckUtils]: 7: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume !false; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,504 INFO L290 TraceCheckUtils]: 8: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,504 INFO L290 TraceCheckUtils]: 9: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,505 INFO L290 TraceCheckUtils]: 10: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~5#1); {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,507 INFO L290 TraceCheckUtils]: 11: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,507 INFO L290 TraceCheckUtils]: 12: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,508 INFO L290 TraceCheckUtils]: 13: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,508 INFO L290 TraceCheckUtils]: 14: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,509 INFO L290 TraceCheckUtils]: 15: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1; {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,510 INFO L272 TraceCheckUtils]: 16: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} call timeShift(); {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,510 INFO L290 TraceCheckUtils]: 17: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {981#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:10:39,511 INFO L290 TraceCheckUtils]: 18: Hoare triple {981#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~systemActive~0); {977#false} is VALID [2022-02-20 18:10:39,516 INFO L290 TraceCheckUtils]: 19: Hoare triple {977#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {977#false} is VALID [2022-02-20 18:10:39,516 INFO L290 TraceCheckUtils]: 20: Hoare triple {977#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {977#false} is VALID [2022-02-20 18:10:39,516 INFO L290 TraceCheckUtils]: 21: Hoare triple {977#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {977#false} is VALID [2022-02-20 18:10:39,516 INFO L290 TraceCheckUtils]: 22: Hoare triple {977#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {977#false} is VALID [2022-02-20 18:10:39,516 INFO L290 TraceCheckUtils]: 23: Hoare triple {977#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {977#false} is VALID [2022-02-20 18:10:39,516 INFO L290 TraceCheckUtils]: 24: Hoare triple {977#false} assume !false; {977#false} is VALID [2022-02-20 18:10:39,517 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:39,517 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:39,517 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:39,517 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1439102493] [2022-02-20 18:10:39,518 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1439102493] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:39,529 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:39,530 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:39,532 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [246882038] [2022-02-20 18:10:39,532 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:39,533 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 25 [2022-02-20 18:10:39,533 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:39,533 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:39,582 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:39,583 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:39,583 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:39,583 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:39,583 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:39,584 INFO L87 Difference]: Start difference. First operand 57 states and 73 transitions. Second operand has 3 states, 3 states have (on average 8.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:39,668 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,668 INFO L93 Difference]: Finished difference Result 107 states and 140 transitions. [2022-02-20 18:10:39,668 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:39,668 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 25 [2022-02-20 18:10:39,668 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:39,668 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:39,670 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 140 transitions. [2022-02-20 18:10:39,670 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:39,672 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 140 transitions. [2022-02-20 18:10:39,672 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 140 transitions. [2022-02-20 18:10:39,817 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 140 edges. 140 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:39,819 INFO L225 Difference]: With dead ends: 107 [2022-02-20 18:10:39,820 INFO L226 Difference]: Without dead ends: 57 [2022-02-20 18:10:39,823 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:39,825 INFO L933 BasicCegarLoop]: 71 mSDtfsCounter, 53 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 53 SdHoareTripleChecker+Valid, 71 SdHoareTripleChecker+Invalid, 2 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:39,826 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [53 Valid, 71 Invalid, 2 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:39,827 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2022-02-20 18:10:39,833 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 57. [2022-02-20 18:10:39,833 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:39,834 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,834 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,834 INFO L87 Difference]: Start difference. First operand 57 states. Second operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,836 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,836 INFO L93 Difference]: Finished difference Result 57 states and 72 transitions. [2022-02-20 18:10:39,836 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 72 transitions. [2022-02-20 18:10:39,837 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,837 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,837 INFO L74 IsIncluded]: Start isIncluded. First operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:39,837 INFO L87 Difference]: Start difference. First operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 57 states. [2022-02-20 18:10:39,839 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:39,839 INFO L93 Difference]: Finished difference Result 57 states and 72 transitions. [2022-02-20 18:10:39,839 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 72 transitions. [2022-02-20 18:10:39,839 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:39,839 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:39,839 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:39,839 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:39,839 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 57 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:39,841 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 72 transitions. [2022-02-20 18:10:39,841 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 72 transitions. Word has length 25 [2022-02-20 18:10:39,842 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:39,842 INFO L470 AbstractCegarLoop]: Abstraction has 57 states and 72 transitions. [2022-02-20 18:10:39,842 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:39,842 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 72 transitions. [2022-02-20 18:10:39,842 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2022-02-20 18:10:39,842 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:39,843 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:39,851 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:40,049 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:40,051 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:40,052 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:40,052 INFO L85 PathProgramCache]: Analyzing trace with hash -1401083419, now seen corresponding path program 1 times [2022-02-20 18:10:40,052 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:40,052 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [240490085] [2022-02-20 18:10:40,052 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:40,053 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:40,053 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:40,061 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:40,062 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-02-20 18:10:40,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:40,112 INFO L263 TraceCheckSpWp]: Trace formula consists of 154 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:40,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:40,134 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:40,230 INFO L290 TraceCheckUtils]: 0: Hoare triple {1405#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,231 INFO L290 TraceCheckUtils]: 2: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,231 INFO L290 TraceCheckUtils]: 3: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,231 INFO L290 TraceCheckUtils]: 4: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,232 INFO L290 TraceCheckUtils]: 5: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,232 INFO L290 TraceCheckUtils]: 6: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,233 INFO L290 TraceCheckUtils]: 7: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume !false; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,233 INFO L290 TraceCheckUtils]: 8: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,233 INFO L290 TraceCheckUtils]: 9: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,247 INFO L290 TraceCheckUtils]: 10: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp~5#1); {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,248 INFO L290 TraceCheckUtils]: 11: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,248 INFO L290 TraceCheckUtils]: 12: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp___0~1#1); {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,249 INFO L290 TraceCheckUtils]: 13: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,249 INFO L290 TraceCheckUtils]: 14: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,249 INFO L290 TraceCheckUtils]: 15: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___1~0#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,250 INFO L272 TraceCheckUtils]: 16: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} call timeShift(); {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,250 INFO L290 TraceCheckUtils]: 17: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,250 INFO L290 TraceCheckUtils]: 18: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {1410#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:10:40,251 INFO L290 TraceCheckUtils]: 19: Hoare triple {1410#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 == ~pumpRunning~0); {1406#false} is VALID [2022-02-20 18:10:40,251 INFO L272 TraceCheckUtils]: 20: Hoare triple {1406#false} call processEnvironment__wrappee__base(); {1406#false} is VALID [2022-02-20 18:10:40,251 INFO L290 TraceCheckUtils]: 21: Hoare triple {1406#false} assume true; {1406#false} is VALID [2022-02-20 18:10:40,251 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1406#false} {1406#false} #211#return; {1406#false} is VALID [2022-02-20 18:10:40,251 INFO L290 TraceCheckUtils]: 23: Hoare triple {1406#false} assume { :end_inline_processEnvironment } true; {1406#false} is VALID [2022-02-20 18:10:40,251 INFO L290 TraceCheckUtils]: 24: Hoare triple {1406#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1406#false} is VALID [2022-02-20 18:10:40,252 INFO L290 TraceCheckUtils]: 25: Hoare triple {1406#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {1406#false} is VALID [2022-02-20 18:10:40,252 INFO L290 TraceCheckUtils]: 26: Hoare triple {1406#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {1406#false} is VALID [2022-02-20 18:10:40,252 INFO L290 TraceCheckUtils]: 27: Hoare triple {1406#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {1406#false} is VALID [2022-02-20 18:10:40,252 INFO L290 TraceCheckUtils]: 28: Hoare triple {1406#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1406#false} is VALID [2022-02-20 18:10:40,252 INFO L290 TraceCheckUtils]: 29: Hoare triple {1406#false} assume !false; {1406#false} is VALID [2022-02-20 18:10:40,252 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:40,252 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:40,252 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:40,252 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [240490085] [2022-02-20 18:10:40,253 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [240490085] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:40,253 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:40,253 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:40,253 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [251586290] [2022-02-20 18:10:40,253 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:40,253 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2022-02-20 18:10:40,253 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:40,253 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.0) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,273 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:40,273 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:40,273 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:40,274 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:40,274 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:40,274 INFO L87 Difference]: Start difference. First operand 57 states and 72 transitions. Second operand has 3 states, 3 states have (on average 9.0) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,352 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:40,353 INFO L93 Difference]: Finished difference Result 143 states and 185 transitions. [2022-02-20 18:10:40,353 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:40,353 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2022-02-20 18:10:40,353 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:40,353 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.0) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,356 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 185 transitions. [2022-02-20 18:10:40,356 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.0) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,361 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 185 transitions. [2022-02-20 18:10:40,361 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 185 transitions. [2022-02-20 18:10:40,478 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 185 edges. 185 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:40,482 INFO L225 Difference]: With dead ends: 143 [2022-02-20 18:10:40,483 INFO L226 Difference]: Without dead ends: 93 [2022-02-20 18:10:40,486 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 28 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:40,489 INFO L933 BasicCegarLoop]: 73 mSDtfsCounter, 45 mSDsluCounter, 46 mSDsCounter, 0 mSdLazyCounter, 7 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 119 SdHoareTripleChecker+Invalid, 10 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 7 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:40,489 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 119 Invalid, 10 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 7 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:40,490 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 93 states. [2022-02-20 18:10:40,495 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 93 to 91. [2022-02-20 18:10:40,496 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:40,496 INFO L82 GeneralOperation]: Start isEquivalent. First operand 93 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,496 INFO L74 IsIncluded]: Start isIncluded. First operand 93 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,497 INFO L87 Difference]: Start difference. First operand 93 states. Second operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,499 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:40,499 INFO L93 Difference]: Finished difference Result 93 states and 116 transitions. [2022-02-20 18:10:40,499 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 116 transitions. [2022-02-20 18:10:40,499 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:40,499 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:40,500 INFO L74 IsIncluded]: Start isIncluded. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 93 states. [2022-02-20 18:10:40,500 INFO L87 Difference]: Start difference. First operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) Second operand 93 states. [2022-02-20 18:10:40,502 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:40,502 INFO L93 Difference]: Finished difference Result 93 states and 116 transitions. [2022-02-20 18:10:40,503 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 116 transitions. [2022-02-20 18:10:40,503 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:40,503 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:40,503 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:40,503 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:40,503 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 91 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 81 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 8 states have return successors, (10), 8 states have call predecessors, (10), 8 states have call successors, (10) [2022-02-20 18:10:40,505 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 91 states to 91 states and 115 transitions. [2022-02-20 18:10:40,506 INFO L78 Accepts]: Start accepts. Automaton has 91 states and 115 transitions. Word has length 30 [2022-02-20 18:10:40,506 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:40,506 INFO L470 AbstractCegarLoop]: Abstraction has 91 states and 115 transitions. [2022-02-20 18:10:40,506 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,506 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 115 transitions. [2022-02-20 18:10:40,506 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-02-20 18:10:40,506 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:40,507 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:40,518 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Ended with exit code 0 [2022-02-20 18:10:40,713 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:40,713 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:40,713 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:40,713 INFO L85 PathProgramCache]: Analyzing trace with hash 435007003, now seen corresponding path program 1 times [2022-02-20 18:10:40,714 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:40,714 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1146035386] [2022-02-20 18:10:40,714 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:40,714 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:40,714 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:40,715 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:40,716 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-02-20 18:10:40,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:40,757 INFO L263 TraceCheckSpWp]: Trace formula consists of 164 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:40,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:40,768 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:40,861 INFO L290 TraceCheckUtils]: 0: Hoare triple {2019#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,863 INFO L290 TraceCheckUtils]: 3: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,863 INFO L290 TraceCheckUtils]: 4: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,863 INFO L290 TraceCheckUtils]: 5: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,864 INFO L290 TraceCheckUtils]: 6: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,864 INFO L290 TraceCheckUtils]: 7: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume !false; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,864 INFO L290 TraceCheckUtils]: 8: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,864 INFO L290 TraceCheckUtils]: 9: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,865 INFO L290 TraceCheckUtils]: 10: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~5#1); {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,865 INFO L290 TraceCheckUtils]: 11: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,867 INFO L290 TraceCheckUtils]: 12: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,867 INFO L290 TraceCheckUtils]: 13: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,867 INFO L290 TraceCheckUtils]: 14: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,868 INFO L290 TraceCheckUtils]: 15: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,868 INFO L272 TraceCheckUtils]: 16: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} call timeShift(); {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,868 INFO L290 TraceCheckUtils]: 17: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,869 INFO L290 TraceCheckUtils]: 18: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,869 INFO L290 TraceCheckUtils]: 19: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {2024#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:40,870 INFO L290 TraceCheckUtils]: 20: Hoare triple {2024#(= ~waterLevel~0 (_ bv1 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {2020#false} is VALID [2022-02-20 18:10:40,870 INFO L290 TraceCheckUtils]: 21: Hoare triple {2020#false} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {2020#false} is VALID [2022-02-20 18:10:40,870 INFO L290 TraceCheckUtils]: 22: Hoare triple {2020#false} assume 0bv32 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {2020#false} is VALID [2022-02-20 18:10:40,870 INFO L290 TraceCheckUtils]: 23: Hoare triple {2020#false} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {2020#false} is VALID [2022-02-20 18:10:40,870 INFO L290 TraceCheckUtils]: 24: Hoare triple {2020#false} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {2020#false} is VALID [2022-02-20 18:10:40,870 INFO L290 TraceCheckUtils]: 25: Hoare triple {2020#false} assume !