./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product41.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product41.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 6e630fd4f7f92b97a7712eadcda02cdabe0d357899fc48fb3e7885213e7a8b80 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:11:57,371 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:11:57,373 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:11:57,410 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:11:57,410 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:11:57,413 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:11:57,415 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:11:57,417 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:11:57,418 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:11:57,422 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:11:57,422 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:11:57,423 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:11:57,424 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:11:57,426 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:11:57,427 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:11:57,429 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:11:57,430 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:11:57,431 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:11:57,433 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:11:57,438 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:11:57,439 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:11:57,439 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:11:57,441 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:11:57,441 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:11:57,446 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:11:57,446 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:11:57,447 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:11:57,448 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:11:57,448 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:11:57,449 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:11:57,449 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:11:57,450 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:11:57,451 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:11:57,452 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:11:57,453 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:11:57,453 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:11:57,453 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:11:57,454 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:11:57,454 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:11:57,454 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:11:57,455 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:11:57,456 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:11:57,481 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:11:57,481 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:11:57,482 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:11:57,482 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:11:57,483 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:11:57,483 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:11:57,483 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:11:57,483 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:11:57,484 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:11:57,484 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:11:57,484 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:11:57,484 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:11:57,485 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:11:57,486 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:11:57,486 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:11:57,486 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:11:57,486 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:11:57,486 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:11:57,486 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:11:57,486 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:11:57,487 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:11:57,487 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:11:57,487 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:11:57,487 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:11:57,487 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:11:57,487 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:11:57,488 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 6e630fd4f7f92b97a7712eadcda02cdabe0d357899fc48fb3e7885213e7a8b80 [2022-02-20 18:11:57,707 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:11:57,727 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:11:57,729 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:11:57,729 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:11:57,730 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:11:57,731 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product41.cil.c [2022-02-20 18:11:57,780 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c93d11936/d754cd173f184cfd80e121a8f5d9116d/FLAGa2db60f14 [2022-02-20 18:11:58,190 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:11:58,191 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product41.cil.c [2022-02-20 18:11:58,198 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c93d11936/d754cd173f184cfd80e121a8f5d9116d/FLAGa2db60f14 [2022-02-20 18:11:58,581 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c93d11936/d754cd173f184cfd80e121a8f5d9116d [2022-02-20 18:11:58,583 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:11:58,585 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:11:58,598 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:11:58,598 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:11:58,601 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:11:58,602 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:11:58" (1/1) ... [2022-02-20 18:11:58,603 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5c35b81d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:58, skipping insertion in model container [2022-02-20 18:11:58,604 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:11:58" (1/1) ... [2022-02-20 18:11:58,609 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:11:58,645 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:11:58,931 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product41.cil.c[18234,18247] [2022-02-20 18:11:58,934 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:11:58,940 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:11:58,996 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product41.cil.c[18234,18247] [2022-02-20 18:11:58,997 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:11:59,009 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:11:59,010 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59 WrapperNode [2022-02-20 18:11:59,010 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:11:59,011 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:11:59,012 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:11:59,012 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:11:59,017 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,038 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,071 INFO L137 Inliner]: procedures = 55, calls = 154, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 251 [2022-02-20 18:11:59,073 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:11:59,074 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:11:59,074 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:11:59,074 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:11:59,080 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,080 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,090 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,090 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,095 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,098 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,100 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,102 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:11:59,102 