(0bv32 != processEnvironment_~tmp~6#1); {2020#false} is VALID [2022-02-20 18:10:40,870 INFO L272 TraceCheckUtils]: 26: Hoare triple {2020#false} call processEnvironment__wrappee__base(); {2020#false} is VALID [2022-02-20 18:10:40,870 INFO L290 TraceCheckUtils]: 27: Hoare triple {2020#false} assume true; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2020#false} {2020#false} #209#return; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L290 TraceCheckUtils]: 29: Hoare triple {2020#false} assume { :end_inline_processEnvironment } true; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L290 TraceCheckUtils]: 30: Hoare triple {2020#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L290 TraceCheckUtils]: 31: Hoare triple {2020#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L290 TraceCheckUtils]: 32: Hoare triple {2020#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L290 TraceCheckUtils]: 33: Hoare triple {2020#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L290 TraceCheckUtils]: 34: Hoare triple {2020#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L290 TraceCheckUtils]: 35: Hoare triple {2020#false} assume !false; {2020#false} is VALID [2022-02-20 18:10:40,871 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:40,872 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:40,872 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:40,877 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1146035386] [2022-02-20 18:10:40,877 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1146035386] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:40,877 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:40,877 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:40,877 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [165372487] [2022-02-20 18:10:40,877 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:40,878 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 2 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:40,878 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:40,878 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 11.0) internal successors, (33), 2 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:40,904 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:40,904 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:40,904 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:40,905 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:40,905 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:40,905 INFO L87 Difference]: Start difference. First operand 91 states and 115 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 2 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,015 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,016 INFO L93 Difference]: Finished difference Result 249 states and 330 transitions. [2022-02-20 18:10:41,016 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:41,016 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 2 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:41,017 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:41,017 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 2 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,020 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 200 transitions. [2022-02-20 18:10:41,020 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 2 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,022 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 200 transitions. [2022-02-20 18:10:41,023 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 200 transitions. [2022-02-20 18:10:41,157 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 200 edges. 200 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:41,160 INFO L225 Difference]: With dead ends: 249 [2022-02-20 18:10:41,160 INFO L226 Difference]: Without dead ends: 165 [2022-02-20 18:10:41,161 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:41,161 INFO L933 BasicCegarLoop]: 72 mSDtfsCounter, 41 mSDsluCounter, 60 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 132 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:41,162 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 132 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:41,163 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 165 states. [2022-02-20 18:10:41,182 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 165 to 163. [2022-02-20 18:10:41,182 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:41,183 INFO L82 GeneralOperation]: Start isEquivalent. First operand 165 states. Second operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,183 INFO L74 IsIncluded]: Start isIncluded. First operand 165 states. Second operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,183 INFO L87 Difference]: Start difference. First operand 165 states. Second operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,188 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,188 INFO L93 Difference]: Finished difference Result 165 states and 212 transitions. [2022-02-20 18:10:41,188 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 212 transitions. [2022-02-20 18:10:41,188 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:41,189 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:41,189 INFO L74 IsIncluded]: Start isIncluded. First operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 165 states. [2022-02-20 18:10:41,189 INFO L87 Difference]: Start difference. First operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 165 states. [2022-02-20 18:10:41,194 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,194 INFO L93 Difference]: Finished difference Result 165 states and 212 transitions. [2022-02-20 18:10:41,194 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 212 transitions. [2022-02-20 18:10:41,194 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:41,194 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:41,194 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:41,194 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:41,195 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 163 states, 134 states have (on average 1.3059701492537314) internal successors, (175), 144 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,199 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 163 states to 163 states and 211 transitions. [2022-02-20 18:10:41,200 INFO L78 Accepts]: Start accepts. Automaton has 163 states and 211 transitions. Word has length 36 [2022-02-20 18:10:41,200 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:41,200 INFO L470 AbstractCegarLoop]: Abstraction has 163 states and 211 transitions. [2022-02-20 18:10:41,200 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 2 states have internal predecessors, (33), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,200 INFO L276 IsEmpty]: Start isEmpty. Operand 163 states and 211 transitions. [2022-02-20 18:10:41,201 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-02-20 18:10:41,201 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:41,201 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:41,217 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:41,407 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:41,408 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:41,408 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:41,408 INFO L85 PathProgramCache]: Analyzing trace with hash 1456075357, now seen corresponding path program 1 times [2022-02-20 18:10:41,408 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:41,408 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [949056932] [2022-02-20 18:10:41,408 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:41,409 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:41,409 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:41,409 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:41,410 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Waiting until timeout for monitored process [2022-02-20 18:10:41,454 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:41,456 INFO L263 TraceCheckSpWp]: Trace formula consists of 164 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:10:41,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:41,466 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:41,579 INFO L290 TraceCheckUtils]: 0: Hoare triple {3053#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,580 INFO L290 TraceCheckUtils]: 1: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,580 INFO L290 TraceCheckUtils]: 2: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,580 INFO L290 TraceCheckUtils]: 3: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,580 INFO L290 TraceCheckUtils]: 4: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,581 INFO L290 TraceCheckUtils]: 5: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,581 INFO L290 TraceCheckUtils]: 6: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,581 INFO L290 TraceCheckUtils]: 7: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume !false; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,582 INFO L290 TraceCheckUtils]: 8: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,582 INFO L290 TraceCheckUtils]: 9: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,582 INFO L290 TraceCheckUtils]: 10: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~5#1); {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,583 INFO L290 TraceCheckUtils]: 11: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,583 INFO L290 TraceCheckUtils]: 12: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,583 INFO L290 TraceCheckUtils]: 13: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,584 INFO L290 TraceCheckUtils]: 14: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,584 INFO L290 TraceCheckUtils]: 15: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,584 INFO L272 TraceCheckUtils]: 16: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} call timeShift(); {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,585 INFO L290 TraceCheckUtils]: 17: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,585 INFO L290 TraceCheckUtils]: 18: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,585 INFO L290 TraceCheckUtils]: 19: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,585 INFO L290 TraceCheckUtils]: 20: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,586 INFO L290 TraceCheckUtils]: 21: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,586 INFO L290 TraceCheckUtils]: 22: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,586 INFO L290 TraceCheckUtils]: 23: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,587 INFO L290 TraceCheckUtils]: 24: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,587 INFO L290 TraceCheckUtils]: 25: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != processEnvironment_~tmp~6#1); {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,587 INFO L272 TraceCheckUtils]: 26: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} call processEnvironment__wrappee__base(); {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,588 INFO L290 TraceCheckUtils]: 27: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume true; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,588 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3058#(= ~waterLevel~0 (_ bv1 32))} {3058#(= ~waterLevel~0 (_ bv1 32))} #209#return; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,588 INFO L290 TraceCheckUtils]: 29: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_processEnvironment } true; {3058#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:41,589 INFO L290 TraceCheckUtils]: 30: Hoare triple {3058#(= ~waterLevel~0 (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {3149#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:41,589 INFO L290 TraceCheckUtils]: 31: Hoare triple {3149#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {3153#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv1 32))} is VALID [2022-02-20 18:10:41,589 INFO L290 TraceCheckUtils]: 32: Hoare triple {3153#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv1 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {3054#false} is VALID [2022-02-20 18:10:41,590 INFO L290 TraceCheckUtils]: 33: Hoare triple {3054#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {3054#false} is VALID [2022-02-20 18:10:41,590 INFO L290 TraceCheckUtils]: 34: Hoare triple {3054#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {3054#false} is VALID [2022-02-20 18:10:41,590 INFO L290 TraceCheckUtils]: 35: Hoare triple {3054#false} assume !false; {3054#false} is VALID [2022-02-20 18:10:41,590 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:41,591 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:41,591 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:41,591 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [949056932] [2022-02-20 18:10:41,591 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [949056932] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:41,591 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:41,591 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:41,591 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2135680249] [2022-02-20 18:10:41,591 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:41,592 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:41,592 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:41,592 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,616 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:41,616 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:41,616 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:41,616 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:41,617 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:41,617 INFO L87 Difference]: Start difference. First operand 163 states and 211 transitions. Second operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,804 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,804 INFO L93 Difference]: Finished difference Result 315 states and 413 transitions. [2022-02-20 18:10:41,804 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:41,805 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 36 [2022-02-20 18:10:41,805 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:41,805 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,807 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 192 transitions. [2022-02-20 18:10:41,807 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,809 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 192 transitions. [2022-02-20 18:10:41,809 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 192 transitions. [2022-02-20 18:10:41,938 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 192 edges. 192 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:41,940 INFO L225 Difference]: With dead ends: 315 [2022-02-20 18:10:41,940 INFO L226 Difference]: Without dead ends: 159 [2022-02-20 18:10:41,941 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 37 GetRequests, 32 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:41,941 INFO L933 BasicCegarLoop]: 70 mSDtfsCounter, 32 mSDsluCounter, 200 mSDsCounter, 0 mSdLazyCounter, 25 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 270 SdHoareTripleChecker+Invalid, 26 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 25 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:41,942 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [32 Valid, 270 Invalid, 26 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 25 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:41,942 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 159 states. [2022-02-20 18:10:41,950 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 159 to 159. [2022-02-20 18:10:41,950 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:41,950 INFO L82 GeneralOperation]: Start isEquivalent. First operand 159 states. Second operand has 159 states, 130 states have (on average 1.2846153846153847) internal successors, (167), 140 states have internal predecessors, (167), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,951 INFO L74 IsIncluded]: Start isIncluded. First operand 159 states. Second operand has 159 states, 130 states have (on average 1.2846153846153847) internal successors, (167), 140 states have internal predecessors, (167), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,951 INFO L87 Difference]: Start difference. First operand 159 states. Second operand has 159 states, 130 states have (on average 1.2846153846153847) internal successors, (167), 140 states have internal predecessors, (167), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,956 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,957 INFO L93 Difference]: Finished difference Result 159 states and 203 transitions. [2022-02-20 18:10:41,957 INFO L276 IsEmpty]: Start isEmpty. Operand 159 states and 203 transitions. [2022-02-20 18:10:41,957 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:41,957 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:41,958 INFO L74 IsIncluded]: Start isIncluded. First operand has 159 states, 130 states have (on average 1.2846153846153847) internal successors, (167), 140 states have internal predecessors, (167), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 159 states. [2022-02-20 18:10:41,959 INFO L87 Difference]: Start difference. First operand has 159 states, 130 states have (on average 1.2846153846153847) internal successors, (167), 140 states have internal predecessors, (167), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 159 states. [2022-02-20 18:10:41,963 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:41,963 INFO L93 Difference]: Finished difference Result 159 states and 203 transitions. [2022-02-20 18:10:41,963 INFO L276 IsEmpty]: Start isEmpty. Operand 159 states and 203 transitions. [2022-02-20 18:10:41,964 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:41,964 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:41,964 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:41,964 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:41,965 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 159 states, 130 states have (on average 1.2846153846153847) internal successors, (167), 140 states have internal predecessors, (167), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:41,969 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 159 states to 159 states and 203 transitions. [2022-02-20 18:10:41,970 INFO L78 Accepts]: Start accepts. Automaton has 159 states and 203 transitions. Word has length 36 [2022-02-20 18:10:41,970 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:41,970 INFO L470 AbstractCegarLoop]: Abstraction has 159 states and 203 transitions. [2022-02-20 18:10:41,970 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:41,970 INFO L276 IsEmpty]: Start isEmpty. Operand 159 states and 203 transitions. [2022-02-20 18:10:41,971 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 18:10:41,971 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:41,971 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:41,978 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:42,180 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:42,180 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:42,180 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:42,180 INFO L85 PathProgramCache]: Analyzing trace with hash 2010908609, now seen corresponding path program 1 times [2022-02-20 18:10:42,181 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:42,181 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2137506863] [2022-02-20 18:10:42,181 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:42,181 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:42,181 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:42,182 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:42,185 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-02-20 18:10:42,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:42,242 INFO L263 TraceCheckSpWp]: Trace formula consists of 171 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:42,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:42,258 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:42,326 INFO L290 TraceCheckUtils]: 0: Hoare triple {4172#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {4172#true} is VALID [2022-02-20 18:10:42,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {4172#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {4172#true} is VALID [2022-02-20 18:10:42,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {4172#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4172#true} is VALID [2022-02-20 18:10:42,327 INFO L290 TraceCheckUtils]: 3: Hoare triple {4172#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {4172#true} is VALID [2022-02-20 18:10:42,327 INFO L290 TraceCheckUtils]: 4: Hoare triple {4172#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {4172#true} is VALID [2022-02-20 18:10:42,327 INFO L290 TraceCheckUtils]: 5: Hoare triple {4172#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {4172#true} is VALID [2022-02-20 18:10:42,327 INFO L290 TraceCheckUtils]: 6: Hoare triple {4172#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {4172#true} is VALID [2022-02-20 18:10:42,327 INFO L290 TraceCheckUtils]: 7: Hoare triple {4172#true} assume !false; {4172#true} is VALID [2022-02-20 18:10:42,327 INFO L290 TraceCheckUtils]: 8: Hoare triple {4172#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {4172#true} is VALID [2022-02-20 18:10:42,327 INFO L290 TraceCheckUtils]: 9: Hoare triple {4172#true} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {4172#true} is VALID [2022-02-20 18:10:42,328 INFO L290 TraceCheckUtils]: 10: Hoare triple {4172#true} assume 0bv32 != test_~tmp~5#1; {4172#true} is VALID [2022-02-20 18:10:42,328 INFO L272 TraceCheckUtils]: 11: Hoare triple {4172#true} call waterRise(); {4172#true} is VALID [2022-02-20 18:10:42,328 INFO L290 TraceCheckUtils]: 12: Hoare triple {4172#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {4172#true} is VALID [2022-02-20 18:10:42,328 INFO L290 TraceCheckUtils]: 13: Hoare triple {4172#true} assume true; {4172#true} is VALID [2022-02-20 18:10:42,328 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {4172#true} {4172#true} #217#return; {4172#true} is VALID [2022-02-20 18:10:42,328 INFO L290 TraceCheckUtils]: 15: Hoare triple {4172#true} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {4172#true} is VALID [2022-02-20 18:10:42,328 INFO L290 TraceCheckUtils]: 16: Hoare triple {4172#true} assume !(0bv32 != test_~tmp___0~1#1); {4172#true} is VALID [2022-02-20 18:10:42,329 INFO L290 TraceCheckUtils]: 17: Hoare triple {4172#true} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {4172#true} is VALID [2022-02-20 18:10:42,331 INFO L290 TraceCheckUtils]: 18: Hoare triple {4172#true} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {4172#true} is VALID [2022-02-20 18:10:42,331 INFO L290 TraceCheckUtils]: 19: Hoare triple {4172#true} assume 0bv32 != test_~tmp___1~0#1; {4172#true} is VALID [2022-02-20 18:10:42,331 INFO L272 TraceCheckUtils]: 20: Hoare triple {4172#true} call timeShift(); {4172#true} is VALID [2022-02-20 18:10:42,331 INFO L290 TraceCheckUtils]: 21: Hoare triple {4172#true} assume !(0bv32 != ~pumpRunning~0); {4172#true} is VALID [2022-02-20 18:10:42,332 INFO L290 TraceCheckUtils]: 22: Hoare triple {4172#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {4172#true} is VALID [2022-02-20 18:10:42,332 INFO L290 TraceCheckUtils]: 23: Hoare triple {4172#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {4172#true} is VALID [2022-02-20 18:10:42,333 INFO L290 TraceCheckUtils]: 24: Hoare triple {4172#true} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {4249#(= |timeShift_isHighWaterSensorDry_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:42,333 INFO L290 TraceCheckUtils]: 25: Hoare triple {4249#(= |timeShift_isHighWaterSensorDry_#res#1| (_ bv0 32))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {4253#(= |timeShift_isHighWaterLevel_~tmp~8#1| (_ bv0 32))} is VALID [2022-02-20 18:10:42,333 INFO L290 TraceCheckUtils]: 26: Hoare triple {4253#(= |timeShift_isHighWaterLevel_~tmp~8#1| (_ bv0 32))} assume 0bv32 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {4173#false} is VALID [2022-02-20 18:10:42,333 INFO L290 TraceCheckUtils]: 27: Hoare triple {4173#false} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {4173#false} is VALID [2022-02-20 18:10:42,333 INFO L290 TraceCheckUtils]: 28: Hoare triple {4173#false} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {4173#false} is VALID [2022-02-20 18:10:42,334 INFO L290 TraceCheckUtils]: 29: Hoare triple {4173#false} assume !(0bv32 != processEnvironment_~tmp~6#1); {4173#false} is VALID [2022-02-20 18:10:42,334 INFO L272 TraceCheckUtils]: 30: Hoare triple {4173#false} call processEnvironment__wrappee__base(); {4173#false} is VALID [2022-02-20 18:10:42,334 INFO L290 TraceCheckUtils]: 31: Hoare triple {4173#false} assume true; {4173#false} is VALID [2022-02-20 18:10:42,334 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {4173#false} {4173#false} #209#return; {4173#false} is VALID [2022-02-20 18:10:42,334 INFO L290 TraceCheckUtils]: 33: Hoare triple {4173#false} assume { :end_inline_processEnvironment } true; {4173#false} is VALID [2022-02-20 18:10:42,334 INFO L290 TraceCheckUtils]: 34: Hoare triple {4173#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {4173#false} is VALID [2022-02-20 18:10:42,334 INFO L290 TraceCheckUtils]: 35: Hoare triple {4173#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {4173#false} is VALID [2022-02-20 18:10:42,337 INFO L290 TraceCheckUtils]: 36: Hoare triple {4173#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {4173#false} is VALID [2022-02-20 18:10:42,337 INFO L290 TraceCheckUtils]: 37: Hoare triple {4173#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {4173#false} is VALID [2022-02-20 18:10:42,337 INFO L290 TraceCheckUtils]: 38: Hoare triple {4173#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {4173#false} is VALID [2022-02-20 18:10:42,337 INFO L290 TraceCheckUtils]: 39: Hoare triple {4173#false} assume !false; {4173#false} is VALID [2022-02-20 18:10:42,338 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:42,338 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:42,338 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:42,338 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2137506863] [2022-02-20 18:10:42,338 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2137506863] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:42,338 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:42,338 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:42,339 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [454756170] [2022-02-20 18:10:42,339 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:42,339 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.75) internal successors, (35), 4 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 40 [2022-02-20 18:10:42,339 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:42,339 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 8.75) internal successors, (35), 4 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,364 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:42,364 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:10:42,364 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:42,364 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:10:42,364 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:10:42,365 INFO L87 Difference]: Start difference. First operand 159 states and 203 transitions. Second operand has 4 states, 4 states have (on average 8.75) internal successors, (35), 4 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,526 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:42,526 INFO L93 Difference]: Finished difference Result 329 states and 429 transitions. [2022-02-20 18:10:42,527 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:42,527 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.75) internal successors, (35), 4 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 40 [2022-02-20 18:10:42,527 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:42,527 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.75) internal successors, (35), 4 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,529 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 189 transitions. [2022-02-20 18:10:42,529 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.75) internal successors, (35), 4 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,531 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 189 transitions. [2022-02-20 18:10:42,531 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 189 transitions. [2022-02-20 18:10:42,646 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 189 edges. 189 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:42,650 INFO L225 Difference]: With dead ends: 329 [2022-02-20 18:10:42,650 INFO L226 Difference]: Without dead ends: 245 [2022-02-20 18:10:42,651 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:42,651 INFO L933 BasicCegarLoop]: 108 mSDtfsCounter, 44 mSDsluCounter, 153 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 261 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:42,652 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 261 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:42,652 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 245 states. [2022-02-20 18:10:42,660 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 245 to 161. [2022-02-20 18:10:42,660 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:42,660 INFO L82 GeneralOperation]: Start isEquivalent. First operand 245 states. Second operand has 161 states, 132 states have (on average 1.2803030303030303) internal successors, (169), 142 states have internal predecessors, (169), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:42,661 INFO L74 IsIncluded]: Start isIncluded. First operand 245 states. Second operand has 161 states, 132 states have (on average 1.2803030303030303) internal successors, (169), 142 states have internal predecessors, (169), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:42,661 INFO L87 Difference]: Start difference. First operand 245 states. Second operand has 161 states, 132 states have (on average 1.2803030303030303) internal successors, (169), 142 states have internal predecessors, (169), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:42,667 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:42,668 INFO L93 Difference]: Finished difference Result 245 states and 314 transitions. [2022-02-20 18:10:42,668 INFO L276 IsEmpty]: Start isEmpty. Operand 245 states and 314 transitions. [2022-02-20 18:10:42,668 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:42,668 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:42,669 INFO L74 IsIncluded]: Start isIncluded. First operand has 161 states, 132 states have (on average 1.2803030303030303) internal successors, (169), 142 states have internal predecessors, (169), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 245 states. [2022-02-20 18:10:42,669 INFO L87 Difference]: Start difference. First operand has 161 states, 132 states have (on average 1.2803030303030303) internal successors, (169), 142 states have internal predecessors, (169), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 245 states. [2022-02-20 18:10:42,676 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:42,676 INFO L93 Difference]: Finished difference Result 245 states and 314 transitions. [2022-02-20 18:10:42,676 INFO L276 IsEmpty]: Start isEmpty. Operand 245 states and 314 transitions. [2022-02-20 18:10:42,677 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:42,677 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:42,677 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:42,677 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:42,678 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 161 states, 132 states have (on average 1.2803030303030303) internal successors, (169), 142 states have internal predecessors, (169), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:42,682 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 161 states to 161 states and 205 transitions. [2022-02-20 18:10:42,682 INFO L78 Accepts]: Start accepts. Automaton has 161 states and 205 transitions. Word has length 40 [2022-02-20 18:10:42,682 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:42,682 INFO L470 AbstractCegarLoop]: Abstraction has 161 states and 205 transitions. [2022-02-20 18:10:42,682 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 8.75) internal successors, (35), 4 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:42,683 INFO L276 IsEmpty]: Start isEmpty. Operand 161 states and 205 transitions. [2022-02-20 18:10:42,683 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 18:10:42,683 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:42,683 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:42,692 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:42,890 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:42,890 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:42,890 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:42,890 INFO L85 PathProgramCache]: Analyzing trace with hash 999791359, now seen corresponding path program 1 times [2022-02-20 18:10:42,891 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:42,891 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1397947069] [2022-02-20 18:10:42,891 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:42,891 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:42,891 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:42,892 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:42,893 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-02-20 18:10:42,930 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:42,932 INFO L263 TraceCheckSpWp]: Trace formula consists of 171 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 18:10:42,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:42,947 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:43,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {5500#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {5500#true} is VALID [2022-02-20 18:10:43,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {5500#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5500#true} is VALID [2022-02-20 18:10:43,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {5500#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5500#true} is VALID [2022-02-20 18:10:43,046 INFO L290 TraceCheckUtils]: 3: Hoare triple {5500#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {5500#true} is VALID [2022-02-20 18:10:43,046 INFO L290 TraceCheckUtils]: 4: Hoare triple {5500#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {5500#true} is VALID [2022-02-20 18:10:43,046 INFO L290 TraceCheckUtils]: 5: Hoare triple {5500#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {5500#true} is VALID [2022-02-20 18:10:43,046 INFO L290 TraceCheckUtils]: 6: Hoare triple {5500#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {5500#true} is VALID [2022-02-20 18:10:43,046 INFO L290 TraceCheckUtils]: 7: Hoare triple {5500#true} assume !false; {5500#true} is VALID [2022-02-20 18:10:43,046 INFO L290 TraceCheckUtils]: 8: Hoare triple {5500#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {5500#true} is VALID [2022-02-20 18:10:43,046 INFO L290 TraceCheckUtils]: 9: Hoare triple {5500#true} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {5500#true} is VALID [2022-02-20 18:10:43,047 INFO L290 TraceCheckUtils]: 10: Hoare triple {5500#true} assume 0bv32 != test_~tmp~5#1; {5500#true} is VALID [2022-02-20 18:10:43,047 INFO L272 TraceCheckUtils]: 11: Hoare triple {5500#true} call waterRise(); {5500#true} is VALID [2022-02-20 18:10:43,047 INFO L290 TraceCheckUtils]: 12: Hoare triple {5500#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {5500#true} is VALID [2022-02-20 18:10:43,047 INFO L290 TraceCheckUtils]: 13: Hoare triple {5500#true} assume true; {5500#true} is VALID [2022-02-20 18:10:43,047 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5500#true} {5500#true} #217#return; {5500#true} is VALID [2022-02-20 18:10:43,047 INFO L290 TraceCheckUtils]: 15: Hoare triple {5500#true} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {5500#true} is VALID [2022-02-20 18:10:43,047 INFO L290 TraceCheckUtils]: 16: Hoare triple {5500#true} assume !(0bv32 != test_~tmp___0~1#1); {5500#true} is VALID [2022-02-20 18:10:43,048 INFO L290 TraceCheckUtils]: 17: Hoare triple {5500#true} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {5500#true} is VALID [2022-02-20 18:10:43,048 INFO L290 TraceCheckUtils]: 18: Hoare triple {5500#true} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {5500#true} is VALID [2022-02-20 18:10:43,048 INFO L290 TraceCheckUtils]: 19: Hoare triple {5500#true} assume 0bv32 != test_~tmp___1~0#1; {5500#true} is VALID [2022-02-20 18:10:43,048 INFO L272 TraceCheckUtils]: 20: Hoare triple {5500#true} call timeShift(); {5500#true} is VALID [2022-02-20 18:10:43,048 INFO L290 TraceCheckUtils]: 21: Hoare triple {5500#true} assume !(0bv32 != ~pumpRunning~0); {5500#true} is VALID [2022-02-20 18:10:43,048 INFO L290 TraceCheckUtils]: 22: Hoare triple {5500#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {5500#true} is VALID [2022-02-20 18:10:43,049 INFO L290 TraceCheckUtils]: 23: Hoare triple {5500#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {5500#true} is VALID [2022-02-20 18:10:43,049 INFO L290 TraceCheckUtils]: 24: Hoare triple {5500#true} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {5500#true} is VALID [2022-02-20 18:10:43,049 INFO L290 TraceCheckUtils]: 25: Hoare triple {5500#true} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {5500#true} is VALID [2022-02-20 18:10:43,049 INFO L290 TraceCheckUtils]: 26: Hoare triple {5500#true} assume !(0bv32 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {5583#(= (_ bv1 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} is VALID [2022-02-20 18:10:43,050 INFO L290 TraceCheckUtils]: 27: Hoare triple {5583#(= (_ bv1 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {5587#(= |timeShift_isHighWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:43,050 INFO L290 TraceCheckUtils]: 28: Hoare triple {5587#(= |timeShift_isHighWaterLevel_#res#1| (_ bv1 32))} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {5591#(= |timeShift_processEnvironment_~tmp~6#1| (_ bv1 32))} is VALID [2022-02-20 18:10:43,050 INFO L290 TraceCheckUtils]: 29: Hoare triple {5591#(= |timeShift_processEnvironment_~tmp~6#1| (_ bv1 32))} assume !(0bv32 != processEnvironment_~tmp~6#1); {5501#false} is VALID [2022-02-20 18:10:43,051 INFO L272 TraceCheckUtils]: 30: Hoare triple {5501#false} call processEnvironment__wrappee__base(); {5501#false} is VALID [2022-02-20 18:10:43,051 INFO L290 TraceCheckUtils]: 31: Hoare triple {5501#false} assume true; {5501#false} is VALID [2022-02-20 18:10:43,051 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {5501#false} {5501#false} #209#return; {5501#false} is VALID [2022-02-20 18:10:43,051 INFO L290 TraceCheckUtils]: 33: Hoare triple {5501#false} assume { :end_inline_processEnvironment } true; {5501#false} is VALID [2022-02-20 18:10:43,051 INFO L290 TraceCheckUtils]: 34: Hoare triple {5501#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {5501#false} is VALID [2022-02-20 18:10:43,051 INFO L290 TraceCheckUtils]: 35: Hoare triple {5501#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {5501#false} is VALID [2022-02-20 18:10:43,051 INFO L290 TraceCheckUtils]: 36: Hoare triple {5501#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {5501#false} is VALID [2022-02-20 18:10:43,052 INFO L290 TraceCheckUtils]: 37: Hoare triple {5501#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {5501#false} is VALID [2022-02-20 18:10:43,053 INFO L290 TraceCheckUtils]: 38: Hoare triple {5501#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {5501#false} is VALID [2022-02-20 18:10:43,054 INFO L290 TraceCheckUtils]: 39: Hoare triple {5501#false} assume !false; {5501#false} is VALID [2022-02-20 18:10:43,055 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:43,055 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:43,055 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:43,055 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1397947069] [2022-02-20 18:10:43,055 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1397947069] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:43,055 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:43,055 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:43,055 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [461954000] [2022-02-20 18:10:43,056 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:43,056 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.0) internal successors, (35), 5 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 40 [2022-02-20 18:10:43,056 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:43,056 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 7.0) internal successors, (35), 5 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,090 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:43,090 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:43,090 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:43,091 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:43,091 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:43,091 INFO L87 Difference]: Start difference. First operand 161 states and 205 transitions. Second operand has 5 states, 5 states have (on average 7.0) internal successors, (35), 5 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,277 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:43,277 INFO L93 Difference]: Finished difference Result 367 states and 473 transitions. [2022-02-20 18:10:43,277 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:43,278 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.0) internal successors, (35), 5 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 40 [2022-02-20 18:10:43,278 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:43,278 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.0) internal successors, (35), 5 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,279 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 160 transitions. [2022-02-20 18:10:43,280 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.0) internal successors, (35), 5 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,281 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 160 transitions. [2022-02-20 18:10:43,281 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 160 transitions. [2022-02-20 18:10:43,375 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 160 edges. 