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:11:59,102 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:11:59,103 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:11:59,103 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (1/1) ... [2022-02-20 18:11:59,125 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:11:59,134 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:11:59,148 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:11:59,153 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:11:59,203 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:11:59,203 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:11:59,203 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:11:59,203 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:11:59,203 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:11:59,204 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:11:59,204 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:11:59,204 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:11:59,205 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:11:59,206 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-02-20 18:11:59,206 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-02-20 18:11:59,206 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:11:59,206 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:11:59,206 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:11:59,207 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:11:59,207 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:11:59,263 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:11:59,264 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:11:59,563 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:11:59,570 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:11:59,570 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:11:59,572 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:11:59 BoogieIcfgContainer [2022-02-20 18:11:59,573 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:11:59,574 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:11:59,574 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:11:59,577 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:11:59,578 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:11:58" (1/3) ... [2022-02-20 18:11:59,578 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@32b93db8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:11:59, skipping insertion in model container [2022-02-20 18:11:59,578 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:11:59" (2/3) ... [2022-02-20 18:11:59,579 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@32b93db8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:11:59, skipping insertion in model container [2022-02-20 18:11:59,579 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:11:59" (3/3) ... [2022-02-20 18:11:59,580 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product41.cil.c [2022-02-20 18:11:59,583 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:11:59,584 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:11:59,633 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:11:59,638 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:11:59,638 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:11:59,654 INFO L276 IsEmpty]: Start isEmpty. Operand has 84 states, 66 states have (on average 1.378787878787879) internal successors, (91), 72 states have internal predecessors, (91), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:11:59,659 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:11:59,659 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:11:59,660 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:11:59,660 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:11:59,664 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:11:59,665 INFO L85 PathProgramCache]: Analyzing trace with hash 1799110499, now seen corresponding path program 1 times [2022-02-20 18:11:59,671 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:11:59,672 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2103362173] [2022-02-20 18:11:59,672 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:11:59,672 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:11:59,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:11:59,839 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:11:59,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:11:59,853 INFO L290 TraceCheckUtils]: 0: Hoare triple {87#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {87#true} is VALID [2022-02-20 18:11:59,853 INFO L290 TraceCheckUtils]: 1: Hoare triple {87#true} assume true; {87#true} is VALID [2022-02-20 18:11:59,854 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {87#true} {88#false} #222#return; {88#false} is VALID [2022-02-20 18:11:59,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:11:59,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:11:59,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {87#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {87#true} is VALID [2022-02-20 18:11:59,864 INFO L290 TraceCheckUtils]: 1: Hoare triple {87#true} assume true; {87#true} is VALID [2022-02-20 18:11:59,865 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {87#true} {88#false} #228#return; {88#false} is VALID [2022-02-20 18:11:59,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {87#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {87#true} is VALID [2022-02-20 18:11:59,866 INFO L290 TraceCheckUtils]: 1: Hoare triple {87#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {87#true} is VALID [2022-02-20 18:11:59,866 INFO L290 TraceCheckUtils]: 2: Hoare triple {87#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {87#true} is VALID [2022-02-20 18:11:59,866 INFO L290 TraceCheckUtils]: 3: Hoare triple {87#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {87#true} is VALID [2022-02-20 18:11:59,866 INFO L290 TraceCheckUtils]: 4: Hoare triple {87#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {87#true} is VALID [2022-02-20 18:11:59,866 INFO L290 TraceCheckUtils]: 5: Hoare triple {87#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {87#true} is VALID [2022-02-20 18:11:59,867 INFO L290 TraceCheckUtils]: 6: Hoare triple {87#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {87#true} is VALID [2022-02-20 18:11:59,867 INFO L290 TraceCheckUtils]: 7: Hoare triple {87#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {87#true} is VALID [2022-02-20 18:11:59,868 INFO L290 TraceCheckUtils]: 8: Hoare triple {87#true} assume !true; {88#false} is VALID [2022-02-20 18:11:59,868 INFO L272 TraceCheckUtils]: 9: Hoare triple {88#false} call cleanup(); {88#false} is VALID [2022-02-20 18:11:59,868 INFO L290 TraceCheckUtils]: 10: Hoare triple {88#false} havoc ~i~0;havoc ~__cil_tmp2~0; {88#false} is VALID [2022-02-20 18:11:59,869 INFO L272 TraceCheckUtils]: 11: Hoare triple {88#false} call timeShift(); {88#false} is VALID [2022-02-20 18:11:59,869 INFO L290 TraceCheckUtils]: 12: Hoare triple {88#false} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {88#false} is VALID [2022-02-20 18:11:59,869 INFO L272 TraceCheckUtils]: 13: Hoare triple {88#false} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {87#true} is VALID [2022-02-20 18:11:59,869 INFO L290 TraceCheckUtils]: 14: Hoare triple {87#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {87#true} is VALID [2022-02-20 18:11:59,869 INFO L290 TraceCheckUtils]: 15: Hoare triple {87#true} assume true; {87#true} is VALID [2022-02-20 18:11:59,870 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {87#true} {88#false} #222#return; {88#false} is VALID [2022-02-20 18:11:59,870 INFO L290 TraceCheckUtils]: 17: Hoare triple {88#false} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {88#false} is VALID [2022-02-20 18:11:59,870 INFO L290 TraceCheckUtils]: 18: Hoare triple {88#false} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {88#false} is VALID [2022-02-20 18:11:59,870 INFO L290 TraceCheckUtils]: 19: Hoare triple {88#false} assume !(0 != ~pumpRunning~0); {88#false} is VALID [2022-02-20 18:11:59,870 INFO L290 TraceCheckUtils]: 20: Hoare triple {88#false} assume !(0 != ~systemActive~0); {88#false} is VALID [2022-02-20 18:11:59,871 INFO L290 TraceCheckUtils]: 21: Hoare triple