160 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:43,379 INFO L225 Difference]: With dead ends: 367 [2022-02-20 18:10:43,379 INFO L226 Difference]: Without dead ends: 213 [2022-02-20 18:10:43,380 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 41 GetRequests, 36 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:43,380 INFO L933 BasicCegarLoop]: 90 mSDtfsCounter, 57 mSDsluCounter, 208 mSDsCounter, 0 mSdLazyCounter, 14 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 298 SdHoareTripleChecker+Invalid, 14 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 14 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:43,380 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [57 Valid, 298 Invalid, 14 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 14 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:43,381 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 213 states. [2022-02-20 18:10:43,387 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 213 to 167. [2022-02-20 18:10:43,387 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:43,388 INFO L82 GeneralOperation]: Start isEquivalent. First operand 213 states. Second operand has 167 states, 138 states have (on average 1.2681159420289856) internal successors, (175), 148 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:43,388 INFO L74 IsIncluded]: Start isIncluded. First operand 213 states. Second operand has 167 states, 138 states have (on average 1.2681159420289856) internal successors, (175), 148 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:43,389 INFO L87 Difference]: Start difference. First operand 213 states. Second operand has 167 states, 138 states have (on average 1.2681159420289856) internal successors, (175), 148 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:43,393 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:43,393 INFO L93 Difference]: Finished difference Result 213 states and 268 transitions. [2022-02-20 18:10:43,393 INFO L276 IsEmpty]: Start isEmpty. Operand 213 states and 268 transitions. [2022-02-20 18:10:43,394 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:43,394 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:43,395 INFO L74 IsIncluded]: Start isIncluded. First operand has 167 states, 138 states have (on average 1.2681159420289856) internal successors, (175), 148 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 213 states. [2022-02-20 18:10:43,395 INFO L87 Difference]: Start difference. First operand has 167 states, 138 states have (on average 1.2681159420289856) internal successors, (175), 148 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) Second operand 213 states. [2022-02-20 18:10:43,407 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:43,408 INFO L93 Difference]: Finished difference Result 213 states and 268 transitions. [2022-02-20 18:10:43,408 INFO L276 IsEmpty]: Start isEmpty. Operand 213 states and 268 transitions. [2022-02-20 18:10:43,408 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:43,408 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:43,408 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:43,409 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:43,409 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 167 states, 138 states have (on average 1.2681159420289856) internal successors, (175), 148 states have internal predecessors, (175), 15 states have call successors, (15), 15 states have call predecessors, (15), 13 states have return successors, (21), 13 states have call predecessors, (21), 15 states have call successors, (21) [2022-02-20 18:10:43,412 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 167 states to 167 states and 211 transitions. [2022-02-20 18:10:43,412 INFO L78 Accepts]: Start accepts. Automaton has 167 states and 211 transitions. Word has length 40 [2022-02-20 18:10:43,412 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:43,412 INFO L470 AbstractCegarLoop]: Abstraction has 167 states and 211 transitions. [2022-02-20 18:10:43,413 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.0) internal successors, (35), 5 states have internal predecessors, (35), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,413 INFO L276 IsEmpty]: Start isEmpty. Operand 167 states and 211 transitions. [2022-02-20 18:10:43,413 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 18:10:43,413 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:43,413 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:43,433 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Ended with exit code 0 [2022-02-20 18:10:43,640 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:43,640 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:43,640 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:43,640 INFO L85 PathProgramCache]: Analyzing trace with hash -1262990333, now seen corresponding path program 1 times [2022-02-20 18:10:43,640 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:43,640 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [72310398] [2022-02-20 18:10:43,641 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:43,641 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:43,641 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:43,642 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:43,643 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-02-20 18:10:43,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:43,683 INFO L263 TraceCheckSpWp]: Trace formula consists of 171 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:10:43,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:43,698 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:43,842 INFO L290 TraceCheckUtils]: 0: Hoare triple {6828#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,849 INFO L290 TraceCheckUtils]: 3: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,849 INFO L290 TraceCheckUtils]: 4: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,849 INFO L290 TraceCheckUtils]: 5: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,850 INFO L290 TraceCheckUtils]: 6: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,850 INFO L290 TraceCheckUtils]: 7: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume !false; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,851 INFO L290 TraceCheckUtils]: 8: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,853 INFO L290 TraceCheckUtils]: 9: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,853 INFO L290 TraceCheckUtils]: 10: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~5#1; {6833#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:43,855 INFO L272 TraceCheckUtils]: 11: Hoare triple {6833#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {6867#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:43,855 INFO L290 TraceCheckUtils]: 12: Hoare triple {6867#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {6871#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:43,866 INFO L290 TraceCheckUtils]: 13: Hoare triple {6871#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} assume true; {6871#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:43,866 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {6871#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} {6833#(= ~waterLevel~0 (_ bv1 32))} #217#return; {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,867 INFO L290 TraceCheckUtils]: 15: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,867 INFO L290 TraceCheckUtils]: 16: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,868 INFO L290 TraceCheckUtils]: 17: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,868 INFO L290 TraceCheckUtils]: 18: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,868 INFO L290 TraceCheckUtils]: 19: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1; {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,869 INFO L272 TraceCheckUtils]: 20: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,869 INFO L290 TraceCheckUtils]: 21: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,869 INFO L290 TraceCheckUtils]: 22: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,870 INFO L290 TraceCheckUtils]: 23: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:43,870 INFO L290 TraceCheckUtils]: 24: Hoare triple {6878#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {6829#false} is VALID [2022-02-20 18:10:43,870 INFO L290 TraceCheckUtils]: 25: Hoare triple {6829#false} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {6829#false} is VALID [2022-02-20 18:10:43,870 INFO L290 TraceCheckUtils]: 26: Hoare triple {6829#false} assume 0bv32 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {6829#false} is VALID [2022-02-20 18:10:43,870 INFO L290 TraceCheckUtils]: 27: Hoare triple {6829#false} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {6829#false} is VALID [2022-02-20 18:10:43,871 INFO L290 TraceCheckUtils]: 28: Hoare triple {6829#false} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {6829#false} is VALID [2022-02-20 18:10:43,871 INFO L290 TraceCheckUtils]: 29: Hoare triple {6829#false} assume !(0bv32 != processEnvironment_~tmp~6#1); {6829#false} is VALID [2022-02-20 18:10:43,871 INFO L272 TraceCheckUtils]: 30: Hoare triple {6829#false} call processEnvironment__wrappee__base(); {6829#false} is VALID [2022-02-20 18:10:43,872 INFO L290 TraceCheckUtils]: 31: Hoare triple {6829#false} assume true; {6829#false} is VALID [2022-02-20 18:10:43,872 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {6829#false} {6829#false} #209#return; {6829#false} is VALID [2022-02-20 18:10:43,872 INFO L290 TraceCheckUtils]: 33: Hoare triple {6829#false} assume { :end_inline_processEnvironment } true; {6829#false} is VALID [2022-02-20 18:10:43,872 INFO L290 TraceCheckUtils]: 34: Hoare triple {6829#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {6829#false} is VALID [2022-02-20 18:10:43,873 INFO L290 TraceCheckUtils]: 35: Hoare triple {6829#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {6829#false} is VALID [2022-02-20 18:10:43,873 INFO L290 TraceCheckUtils]: 36: Hoare triple {6829#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {6829#false} is VALID [2022-02-20 18:10:43,873 INFO L290 TraceCheckUtils]: 37: Hoare triple {6829#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {6829#false} is VALID [2022-02-20 18:10:43,873 INFO L290 TraceCheckUtils]: 38: Hoare triple {6829#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {6829#false} is VALID [2022-02-20 18:10:43,873 INFO L290 TraceCheckUtils]: 39: Hoare triple {6829#false} assume !false; {6829#false} is VALID [2022-02-20 18:10:43,874 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:43,875 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:43,875 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:43,875 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [72310398] [2022-02-20 18:10:43,875 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [72310398] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:43,875 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:43,875 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:43,875 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [40283123] [2022-02-20 18:10:43,876 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:43,877 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.833333333333333) internal successors, (35), 4 states have internal predecessors, (35), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 40 [2022-02-20 18:10:43,877 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:43,877 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.833333333333333) internal successors, (35), 4 states have internal predecessors, (35), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:43,925 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:43,925 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:43,925 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:43,925 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:43,925 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:43,926 INFO L87 Difference]: Start difference. First operand 167 states and 211 transitions. Second operand has 6 states, 6 states have (on average 5.833333333333333) internal successors, (35), 4 states have internal predecessors, (35), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:44,508 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:44,508 INFO L93 Difference]: Finished difference Result 500 states and 645 transitions. [2022-02-20 18:10:44,508 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:10:44,508 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.833333333333333) internal successors, (35), 4 states have internal predecessors, (35), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 40 [2022-02-20 18:10:44,509 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:44,509 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.833333333333333) internal successors, (35), 4 states have internal predecessors, (35), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:44,511 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 331 transitions. [2022-02-20 18:10:44,511 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.833333333333333) internal successors, (35), 4 states have internal predecessors, (35), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:44,514 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 331 transitions. [2022-02-20 18:10:44,514 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 331 transitions. [2022-02-20 18:10:44,748 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 331 edges. 331 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:44,757 INFO L225 Difference]: With dead ends: 500 [2022-02-20 18:10:44,758 INFO L226 Difference]: Without dead ends: 411 [2022-02-20 18:10:44,758 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 34 SyntacticMatches, 1 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:10:44,758 INFO L933 BasicCegarLoop]: 124 mSDtfsCounter, 213 mSDsluCounter, 310 mSDsCounter, 0 mSdLazyCounter, 151 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 219 SdHoareTripleChecker+Valid, 434 SdHoareTripleChecker+Invalid, 175 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 151 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:44,759 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [219 Valid, 434 Invalid, 175 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 151 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:44,759 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 411 states. [2022-02-20 18:10:44,774 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 411 to 394. [2022-02-20 18:10:44,774 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:44,775 INFO L82 GeneralOperation]: Start isEquivalent. First operand 411 states. Second operand has 394 states, 332 states have (on average 1.2650602409638554) internal successors, (420), 359 states have internal predecessors, (420), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,775 INFO L74 IsIncluded]: Start isIncluded. First operand 411 states. Second operand has 394 states, 332 states have (on average 1.2650602409638554) internal successors, (420), 359 states have internal predecessors, (420), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,776 INFO L87 Difference]: Start difference. First operand 411 states. Second operand has 394 states, 332 states have (on average 1.2650602409638554) internal successors, (420), 359 states have internal predecessors, (420), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,785 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:44,785 INFO L93 Difference]: Finished difference Result 411 states and 511 transitions. [2022-02-20 18:10:44,785 INFO L276 IsEmpty]: Start isEmpty. Operand 411 states and 511 transitions. [2022-02-20 18:10:44,786 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:44,786 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:44,786 INFO L74 IsIncluded]: Start isIncluded. First operand has 394 states, 332 states have (on average 1.2650602409638554) internal successors, (420), 359 states have internal predecessors, (420), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) Second operand 411 states. [2022-02-20 18:10:44,787 INFO L87 Difference]: Start difference. First operand has 394 states, 332 states have (on average 1.2650602409638554) internal successors, (420), 359 states have internal predecessors, (420), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) Second operand 411 states. [2022-02-20 18:10:44,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:44,796 INFO L93 Difference]: Finished difference Result 411 states and 511 transitions. [2022-02-20 18:10:44,796 INFO L276 IsEmpty]: Start isEmpty. Operand 411 states and 511 transitions. [2022-02-20 18:10:44,797 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:44,797 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:44,797 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:44,797 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:44,798 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 394 states, 332 states have (on average 1.2650602409638554) internal successors, (420), 359 states have internal predecessors, (420), 30 states have call successors, (30), 27 states have call predecessors, (30), 31 states have return successors, (46), 28 states have call predecessors, (46), 30 states have call successors, (46) [2022-02-20 18:10:44,807 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 394 states to 394 states and 496 transitions. [2022-02-20 18:10:44,808 INFO L78 Accepts]: Start accepts. Automaton has 394 states and 496 transitions. Word has length 40 [2022-02-20 18:10:44,808 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:44,808 INFO L470 AbstractCegarLoop]: Abstraction has 394 states and 496 transitions. [2022-02-20 18:10:44,808 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.833333333333333) internal successors, (35), 4 states have internal predecessors, (35), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:44,808 INFO L276 IsEmpty]: Start isEmpty. Operand 394 states and 496 transitions. [2022-02-20 18:10:44,808 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 18:10:44,808 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:44,809 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:44,827 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Ended with exit code 0 [2022-02-20 18:10:45,027 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:45,028 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:45,028 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:45,028 INFO L85 PathProgramCache]: Analyzing trace with hash 603754591, now seen corresponding path program 1 times [2022-02-20 18:10:45,028 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:45,028 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1866814903] [2022-02-20 18:10:45,028 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:45,029 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:45,029 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:45,029 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:45,031 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Waiting until timeout for monitored process [2022-02-20 18:10:45,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:45,073 INFO L263 TraceCheckSpWp]: Trace formula consists of 173 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:10:45,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:45,083 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:45,227 INFO L290 TraceCheckUtils]: 0: Hoare triple {9067#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,227 INFO L290 TraceCheckUtils]: 1: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,228 INFO L290 TraceCheckUtils]: 2: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,228 INFO L290 TraceCheckUtils]: 3: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,228 INFO L290 TraceCheckUtils]: 4: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,229 INFO L290 TraceCheckUtils]: 5: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,229 INFO L290 TraceCheckUtils]: 6: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,229 INFO L290 TraceCheckUtils]: 7: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !false; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,230 INFO L290 TraceCheckUtils]: 8: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,231 INFO L290 TraceCheckUtils]: 9: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,231 INFO L290 TraceCheckUtils]: 10: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != test_~tmp~5#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,231 INFO L272 TraceCheckUtils]: 11: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} call waterRise(); {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,232 INFO L290 TraceCheckUtils]: 12: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,232 INFO L290 TraceCheckUtils]: 13: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume true; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,233 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} #217#return; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,233 INFO L290 TraceCheckUtils]: 15: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,233 INFO L290 TraceCheckUtils]: 16: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp___0~1#1); {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,233 INFO L290 TraceCheckUtils]: 17: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,234 INFO L290 TraceCheckUtils]: 18: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,235 INFO L290 TraceCheckUtils]: 19: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != test_~tmp___1~0#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,235 INFO L272 TraceCheckUtils]: 20: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} call timeShift(); {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,235 INFO L290 TraceCheckUtils]: 21: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~pumpRunning~0); {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,236 INFO L290 TraceCheckUtils]: 22: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,236 INFO L290 TraceCheckUtils]: 23: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,236 INFO L290 TraceCheckUtils]: 24: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,237 INFO L290 TraceCheckUtils]: 25: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,237 INFO L290 TraceCheckUtils]: 26: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,237 INFO L290 TraceCheckUtils]: 27: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,238 INFO L290 TraceCheckUtils]: 28: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:10:45,238 INFO L290 TraceCheckUtils]: 29: Hoare triple {9072#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {9160#(= |timeShift_isMethaneLevelCritical_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:45,238 INFO L290 TraceCheckUtils]: 30: Hoare triple {9160#(= |timeShift_isMethaneLevelCritical_#res#1| (_ bv0 32))} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {9164#(= |timeShift_isMethaneAlarm_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:45,239 INFO L290 TraceCheckUtils]: 31: Hoare triple {9164#(= |timeShift_isMethaneAlarm_#res#1| (_ bv0 32))} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {9168#(= |timeShift_activatePump_~tmp~7#1| (_ bv0 32))} is VALID [2022-02-20 18:10:45,239 INFO L290 TraceCheckUtils]: 32: Hoare triple {9168#(= |timeShift_activatePump_~tmp~7#1| (_ bv0 32))} assume 0bv32 != activatePump_~tmp~7#1; {9068#false} is VALID [2022-02-20 18:10:45,239 INFO L290 TraceCheckUtils]: 33: Hoare triple {9068#false} assume { :end_inline_activatePump } true; {9068#false} is VALID [2022-02-20 18:10:45,239 INFO L290 TraceCheckUtils]: 34: Hoare triple {9068#false} assume { :end_inline_processEnvironment } true; {9068#false} is VALID [2022-02-20 18:10:45,240 INFO L290 TraceCheckUtils]: 35: Hoare triple {9068#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {9068#false} is VALID [2022-02-20 18:10:45,240 INFO L290 TraceCheckUtils]: 36: Hoare triple {9068#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {9068#false} is VALID [2022-02-20 18:10:45,240 INFO L290 TraceCheckUtils]: 37: Hoare triple {9068#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {9068#false} is VALID [2022-02-20 18:10:45,240 INFO L290 TraceCheckUtils]: 38: Hoare triple {9068#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {9068#false} is VALID [2022-02-20 18:10:45,240 INFO L290 TraceCheckUtils]: 39: Hoare triple {9068#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {9068#false} is VALID [2022-02-20 18:10:45,240 INFO L290 TraceCheckUtils]: 40: Hoare triple {9068#false} assume !false; {9068#false} is VALID [2022-02-20 18:10:45,240 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:45,240 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:45,241 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:45,241 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1866814903] [2022-02-20 18:10:45,241 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1866814903] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:45,241 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:45,241 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:45,241 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1935920069] [2022-02-20 18:10:45,241 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:45,242 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 18:10:45,242 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:45,242 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:45,274 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:45,275 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:45,275 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:45,275 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:45,275 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:45,275 INFO L87 Difference]: Start difference. First operand 394 states and 496 transitions. Second operand has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:45,652 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,652 INFO L93 Difference]: Finished difference Result 1203 states and 1547 transitions. [2022-02-20 18:10:45,652 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:10:45,653 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 18:10:45,653 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:45,653 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:45,654 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 230 transitions. [2022-02-20 18:10:45,655 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:45,656 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 230 transitions. [2022-02-20 18:10:45,656 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 230 transitions. [2022-02-20 18:10:45,807 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 230 edges. 230 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:45,840 INFO L225 Difference]: With dead ends: 1203 [2022-02-20 18:10:45,841 INFO L226 Difference]: Without dead ends: 816 [2022-02-20 18:10:45,841 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 36 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:10:45,842 INFO L933 BasicCegarLoop]: 81 mSDtfsCounter, 103 mSDsluCounter, 341 mSDsCounter, 0 mSdLazyCounter, 19 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 103 SdHoareTripleChecker+Valid, 422 SdHoareTripleChecker+Invalid, 22 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 19 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:45,842 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [103 Valid, 422 Invalid, 22 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 19 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:45,843 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 816 states. [2022-02-20 18:10:45,867 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 816 to 774. [2022-02-20 18:10:45,867 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:45,868 INFO L82 GeneralOperation]: Start isEquivalent. First operand 816 states. Second operand has 774 states, 652 states have (on average 1.25) internal successors, (815), 698 states have internal predecessors, (815), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,869 INFO L74 IsIncluded]: Start isIncluded. First operand 816 states. Second operand has 774 states, 652 states have (on average 1.25) internal successors, (815), 698 states have internal predecessors, (815), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,870 INFO L87 Difference]: Start difference. First operand 816 states. Second operand has 774 states, 652 states have (on average 1.25) internal successors, (815), 698 states have internal predecessors, (815), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,894 INFO L93 Difference]: Finished difference Result 816 states and 1024 transitions. [2022-02-20 18:10:45,894 INFO L276 IsEmpty]: Start isEmpty. Operand 816 states and 1024 transitions. [2022-02-20 18:10:45,895 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,896 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,897 INFO L74 IsIncluded]: Start isIncluded. First operand has 774 states, 652 states have (on average 1.25) internal successors, (815), 698 states have internal predecessors, (815), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 816 states. [2022-02-20 18:10:45,898 INFO L87 Difference]: Start difference. First operand has 774 states, 652 states have (on average 1.25) internal successors, (815), 698 states have internal predecessors, (815), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 816 states. [2022-02-20 18:10:45,922 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:45,922 INFO L93 Difference]: Finished difference Result 816 states and 1024 transitions. [2022-02-20 18:10:45,922 INFO L276 IsEmpty]: Start isEmpty. Operand 816 states and 1024 transitions. [2022-02-20 18:10:45,924 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:45,924 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:45,924 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:45,924 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:45,926 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 774 states, 652 states have (on average 1.25) internal successors, (815), 698 states have internal predecessors, (815), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:45,960 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 774 states to 774 states and 973 transitions. [2022-02-20 18:10:45,961 INFO L78 Accepts]: Start accepts. Automaton has 774 states and 973 transitions. Word has length 41 [2022-02-20 18:10:45,961 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:45,961 INFO L470 AbstractCegarLoop]: Abstraction has 774 states and 973 transitions. [2022-02-20 18:10:45,961 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.333333333333333) internal successors, (38), 5 states have internal predecessors, (38), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:45,961 INFO L276 IsEmpty]: Start isEmpty. Operand 774 states and 973 transitions. [2022-02-20 18:10:45,961 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:10:45,962 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:45,962 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:45,968 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:46,168 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:46,168 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:46,169 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:46,169 INFO L85 PathProgramCache]: Analyzing trace with hash -1587447976, now seen corresponding path program 1 times [2022-02-20 18:10:46,169 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:46,169 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1577950299] [2022-02-20 18:10:46,169 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:46,170 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:46,170 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:46,171 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:46,172 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Waiting until timeout for monitored process [2022-02-20 18:10:46,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:46,213 INFO L263 TraceCheckSpWp]: Trace formula consists of 175 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:10:46,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:46,223 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:46,392 INFO L290 TraceCheckUtils]: 0: Hoare triple {13679#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,392 INFO L290 TraceCheckUtils]: 1: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,392 INFO L290 TraceCheckUtils]: 2: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,393 INFO L290 TraceCheckUtils]: 3: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,393 INFO L290 TraceCheckUtils]: 4: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,393 INFO L290 TraceCheckUtils]: 5: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,394 INFO L290 TraceCheckUtils]: 6: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,394 INFO L290 TraceCheckUtils]: 7: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume !false; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,394 INFO L290 TraceCheckUtils]: 8: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,395 INFO L290 TraceCheckUtils]: 9: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,395 INFO L290 TraceCheckUtils]: 10: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~5#1; {13684#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:46,397 INFO L272 TraceCheckUtils]: 11: Hoare triple {13684#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {13718#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:46,398 INFO L290 TraceCheckUtils]: 12: Hoare triple {13718#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {13722#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:46,405 INFO L290 TraceCheckUtils]: 13: Hoare triple {13722#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} assume true; {13722#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:46,406 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {13722#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) |old(~waterLevel~0)|)} {13684#(= ~waterLevel~0 (_ bv1 32))} #217#return; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,406 INFO L290 TraceCheckUtils]: 15: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,407 INFO L290 TraceCheckUtils]: 16: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,407 INFO L290 TraceCheckUtils]: 17: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,408 INFO L290 TraceCheckUtils]: 18: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,408 INFO L290 TraceCheckUtils]: 19: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,408 INFO L272 TraceCheckUtils]: 20: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,409 INFO L290 TraceCheckUtils]: 21: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,409 INFO L290 TraceCheckUtils]: 22: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,409 INFO L290 TraceCheckUtils]: 23: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,410 INFO L290 TraceCheckUtils]: 24: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,410 INFO L290 TraceCheckUtils]: 25: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,410 INFO L290 TraceCheckUtils]: 26: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,411 INFO L290 TraceCheckUtils]: 27: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,411 INFO L290 TraceCheckUtils]: 28: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,411 INFO L290 TraceCheckUtils]: 29: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,412 INFO L290 TraceCheckUtils]: 30: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,412 INFO L290 TraceCheckUtils]: 31: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,413 INFO L290 TraceCheckUtils]: 32: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,413 INFO L290 TraceCheckUtils]: 33: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,413 INFO L290 TraceCheckUtils]: 34: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :end_inline_activatePump } true; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,414 INFO L290 TraceCheckUtils]: 35: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :end_inline_processEnvironment } true; {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:46,414 INFO L290 TraceCheckUtils]: 36: Hoare triple {13729#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {13796#(= |timeShift_getWaterLevel_#res#1| (_ bv2 32))} is VALID [2022-02-20 18:10:46,414 INFO L290 TraceCheckUtils]: 37: Hoare triple {13796#(= |timeShift_getWaterLevel_#res#1| (_ bv2 32))} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {13800#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv2 32))} is VALID [2022-02-20 18:10:46,415 INFO L290 TraceCheckUtils]: 38: Hoare triple {13800#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv2 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {13680#false} is VALID [2022-02-20 18:10:46,415 INFO L290 TraceCheckUtils]: 39: Hoare triple {13680#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {13680#false} is VALID [2022-02-20 18:10:46,415 INFO L290 TraceCheckUtils]: 40: Hoare triple {13680#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {13680#false} is VALID [2022-02-20 18:10:46,415 INFO L290 TraceCheckUtils]: 41: Hoare triple {13680#false} assume !false; {13680#false} is VALID [2022-02-20 18:10:46,415 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:46,415 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:46,415 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:46,415 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1577950299] [2022-02-20 18:10:46,415 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1577950299] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:46,416 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:46,416 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:46,416 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [927334460] [2022-02-20 18:10:46,416 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:46,416 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.875) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 42 [2022-02-20 18:10:46,416 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:46,416 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 4.875) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:46,463 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:46,463 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:10:46,464 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:46,464 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:10:46,464 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:46,464 INFO L87 Difference]: Start difference. First operand 774 states and 973 transitions. Second operand has 8 states, 8 states have (on average 4.875) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,403 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,404 INFO L93 Difference]: Finished difference Result 1418 states and 1781 transitions. [2022-02-20 18:10:47,404 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:47,404 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.875) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 42 [2022-02-20 18:10:47,404 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:47,405 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.875) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,407 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 317 transitions. [2022-02-20 18:10:47,407 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.875) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,409 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 317 transitions. [2022-02-20 18:10:47,409 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 317 transitions. [2022-02-20 18:10:47,638 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 317 edges. 317 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:47,671 INFO L225 Difference]: With dead ends: 1418 [2022-02-20 18:10:47,671 INFO L226 Difference]: Without dead ends: 782 [2022-02-20 18:10:47,672 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 34 SyntacticMatches, 1 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=39, Invalid=117, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:10:47,673 INFO L933 BasicCegarLoop]: 127 mSDtfsCounter, 198 mSDsluCounter, 539 mSDsCounter, 0 mSdLazyCounter, 223 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 204 SdHoareTripleChecker+Valid, 666 SdHoareTripleChecker+Invalid, 242 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 223 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:47,673 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [204 Valid, 666 Invalid, 242 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 223 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:47,674 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 782 states. [2022-02-20 18:10:47,695 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 782 to 768. [2022-02-20 18:10:47,696 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:47,697 INFO L82 GeneralOperation]: Start isEquivalent. First operand 782 states. Second operand has 768 states, 646 states have (on average 1.243034055727554) internal successors, (803), 692 states have internal predecessors, (803), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:47,698 INFO L74 IsIncluded]: Start isIncluded. First operand 782 states. Second operand has 768 states, 646 states have (on average 1.243034055727554) internal successors, (803), 692 states have internal predecessors, (803), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:47,699 INFO L87 Difference]: Start difference. First operand 782 states. Second operand has 768 states, 646 states have (on average 1.243034055727554) internal successors, (803), 692 states have internal predecessors, (803), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:47,721 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,721 INFO L93 Difference]: Finished difference Result 782 states and 972 transitions. [2022-02-20 18:10:47,721 INFO L276 IsEmpty]: Start isEmpty. Operand 782 states and 972 transitions. [2022-02-20 18:10:47,723 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:47,723 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:47,724 INFO L74 IsIncluded]: Start isIncluded. First operand has 768 states, 646 states have (on average 1.243034055727554) internal successors, (803), 692 states have internal predecessors, (803), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 782 states. [2022-02-20 18:10:47,725 INFO L87 Difference]: Start difference. First operand has 768 states, 646 states have (on average 1.243034055727554) internal successors, (803), 692 states have internal predecessors, (803), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 782 states. [2022-02-20 18:10:47,747 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:47,747 INFO L93 Difference]: Finished difference Result 782 states and 972 transitions. [2022-02-20 18:10:47,747 INFO L276 IsEmpty]: Start isEmpty. Operand 782 states and 972 transitions. [2022-02-20 18:10:47,749 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:47,749 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:47,749 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:47,749 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:47,750 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 768 states, 646 states have (on average 1.243034055727554) internal successors, (803), 692 states have internal predecessors, (803), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:47,777 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 768 states to 768 states and 961 transitions. [2022-02-20 18:10:47,777 INFO L78 Accepts]: Start accepts. Automaton has 768 states and 961 transitions. Word has length 42 [2022-02-20 18:10:47,778 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:47,778 INFO L470 AbstractCegarLoop]: Abstraction has 768 states and 961 transitions. [2022-02-20 18:10:47,778 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 4.875) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:47,778 INFO L276 IsEmpty]: Start isEmpty. Operand 768 states and 961 transitions. [2022-02-20 18:10:47,779 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2022-02-20 18:10:47,779 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:47,779 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:47,789 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:47,986 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,986 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:47,987 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:47,987 INFO L85 PathProgramCache]: Analyzing trace with hash -260678510, now seen corresponding path program 1 times [2022-02-20 18:10:47,987 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:47,987 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [388740447] [2022-02-20 18:10:47,987 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:47,988 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:47,988 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:47,989 INFO L229 MonitoredProcess]: Starting monitored process 13 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:48,032 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Waiting until timeout for monitored process [2022-02-20 18:10:48,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:48,085 INFO L263 TraceCheckSpWp]: Trace formula consists of 202 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 18:10:48,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:48,096 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 0: Hoare triple {18530#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {18530#true} is VALID [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 1: Hoare triple {18530#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {18530#true} is VALID [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 2: Hoare triple {18530#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18530#true} is VALID [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 3: Hoare triple {18530#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {18530#true} is VALID [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 4: Hoare triple {18530#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {18530#true} is VALID [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 5: Hoare triple {18530#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {18530#true} is VALID [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 6: Hoare triple {18530#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {18530#true} is VALID [2022-02-20 18:10:48,224 INFO L290 TraceCheckUtils]: 7: Hoare triple {18530#true} assume !false; {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 8: Hoare triple {18530#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 9: Hoare triple {18530#true} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 10: Hoare triple {18530#true} assume !(0bv32 != test_~tmp~5#1); {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 11: Hoare triple {18530#true} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 12: Hoare triple {18530#true} assume !(0bv32 != test_~tmp___0~1#1); {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 13: Hoare triple {18530#true} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 14: Hoare triple {18530#true} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {18530#true} is VALID [2022-02-20 18:10:48,225 INFO L290 TraceCheckUtils]: 15: Hoare triple {18530#true} assume 0bv32 != test_~tmp___1~0#1; {18530#true} is VALID [2022-02-20 18:10:48,226 INFO L272 TraceCheckUtils]: 16: Hoare triple {18530#true} call timeShift(); {18530#true} is VALID [2022-02-20 18:10:48,226 INFO L290 TraceCheckUtils]: 17: Hoare triple {18530#true} assume !(0bv32 != ~pumpRunning~0); {18530#true} is VALID [2022-02-20 18:10:48,226 INFO L290 TraceCheckUtils]: 18: Hoare triple {18530#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {18530#true} is VALID [2022-02-20 18:10:48,226 INFO L290 TraceCheckUtils]: 19: Hoare triple {18530#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {18530#true} is VALID [2022-02-20 18:10:48,226 INFO L290 TraceCheckUtils]: 20: Hoare triple {18530#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {18530#true} is VALID [2022-02-20 18:10:48,226 INFO L290 TraceCheckUtils]: 21: Hoare triple {18530#true} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {18530#true} is VALID [2022-02-20 18:10:48,228 INFO L290 TraceCheckUtils]: 22: Hoare triple {18530#true} assume 0bv32 != isHighWaterLevel_~tmp~8#1;isHighWaterLevel_~tmp___0~2#1 := 0bv32; {18601#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} is VALID [2022-02-20 18:10:48,229 INFO L290 TraceCheckUtils]: 23: Hoare triple {18601#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~2#1|)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {18605#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:10:48,229 INFO L290 TraceCheckUtils]: 24: Hoare triple {18605#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {18609#(= |timeShift_processEnvironment_~tmp~6#1| (_ bv0 32))} is VALID [2022-02-20 18:10:48,229 INFO L290 TraceCheckUtils]: 25: Hoare triple {18609#(= |timeShift_processEnvironment_~tmp~6#1| (_ bv0 32))} assume 0bv32 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {18531#false} is VALID [2022-02-20 18:10:48,229 INFO L290 TraceCheckUtils]: 26: Hoare triple {18531#false} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {18531#false} is VALID [2022-02-20 18:10:48,229 INFO L290 TraceCheckUtils]: 27: Hoare triple {18531#false} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {18531#false} is VALID [2022-02-20 18:10:48,229 INFO L290 TraceCheckUtils]: 28: Hoare triple {18531#false} assume !(0bv32 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 29: Hoare triple {18531#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 30: Hoare triple {18531#false} assume { :end_inline_activatePump } true; {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 31: Hoare triple {18531#false} assume { :end_inline_processEnvironment } true; {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 32: Hoare triple {18531#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 33: Hoare triple {18531#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 34: Hoare triple {18531#false} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1); {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 35: Hoare triple {18531#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {18531#false} is VALID [2022-02-20 18:10:48,230 INFO L290 TraceCheckUtils]: 36: Hoare triple {18531#false} assume true; {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18531#false} {18530#true} #221#return; {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L290 TraceCheckUtils]: 38: Hoare triple {18531#false} assume !false; {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L290 TraceCheckUtils]: 39: Hoare triple {18531#false} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L290 TraceCheckUtils]: 40: Hoare triple {18531#false} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L290 TraceCheckUtils]: 41: Hoare triple {18531#false} assume !(0bv32 != test_~tmp~5#1); {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L290 TraceCheckUtils]: 42: Hoare triple {18531#false} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L290 TraceCheckUtils]: 43: Hoare triple {18531#false} assume !(0bv32 != test_~tmp___0~1#1); {18531#false} is VALID [2022-02-20 18:10:48,231 INFO L290 TraceCheckUtils]: 44: Hoare triple {18531#false} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L290 TraceCheckUtils]: 45: Hoare triple {18531#false} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L290 TraceCheckUtils]: 46: Hoare triple {18531#false} assume 0bv32 != test_~tmp___1~0#1; {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L272 TraceCheckUtils]: 47: Hoare triple {18531#false} call timeShift(); {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L290 TraceCheckUtils]: 48: Hoare triple {18531#false} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L290 TraceCheckUtils]: 49: Hoare triple {18531#false} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L290 TraceCheckUtils]: 50: Hoare triple {18531#false} assume { :end_inline_lowerWaterLevel } true; {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L290 TraceCheckUtils]: 51: Hoare triple {18531#false} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {18531#false} is VALID [2022-02-20 18:10:48,232 INFO L290 TraceCheckUtils]: 52: Hoare triple {18531#false} assume !(0bv32 == ~pumpRunning~0); {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L272 TraceCheckUtils]: 53: Hoare triple {18531#false} call processEnvironment__wrappee__base(); {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L290 TraceCheckUtils]: 54: Hoare triple {18531#false} assume true; {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {18531#false} {18531#false} #211#return; {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L290 TraceCheckUtils]: 56: Hoare triple {18531#false} assume { :end_inline_processEnvironment } true; {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L290 TraceCheckUtils]: 57: Hoare triple {18531#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L290 TraceCheckUtils]: 58: Hoare triple {18531#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L290 TraceCheckUtils]: 59: Hoare triple {18531#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {18531#false} is VALID [2022-02-20 18:10:48,233 INFO L290 TraceCheckUtils]: 60: Hoare triple {18531#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {18531#false} is VALID [2022-02-20 18:10:48,234 INFO L290 TraceCheckUtils]: 61: Hoare triple {18531#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {18531#false} is VALID [2022-02-20 18:10:48,234 INFO L290 TraceCheckUtils]: 62: Hoare triple {18531#false} assume !false; {18531#false} is VALID [2022-02-20 18:10:48,234 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:48,234 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:48,234 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:48,234 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [388740447] [2022-02-20 18:10:48,234 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [388740447] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:48,235 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:48,235 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:48,235 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1536584979] [2022-02-20 18:10:48,239 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:48,240 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 11.0) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:48,240 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:48,240 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 11.0) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:48,278 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 60 edges. 60 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:48,278 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:48,279 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:48,279 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:48,279 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:48,280 INFO L87 Difference]: Start difference. First operand 768 states and 961 transitions. Second operand has 5 states, 5 states have (on average 11.0) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:48,576 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:48,577 INFO L93 Difference]: Finished difference Result 1574 states and 2002 transitions. [2022-02-20 18:10:48,577 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:48,577 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 11.0) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:48,577 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:48,577 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 11.0) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:48,579 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 153 transitions. [2022-02-20 18:10:48,579 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 11.0) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:48,580 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 153 transitions. [2022-02-20 18:10:48,580 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 153 transitions. [2022-02-20 18:10:48,678 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 153 edges. 153 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:48,710 INFO L225 Difference]: With dead ends: 1574 [2022-02-20 18:10:48,710 INFO L226 Difference]: Without dead ends: 813 [2022-02-20 18:10:48,712 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 59 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:48,713 INFO L933 BasicCegarLoop]: 74 mSDtfsCounter, 39 mSDsluCounter, 199 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 273 SdHoareTripleChecker+Invalid, 16 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:48,714 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [39 Valid, 273 Invalid, 16 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:48,714 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 813 states. [2022-02-20 18:10:48,749 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 813 to 768. [2022-02-20 18:10:48,749 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:48,750 INFO L82 GeneralOperation]: Start isEquivalent. First operand 813 states. Second operand has 768 states, 646 states have (on average 1.2275541795665634) internal successors, (793), 692 states have internal predecessors, (793), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:48,751 INFO L74 IsIncluded]: Start isIncluded. First operand 813 states. Second operand has 768 states, 646 states have (on average 1.2275541795665634) internal successors, (793), 692 states have internal predecessors, (793), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:48,752 INFO L87 Difference]: Start difference. First operand 813 states. Second operand has 768 states, 646 states have (on average 1.2275541795665634) internal successors, (793), 692 states have internal predecessors, (793), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:48,774 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:48,774 INFO L93 Difference]: Finished difference Result 813 states and 1008 transitions. [2022-02-20 18:10:48,774 INFO L276 IsEmpty]: Start isEmpty. Operand 813 states and 1008 transitions. [2022-02-20 18:10:48,777 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:48,777 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:48,778 INFO L74 IsIncluded]: Start isIncluded. First operand has 768 states, 646 states have (on average 1.2275541795665634) internal successors, (793), 692 states have internal predecessors, (793), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 813 states. [2022-02-20 18:10:48,779 INFO L87 Difference]: Start difference. First operand has 768 states, 646 states have (on average 1.2275541795665634) internal successors, (793), 692 states have internal predecessors, (793), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) Second operand 813 states. [2022-02-20 18:10:48,803 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:48,803 INFO L93 Difference]: Finished difference Result 813 states and 1008 transitions. [2022-02-20 18:10:48,803 INFO L276 IsEmpty]: Start isEmpty. Operand 813 states and 1008 transitions. [2022-02-20 18:10:48,805 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:48,805 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:48,805 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:48,805 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:48,806 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 768 states, 646 states have (on average 1.2275541795665634) internal successors, (793), 692 states have internal predecessors, (793), 59 states have call successors, (59), 53 states have call predecessors, (59), 62 states have return successors, (99), 55 states have call predecessors, (99), 59 states have call successors, (99) [2022-02-20 18:10:48,833 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 768 states to 768 states and 951 transitions. [2022-02-20 18:10:48,834 INFO L78 Accepts]: Start accepts. Automaton has 768 states and 951 transitions. Word has length 63 [2022-02-20 18:10:48,834 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:48,835 INFO L470 AbstractCegarLoop]: Abstraction has 768 states and 951 transitions. [2022-02-20 18:10:48,835 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 11.0) internal successors, (55), 5 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:48,835 INFO L276 IsEmpty]: Start isEmpty. Operand 768 states and 951 transitions. [2022-02-20 18:10:48,836 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2022-02-20 18:10:48,836 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:48,836 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:48,843 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:49,042 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 13 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:49,043 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:49,043 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:49,043 INFO L85 PathProgramCache]: Analyzing trace with hash 162968212, now seen corresponding path program 1 times [2022-02-20 18:10:49,044 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:49,044 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [724454989] [2022-02-20 18:10:49,044 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:49,044 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:49,044 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:49,045 INFO L229 MonitoredProcess]: Starting monitored process 14 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:49,045 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (14)] Waiting until timeout for monitored process [2022-02-20 18:10:49,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:49,090 INFO L263 TraceCheckSpWp]: Trace formula consists of 202 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:10:49,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:49,098 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:49,182 INFO L290 TraceCheckUtils]: 0: Hoare triple {23724#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {23724#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 2: Hoare triple {23724#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 3: Hoare triple {23724#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 4: Hoare triple {23724#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 5: Hoare triple {23724#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 6: Hoare triple {23724#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 7: Hoare triple {23724#true} assume !false; {23724#true} is VALID [2022-02-20 18:10:49,183 INFO L290 TraceCheckUtils]: 8: Hoare triple {23724#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L290 TraceCheckUtils]: 9: Hoare triple {23724#true} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L290 TraceCheckUtils]: 10: Hoare triple {23724#true} assume !(0bv32 != test_~tmp~5#1); {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L290 TraceCheckUtils]: 11: Hoare triple {23724#true} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L290 TraceCheckUtils]: 12: Hoare triple {23724#true} assume !(0bv32 != test_~tmp___0~1#1); {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L290 TraceCheckUtils]: 13: Hoare triple {23724#true} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L290 TraceCheckUtils]: 14: Hoare triple {23724#true} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L290 TraceCheckUtils]: 15: Hoare triple {23724#true} assume 0bv32 != test_~tmp___1~0#1; {23724#true} is VALID [2022-02-20 18:10:49,184 INFO L272 TraceCheckUtils]: 16: Hoare triple {23724#true} call timeShift(); {23724#true} is VALID [2022-02-20 18:10:49,185 INFO L290 TraceCheckUtils]: 17: Hoare triple {23724#true} assume !(0bv32 != ~pumpRunning~0); {23724#true} is VALID [2022-02-20 18:10:49,185 INFO L290 TraceCheckUtils]: 18: Hoare triple {23724#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {23724#true} is VALID [2022-02-20 18:10:49,185 INFO L290 TraceCheckUtils]: 19: Hoare triple {23724#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {23724#true} is VALID [2022-02-20 18:10:49,185 INFO L290 TraceCheckUtils]: 20: Hoare triple {23724#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {23789#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} is VALID [2022-02-20 18:10:49,186 INFO L290 TraceCheckUtils]: 21: Hoare triple {23789#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {23793#(= |timeShift_isHighWaterLevel_~tmp~8#1| (_ bv1 32))} is VALID [2022-02-20 18:10:49,186 INFO L290 TraceCheckUtils]: 22: Hoare triple {23793#(= |timeShift_isHighWaterLevel_~tmp~8#1| (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {23725#false} is VALID [2022-02-20 18:10:49,186 INFO L290 TraceCheckUtils]: 23: Hoare triple {23725#false} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {23725#false} is VALID [2022-02-20 18:10:49,186 INFO L290 TraceCheckUtils]: 24: Hoare triple {23725#false} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {23725#false} is VALID [2022-02-20 18:10:49,186 INFO L290 TraceCheckUtils]: 25: Hoare triple {23725#false} assume 0bv32 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {23725#false} is VALID [2022-02-20 18:10:49,186 INFO L290 TraceCheckUtils]: 26: Hoare triple {23725#false} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 27: Hoare triple {23725#false} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 28: Hoare triple {23725#false} assume !(0bv32 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 29: Hoare triple {23725#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 30: Hoare triple {23725#false} assume { :end_inline_activatePump } true; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 31: Hoare triple {23725#false} assume { :end_inline_processEnvironment } true; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 32: Hoare triple {23725#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 33: Hoare triple {23725#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {23725#false} is VALID [2022-02-20 18:10:49,187 INFO L290 TraceCheckUtils]: 34: Hoare triple {23725#false} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1); {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L290 TraceCheckUtils]: 35: Hoare triple {23725#false} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L290 TraceCheckUtils]: 36: Hoare triple {23725#false} assume true; {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {23725#false} {23724#true} #221#return; {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L290 TraceCheckUtils]: 38: Hoare triple {23725#false} assume !false; {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L290 TraceCheckUtils]: 39: Hoare triple {23725#false} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L290 TraceCheckUtils]: 40: Hoare triple {23725#false} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L290 TraceCheckUtils]: 41: Hoare triple {23725#false} assume !(0bv32 != test_~tmp~5#1); {23725#false} is VALID [2022-02-20 18:10:49,188 INFO L290 TraceCheckUtils]: 42: Hoare triple {23725#false} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 43: Hoare triple {23725#false} assume !(0bv32 != test_~tmp___0~1#1); {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 44: Hoare triple {23725#false} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 45: Hoare triple {23725#false} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 46: Hoare triple {23725#false} assume 0bv32 != test_~tmp___1~0#1; {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L272 TraceCheckUtils]: 47: Hoare triple {23725#false} call timeShift(); {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 48: Hoare triple {23725#false} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 49: Hoare triple {23725#false} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 50: Hoare triple {23725#false} assume { :end_inline_lowerWaterLevel } true; {23725#false} is VALID [2022-02-20 18:10:49,189 INFO L290 TraceCheckUtils]: 51: Hoare triple {23725#false} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L290 TraceCheckUtils]: 52: Hoare triple {23725#false} assume !(0bv32 == ~pumpRunning~0); {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L272 TraceCheckUtils]: 53: Hoare triple {23725#false} call processEnvironment__wrappee__base(); {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L290 TraceCheckUtils]: 54: Hoare triple {23725#false} assume true; {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {23725#false} {23725#false} #211#return; {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L290 TraceCheckUtils]: 56: Hoare triple {23725#false} assume { :end_inline_processEnvironment } true; {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L290 TraceCheckUtils]: 57: Hoare triple {23725#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L290 TraceCheckUtils]: 58: Hoare triple {23725#false} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {23725#false} is VALID [2022-02-20 18:10:49,190 INFO L290 TraceCheckUtils]: 59: Hoare triple {23725#false} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {23725#false} is VALID [2022-02-20 18:10:49,191 INFO L290 TraceCheckUtils]: 60: Hoare triple {23725#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {23725#false} is VALID [2022-02-20 18:10:49,191 INFO L290 TraceCheckUtils]: 61: Hoare triple {23725#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {23725#false} is VALID [2022-02-20 18:10:49,191 INFO L290 TraceCheckUtils]: 62: Hoare triple {23725#false} assume !false; {23725#false} is VALID [2022-02-20 18:10:49,191 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-02-20 18:10:49,191 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:10:49,192 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:49,192 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [724454989] [2022-02-20 18:10:49,192 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [724454989] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:49,192 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:49,192 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:49,192 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1603471672] [2022-02-20 18:10:49,192 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:49,193 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 13.75) internal successors, (55), 4 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:49,193 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:49,193 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 13.75) internal successors, (55), 4 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:49,226 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 60 edges. 60 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:49,226 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:10:49,226 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:49,227 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:10:49,227 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:10:49,227 INFO L87 Difference]: Start difference. First operand 768 states and 951 transitions. Second operand has 4 states, 4 states have (on average 13.75) internal successors, (55), 4 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:49,449 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:49,450 INFO L93 Difference]: Finished difference Result 1434 states and 1800 transitions. [2022-02-20 18:10:49,450 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:10:49,450 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 13.75) internal successors, (55), 4 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 63 [2022-02-20 18:10:49,450 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:49,450 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 13.75) internal successors, (55), 4 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:49,452 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 154 transitions. [2022-02-20 18:10:49,452 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 13.75) internal successors, (55), 4 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:49,453 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 154 transitions. [2022-02-20 18:10:49,453 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 154 transitions. [2022-02-20 18:10:49,540 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 154 edges. 154 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:49,567 INFO L225 Difference]: With dead ends: 1434 [2022-02-20 18:10:49,568 INFO L226 Difference]: Without dead ends: 673 [2022-02-20 18:10:49,569 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 60 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:49,570 INFO L933 BasicCegarLoop]: 75 mSDtfsCounter, 31 mSDsluCounter, 131 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 31 SdHoareTripleChecker+Valid, 206 SdHoareTripleChecker+Invalid, 10 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:49,570 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [31 Valid, 206 Invalid, 10 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:49,571 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 673 states. [2022-02-20 18:10:49,592 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 673 to 653. [2022-02-20 18:10:49,592 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:49,593 INFO L82 GeneralOperation]: Start isEquivalent. First operand 673 states. Second operand has 653 states, 541 states have (on average 1.21996303142329) internal successors, (660), 578 states have internal predecessors, (660), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:49,593 INFO L74 IsIncluded]: Start isIncluded. First operand 673 states. Second operand has 653 states, 541 states have (on average 1.21996303142329) internal successors, (660), 578 states have internal predecessors, (660), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:49,594 INFO L87 Difference]: Start difference. First operand 673 states. Second operand has 653 states, 541 states have (on average 1.21996303142329) internal successors, (660), 578 states have internal predecessors, (660), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:49,609 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:49,609 INFO L93 Difference]: Finished difference Result 673 states and 822 transitions. [2022-02-20 18:10:49,609 INFO L276 IsEmpty]: Start isEmpty. Operand 673 states and 822 transitions. [2022-02-20 18:10:49,610 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:49,610 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:49,611 INFO L74 IsIncluded]: Start isIncluded. First operand has 653 states, 541 states have (on average 1.21996303142329) internal successors, (660), 578 states have internal predecessors, (660), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) Second operand 673 states. [2022-02-20 18:10:49,612 INFO L87 Difference]: Start difference. First operand has 653 states, 541 states have (on average 1.21996303142329) internal successors, (660), 578 states have internal predecessors, (660), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) Second operand 673 states. [2022-02-20 18:10:49,627 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:49,627 INFO L93 Difference]: Finished difference Result 673 states and 822 transitions. [2022-02-20 18:10:49,627 INFO L276 IsEmpty]: Start isEmpty. Operand 673 states and 822 transitions. [2022-02-20 18:10:49,628 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:49,628 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:49,629 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:49,629 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:49,630 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 653 states, 541 states have (on average 1.21996303142329) internal successors, (660), 578 states have internal predecessors, (660), 55 states have call successors, (55), 49 states have call predecessors, (55), 56 states have return successors, (82), 51 states have call predecessors, (82), 55 states have call successors, (82) [2022-02-20 18:10:49,649 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 653 states to 653 states and 797 transitions. [2022-02-20 18:10:49,650 INFO L78 Accepts]: Start accepts. Automaton has 653 states and 797 transitions. Word has length 63 [2022-02-20 18:10:49,650 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:49,650 INFO L470 AbstractCegarLoop]: Abstraction has 653 states and 797 transitions. [2022-02-20 18:10:49,650 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 13.75) internal successors, (55), 4 states have internal predecessors, (55), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:49,651 INFO L276 IsEmpty]: Start isEmpty. Operand 653 states and 797 transitions. [2022-02-20 18:10:49,651 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 68 [2022-02-20 18:10:49,651 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:49,652 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:49,660 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (14)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:49,858 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:49,859 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:49,859 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:49,859 INFO L85 PathProgramCache]: Analyzing trace with hash 78012080, now seen corresponding path program 1 times [2022-02-20 18:10:49,859 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:49,860 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [764662283] [2022-02-20 18:10:49,860 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:49,860 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:49,860 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:49,861 INFO L229 MonitoredProcess]: Starting monitored process 15 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:49,863 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (15)] Waiting until timeout for monitored process [2022-02-20 18:10:49,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:49,911 INFO L263 TraceCheckSpWp]: Trace formula consists of 209 conjuncts, 13 conjunts are in the unsatisfiable core [2022-02-20 18:10:49,921 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:49,922 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:50,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {28251#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,159 INFO L290 TraceCheckUtils]: 3: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,160 INFO L290 TraceCheckUtils]: 4: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,160 INFO L290 TraceCheckUtils]: 5: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,160 INFO L290 TraceCheckUtils]: 6: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,160 INFO L290 TraceCheckUtils]: 7: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume !false; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,162 INFO L290 TraceCheckUtils]: 8: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,162 INFO L290 TraceCheckUtils]: 9: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,162 INFO L290 TraceCheckUtils]: 10: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp~5#1; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,163 INFO L272 TraceCheckUtils]: 11: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} call waterRise(); {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,163 INFO L290 TraceCheckUtils]: 12: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {28294#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:50,170 INFO L290 TraceCheckUtils]: 13: Hoare triple {28294#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} assume true; {28294#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:50,171 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {28294#(= ~waterLevel~0 (bvadd (_ bv1 32) |old(~waterLevel~0)|))} {28256#(= ~waterLevel~0 (_ bv1 32))} #217#return; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,171 INFO L290 TraceCheckUtils]: 15: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,172 INFO L290 TraceCheckUtils]: 16: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,172 INFO L290 TraceCheckUtils]: 17: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,172 INFO L290 TraceCheckUtils]: 18: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,173 INFO L290 TraceCheckUtils]: 19: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,173 INFO L272 TraceCheckUtils]: 20: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,173 INFO L290 TraceCheckUtils]: 21: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != ~pumpRunning~0); {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,173 INFO L290 TraceCheckUtils]: 22: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,174 INFO L290 TraceCheckUtils]: 23: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,174 INFO L290 TraceCheckUtils]: 24: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,174 INFO L290 TraceCheckUtils]: 25: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,175 INFO L290 TraceCheckUtils]: 26: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,175 INFO L290 TraceCheckUtils]: 27: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,175 INFO L290 TraceCheckUtils]: 28: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,176 INFO L290 TraceCheckUtils]: 29: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume 0bv32 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,176 INFO L290 TraceCheckUtils]: 30: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,176 INFO L290 TraceCheckUtils]: 31: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,177 INFO L290 TraceCheckUtils]: 32: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,177 INFO L290 TraceCheckUtils]: 33: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,177 INFO L290 TraceCheckUtils]: 34: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_activatePump } true; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,177 INFO L290 TraceCheckUtils]: 35: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline_processEnvironment } true; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,178 INFO L290 TraceCheckUtils]: 36: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,178 INFO L290 TraceCheckUtils]: 37: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,178 INFO L290 TraceCheckUtils]: 38: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1); {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,179 INFO L290 TraceCheckUtils]: 39: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,179 INFO L290 TraceCheckUtils]: 40: Hoare triple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} assume true; {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} is VALID [2022-02-20 18:10:50,179 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {28290#(= ~waterLevel~0 |old(~waterLevel~0)|)} {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} #221#return; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,180 INFO L290 TraceCheckUtils]: 42: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !false; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,180 INFO L290 TraceCheckUtils]: 43: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,180 INFO L290 TraceCheckUtils]: 44: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,181 INFO L290 TraceCheckUtils]: 45: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp~5#1); {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,181 INFO L290 TraceCheckUtils]: 46: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,181 INFO L290 TraceCheckUtils]: 47: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___0~1#1); {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,181 INFO L290 TraceCheckUtils]: 48: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,182 INFO L290 TraceCheckUtils]: 49: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,182 INFO L290 TraceCheckUtils]: 50: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != test_~tmp___1~0#1; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,182 INFO L272 TraceCheckUtils]: 51: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} call timeShift(); {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,183 INFO L290 TraceCheckUtils]: 52: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} is VALID [2022-02-20 18:10:50,183 INFO L290 TraceCheckUtils]: 53: Hoare triple {28301#(= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv1 32))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,183 INFO L290 TraceCheckUtils]: 54: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_lowerWaterLevel } true; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,184 INFO L290 TraceCheckUtils]: 55: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,184 INFO L290 TraceCheckUtils]: 56: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 == ~pumpRunning~0); {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,184 INFO L272 TraceCheckUtils]: 57: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} call processEnvironment__wrappee__base(); {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,184 INFO L290 TraceCheckUtils]: 58: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume true; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,185 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {28256#(= ~waterLevel~0 (_ bv1 32))} {28256#(= ~waterLevel~0 (_ bv1 32))} #211#return; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,185 INFO L290 TraceCheckUtils]: 60: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_processEnvironment } true; {28256#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:10:50,185 INFO L290 TraceCheckUtils]: 61: Hoare triple {28256#(= ~waterLevel~0 (_ bv1 32))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {28443#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:10:50,186 INFO L290 TraceCheckUtils]: 62: Hoare triple {28443#(= |timeShift_getWaterLevel_#res#1| (_ bv1 32))} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {28447#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv1 32))} is VALID [2022-02-20 18:10:50,186 INFO L290 TraceCheckUtils]: 63: Hoare triple {28447#(= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv1 32))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {28252#false} is VALID [2022-02-20 18:10:50,186 INFO L290 TraceCheckUtils]: 64: Hoare triple {28252#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {28252#false} is VALID [2022-02-20 18:10:50,186 INFO L290 TraceCheckUtils]: 65: Hoare triple {28252#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {28252#false} is VALID [2022-02-20 18:10:50,186 INFO L290 TraceCheckUtils]: 66: Hoare triple {28252#false} assume !false; {28252#false} is VALID [2022-02-20 18:10:50,186 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 0 proven. 11 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-02-20 18:10:50,186 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:50,649 INFO L290 TraceCheckUtils]: 66: Hoare triple {28252#false} assume !false; {28252#false} is VALID [2022-02-20 18:10:50,649 INFO L290 TraceCheckUtils]: 65: Hoare triple {28252#false} assume 0bv32 != __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {28252#false} is VALID [2022-02-20 18:10:50,649 INFO L290 TraceCheckUtils]: 64: Hoare triple {28252#false} __utac_acc__Specification4_spec__1_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification4_spec__1_~tmp___0~0#1 := __utac_acc__Specification4_spec__1_#t~ret34#1;havoc __utac_acc__Specification4_spec__1_#t~ret34#1; {28252#false} is VALID [2022-02-20 18:10:50,649 INFO L290 TraceCheckUtils]: 63: Hoare triple {28469#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv0 32)))} assume 0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~10#1;havoc isPumpRunning_~retValue_acc~10#1;isPumpRunning_~retValue_acc~10#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~10#1; {28252#false} is VALID [2022-02-20 18:10:50,650 INFO L290 TraceCheckUtils]: 62: Hoare triple {28473#(not (= |timeShift_getWaterLevel_#res#1| (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {28469#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~3#1| (_ bv0 32)))} is VALID [2022-02-20 18:10:50,650 INFO L290 TraceCheckUtils]: 61: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {28473#(not (= |timeShift_getWaterLevel_#res#1| (_ bv0 32)))} is VALID [2022-02-20 18:10:50,650 INFO L290 TraceCheckUtils]: 60: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_processEnvironment } true; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,651 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {28251#true} {28477#(not (= ~waterLevel~0 (_ bv0 32)))} #211#return; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,651 INFO L290 TraceCheckUtils]: 58: Hoare triple {28251#true} assume true; {28251#true} is VALID [2022-02-20 18:10:50,651 INFO L272 TraceCheckUtils]: 57: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} call processEnvironment__wrappee__base(); {28251#true} is VALID [2022-02-20 18:10:50,651 INFO L290 TraceCheckUtils]: 56: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume !(0bv32 == ~pumpRunning~0); {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,651 INFO L290 TraceCheckUtils]: 55: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,652 INFO L290 TraceCheckUtils]: 54: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_lowerWaterLevel } true; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,652 INFO L290 TraceCheckUtils]: 53: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,652 INFO L290 TraceCheckUtils]: 52: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,653 INFO L272 TraceCheckUtils]: 51: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} call timeShift(); {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,653 INFO L290 TraceCheckUtils]: 50: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != test_~tmp___1~0#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,654 INFO L290 TraceCheckUtils]: 49: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,654 INFO L290 TraceCheckUtils]: 48: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,654 INFO L290 TraceCheckUtils]: 47: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~1#1); {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,655 INFO L290 TraceCheckUtils]: 46: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,655 INFO L290 TraceCheckUtils]: 45: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp~5#1); {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,655 INFO L290 TraceCheckUtils]: 44: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,656 INFO L290 TraceCheckUtils]: 43: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,656 INFO L290 TraceCheckUtils]: 42: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !false; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,657 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} #221#return; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,657 INFO L290 TraceCheckUtils]: 40: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume true; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,657 INFO L290 TraceCheckUtils]: 39: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,658 INFO L290 TraceCheckUtils]: 38: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 == __utac_acc__Specification4_spec__1_~tmp~3#1); {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,658 INFO L290 TraceCheckUtils]: 37: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} __utac_acc__Specification4_spec__1_#t~ret33#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;__utac_acc__Specification4_spec__1_~tmp~3#1 := __utac_acc__Specification4_spec__1_#t~ret33#1;havoc __utac_acc__Specification4_spec__1_#t~ret33#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,659 INFO L290 TraceCheckUtils]: 36: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret33#1, __utac_acc__Specification4_spec__1_#t~ret34#1, __utac_acc__Specification4_spec__1_~tmp~3#1, __utac_acc__Specification4_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification4_spec__1_~tmp~3#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,659 INFO L290 TraceCheckUtils]: 35: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_processEnvironment } true; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,659 INFO L290 TraceCheckUtils]: 34: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_activatePump } true; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,660 INFO L290 TraceCheckUtils]: 33: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,660 INFO L290 TraceCheckUtils]: 32: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != activatePump_~tmp~7#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,661 INFO L290 TraceCheckUtils]: 31: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} activatePump_#t~ret41#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~7#1 := activatePump_#t~ret41#1;havoc activatePump_#t~ret41#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,661 INFO L290 TraceCheckUtils]: 30: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isMethaneAlarm_#t~ret42#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;isMethaneAlarm_~retValue_acc~9#1 := isMethaneAlarm_#t~ret42#1;havoc isMethaneAlarm_#t~ret42#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~9#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,661 INFO L290 TraceCheckUtils]: 29: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 != processEnvironment_~tmp~6#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret41#1, activatePump_~tmp~7#1;havoc activatePump_~tmp~7#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret42#1, isMethaneAlarm_~retValue_acc~9#1;havoc isMethaneAlarm_~retValue_acc~9#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,662 INFO L290 TraceCheckUtils]: 28: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} processEnvironment_#t~ret40#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~6#1 := processEnvironment_#t~ret40#1;havoc processEnvironment_#t~ret40#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,662 INFO L290 TraceCheckUtils]: 27: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isHighWaterLevel_~retValue_acc~11#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~11#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,663 INFO L290 TraceCheckUtils]: 26: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != isHighWaterLevel_~tmp~8#1);isHighWaterLevel_~tmp___0~2#1 := 1bv32; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,663 INFO L290 TraceCheckUtils]: 25: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} isHighWaterLevel_#t~ret51#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~8#1 := isHighWaterLevel_#t~ret51#1;havoc isHighWaterLevel_#t~ret51#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,663 INFO L290 TraceCheckUtils]: 24: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~2#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,664 INFO L290 TraceCheckUtils]: 23: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret51#1, isHighWaterLevel_~retValue_acc~11#1, isHighWaterLevel_~tmp~8#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~11#1;havoc isHighWaterLevel_~tmp~8#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,664 INFO L290 TraceCheckUtils]: 22: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret40#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,665 INFO L290 TraceCheckUtils]: 21: Hoare triple {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} assume !(0bv32 != ~pumpRunning~0); {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,665 INFO L272 TraceCheckUtils]: 20: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} call timeShift(); {28542#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (bvadd (_ bv4294967295 32) |old(~waterLevel~0)|) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,665 INFO L290 TraceCheckUtils]: 19: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != test_~tmp___1~0#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,666 INFO L290 TraceCheckUtils]: 18: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet39#1;havoc test_#t~nondet39#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,666 INFO L290 TraceCheckUtils]: 17: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___2~0#1 := test_#t~nondet38#1;havoc test_#t~nondet38#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,666 INFO L290 TraceCheckUtils]: 16: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != test_~tmp___0~1#1); {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,667 INFO L290 TraceCheckUtils]: 15: Hoare triple {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} test_~tmp___0~1#1 := test_#t~nondet37#1;havoc test_#t~nondet37#1; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,667 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {28624#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} {28477#(not (= ~waterLevel~0 (_ bv0 32)))} #217#return; {28502#(not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2022-02-20 18:10:50,668 INFO L290 TraceCheckUtils]: 13: Hoare triple {28624#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} assume true; {28624#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:50,668 INFO L290 TraceCheckUtils]: 12: Hoare triple {28631#(or (not (= ~waterLevel~0 (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {28624#(or (not (= (bvadd ~waterLevel~0 (_ bv4294967295 32)) (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:50,669 INFO L272 TraceCheckUtils]: 11: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} call waterRise(); {28631#(or (not (= ~waterLevel~0 (_ bv0 32))) (= (_ bv0 32) |old(~waterLevel~0)|))} is VALID [2022-02-20 18:10:50,669 INFO L290 TraceCheckUtils]: 10: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != test_~tmp~5#1; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,669 INFO L290 TraceCheckUtils]: 9: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} test_~tmp~5#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,669 INFO L290 TraceCheckUtils]: 8: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,670 INFO L290 TraceCheckUtils]: 7: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume !false; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,683 INFO L290 TraceCheckUtils]: 6: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_#t~nondet39#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,684 INFO L290 TraceCheckUtils]: 5: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,684 INFO L290 TraceCheckUtils]: 4: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,684 INFO L290 TraceCheckUtils]: 3: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,685 INFO L290 TraceCheckUtils]: 2: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,685 INFO L290 TraceCheckUtils]: 1: Hoare triple {28477#(not (= ~waterLevel~0 (_ bv0 32)))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~8#1, main_~tmp~4#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {28251#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(7bv32, 5bv32);call write~init~intINTTYPE1(44bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 5bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 5bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 5bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 5bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 6bv32);call write~init~intINTTYPE1(67bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 6bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 7bv32);call write~init~intINTTYPE1(79bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 8bv32);call write~init~intINTTYPE1(41bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 9bv32);call #Ultimate.allocInit(9bv32, 10bv32);call #Ultimate.allocInit(21bv32, 11bv32);call #Ultimate.allocInit(30bv32, 12bv32);call #Ultimate.allocInit(9bv32, 13bv32);call #Ultimate.allocInit(21bv32, 14bv32);call #Ultimate.allocInit(30bv32, 15bv32);call #Ultimate.allocInit(9bv32, 16bv32);call #Ultimate.allocInit(25bv32, 17bv32);call #Ultimate.allocInit(30bv32, 18bv32);call #Ultimate.allocInit(9bv32, 19bv32);call #Ultimate.allocInit(25bv32, 20bv32);call #Ultimate.allocInit(13bv32, 21bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(79bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 23bv32);call write~init~intINTTYPE1(79bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 23bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 24bv32);call write~init~intINTTYPE1(44bv8, 24bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 24bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 24bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 24bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 24bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 24bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 24bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 25bv32);call write~init~intINTTYPE1(79bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 26bv32);call write~init~intINTTYPE1(79bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(41bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(10bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32; {28477#(not (= ~waterLevel~0 (_ bv0 32)))} is VALID [2022-02-20 18:10:50,688 INFO L134 CoverageAnalysis]: Checked inductivity of 17 backedges. 1 proven. 10 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-02-20 18:10:50,688 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:10:50,688 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [764662283] [2022-02-20 18:10:50,688 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [764662283] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:50,688 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 18:10:50,688 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 9] total 15 [2022-02-20 18:10:50,689 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [307231223] [2022-02-20 18:10:50,689 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:50,689 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 7.133333333333334) internal successors, (107), 14 states have internal predecessors, (107), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) Word has length 67 [2022-02-20 18:10:50,690 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:50,690 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 15 states have (on average 7.133333333333334) internal successors, (107), 14 states have internal predecessors, (107), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:50,822 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 121 edges. 121 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:50,822 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:10:50,822 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:10:50,822 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:10:50,823 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=42, Invalid=168, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:10:50,823 INFO L87 Difference]: Start difference. First operand 653 states and 797 transitions. Second operand has 15 states, 15 states have (on average 7.133333333333334) internal successors, (107), 14 states have internal predecessors, (107), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:52,954 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:52,954 INFO L93 Difference]: Finished difference Result 1776 states and 2308 transitions. [2022-02-20 18:10:52,954 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-02-20 18:10:52,955 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 7.133333333333334) internal successors, (107), 14 states have internal predecessors, (107), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) Word has length 67 [2022-02-20 18:10:52,955 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:52,955 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 7.133333333333334) internal successors, (107), 14 states have internal predecessors, (107), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:52,959 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 537 transitions. [2022-02-20 18:10:52,959 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 7.133333333333334) internal successors, (107), 14 states have internal predecessors, (107), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:52,970 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 537 transitions. [2022-02-20 18:10:52,970 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 34 states and 537 transitions. [2022-02-20 18:10:53,365 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 537 edges. 537 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:53,428 INFO L225 Difference]: With dead ends: 1776 [2022-02-20 18:10:53,429 INFO L226 Difference]: Without dead ends: 1198 [2022-02-20 18:10:53,430 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 161 GetRequests, 120 SyntacticMatches, 3 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 307 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=335, Invalid=1225, Unknown=0, NotChecked=0, Total=1560 [2022-02-20 18:10:53,431 INFO L933 BasicCegarLoop]: 133 mSDtfsCounter, 544 mSDsluCounter, 697 mSDsCounter, 0 mSdLazyCounter, 522 mSolverCounterSat, 184 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 553 SdHoareTripleChecker+Valid, 830 SdHoareTripleChecker+Invalid, 706 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 184 IncrementalHoareTripleChecker+Valid, 522 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:53,431 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [553 Valid, 830 Invalid, 706 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [184 Valid, 522 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 18:10:53,432 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1198 states. [2022-02-20 18:10:53,479 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1198 to 1134. [2022-02-20 18:10:53,479 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:53,481 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1198 states. Second operand has 1134 states, 927 states have (on average 1.2168284789644013) internal successors, (1128), 988 states have internal predecessors, (1128), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:53,482 INFO L74 IsIncluded]: Start isIncluded. First operand 1198 states. Second operand has 1134 states, 927 states have (on average 1.2168284789644013) internal successors, (1128), 988 states have internal predecessors, (1128), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:53,483 INFO L87 Difference]: Start difference. First operand 1198 states. Second operand has 1134 states, 927 states have (on average 1.2168284789644013) internal successors, (1128), 988 states have internal predecessors, (1128), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:53,532 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:53,532 INFO L93 Difference]: Finished difference Result 1198 states and 1518 transitions. [2022-02-20 18:10:53,532 INFO L276 IsEmpty]: Start isEmpty. Operand 1198 states and 1518 transitions. [2022-02-20 18:10:53,534 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:53,535 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:53,536 INFO L74 IsIncluded]: Start isIncluded. First operand has 1134 states, 927 states have (on average 1.2168284789644013) internal successors, (1128), 988 states have internal predecessors, (1128), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) Second operand 1198 states. [2022-02-20 18:10:53,537 INFO L87 Difference]: Start difference. First operand has 1134 states, 927 states have (on average 1.2168284789644013) internal successors, (1128), 988 states have internal predecessors, (1128), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) Second operand 1198 states. [2022-02-20 18:10:53,582 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:53,582 INFO L93 Difference]: Finished difference Result 1198 states and 1518 transitions. [2022-02-20 18:10:53,582 INFO L276 IsEmpty]: Start isEmpty. Operand 1198 states and 1518 transitions. [2022-02-20 18:10:53,585 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:53,585 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:53,586 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:53,586 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:53,587 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1134 states, 927 states have (on average 1.2168284789644013) internal successors, (1128), 988 states have internal predecessors, (1128), 99 states have call successors, (99), 89 states have call predecessors, (99), 107 states have return successors, (194), 99 states have call predecessors, (194), 99 states have call successors, (194) [2022-02-20 18:10:53,640 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1134 states to 1134 states and 1421 transitions. [2022-02-20 18:10:53,641 INFO L78 Accepts]: Start accepts. Automaton has 1134 states and 1421 transitions. Word has length 67 [2022-02-20 18:10:53,641 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:53,641 INFO L470 AbstractCegarLoop]: Abstraction has 1134 states and 1421 transitions. [2022-02-20 18:10:53,642 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 7.133333333333334) internal successors, (107), 14 states have internal predecessors, (107), 4 states have call successors, (8), 7 states have call predecessors, (8), 6 states have return successors, (6), 4 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:10:53,642 INFO L276 IsEmpty]: Start isEmpty. Operand 1134 states and 1421 transitions. [2022-02-20 18:10:53,646 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 93 [2022-02-20 18:10:53,646 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:53,647 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:53,655 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (15)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:53,853 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 15 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:53,853 INFO L402 AbstractCegarLoop]: === Iteration 15 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:53,854 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:53,854 INFO L85 PathProgramCache]: Analyzing trace with hash -761796008, now seen corresponding path program 2 times [2022-02-20 18:10:53,854 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:10:53,854 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1243843321] [2022-02-20 18:10:53,854 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-02-20 18:10:53,854 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:10:53,854 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:10:53,855 INFO L229 MonitoredProcess]: Starting monitored process 16 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:10:53,856 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (16)] Waiting until timeout for monitored process [2022-02-20 18:10:53,909 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-02-20 18:10:53,909 INFO L229 tOrderPrioritization]: Conjunction of SSA is sat [2022-02-20 18:10:53,909 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:10:53,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:10:53,999 INFO L138 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-02-20 18:10:53,999 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:10:54,000 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:54,010 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (16)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:54,215 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 16 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:10:54,218 INFO L732 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:54,220 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:54,265 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:10:54,265 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:10:54,268 INFO L158 Benchmark]: Toolchain (without parser) took 17444.44ms. Allocated memory was 60.8MB in the beginning and 163.6MB in the end (delta: 102.8MB). Free memory was 37.3MB in the beginning and 129.7MB in the end (delta: -92.4MB). Peak memory consumption was 77.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:54,268 INFO L158 Benchmark]: CDTParser took 0.11ms. Allocated memory is still 60.8MB. Free memory was 40.8MB in the beginning and 40.7MB in the end (delta: 28.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:54,268 INFO L158 Benchmark]: CACSL2BoogieTranslator took 481.30ms. Allocated memory was 60.8MB in the beginning and 77.6MB in the end (delta: 16.8MB). Free memory was 37.1MB in the beginning and 57.4MB in the end (delta: -20.3MB). Peak memory consumption was 11.8MB. Max. memory is 16.1GB. [2022-02-20 18:10:54,268 INFO L158 Benchmark]: Boogie Procedure Inliner took 37.34ms. Allocated memory is still 77.6MB. Free memory was 57.4MB in the beginning and 54.8MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:54,268 INFO L158 Benchmark]: Boogie Preprocessor took 29.58ms. Allocated memory is still 77.6MB. Free memory was 54.8MB in the beginning and 53.0MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:54,268 INFO L158 Benchmark]: RCFGBuilder took 408.88ms. Allocated memory is still 77.6MB. Free memory was 53.0MB in the beginning and 55.4MB in the end (delta: -2.4MB). Peak memory consumption was 15.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:54,268 INFO L158 Benchmark]: TraceAbstraction took 16481.57ms. Allocated memory was 77.6MB in the beginning and 163.6MB in the end (delta: 86.0MB). Free memory was 54.9MB in the beginning and 129.7MB in the end (delta: -74.8MB). Peak memory consumption was 79.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:54,269 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.11ms. Allocated memory is still 60.8MB. Free memory was 40.8MB in the beginning and 40.7MB in the end (delta: 28.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 481.30ms. Allocated memory was 60.8MB in the beginning and 77.6MB in the end (delta: 16.8MB). Free memory was 37.1MB in the beginning and 57.4MB in the end (delta: -20.3MB). Peak memory consumption was 11.8MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 37.34ms. Allocated memory is still 77.6MB. Free memory was 57.4MB in the beginning and 54.8MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 29.58ms. Allocated memory is still 77.6MB. Free memory was 54.8MB in the beginning and 53.0MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 408.88ms. Allocated memory is still 77.6MB. Free memory was 53.0MB in the beginning and 55.4MB in the end (delta: -2.4MB). Peak memory consumption was 15.9MB. Max. memory is 16.1GB. * TraceAbstraction took 16481.57ms. Allocated memory was 77.6MB in the beginning and 163.6MB in the end (delta: 86.0MB). Free memory was 54.9MB in the beginning and 129.7MB in the end (delta: -74.8MB). Peak memory consumption was 79.9MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:10:54,299 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: ERROR: ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator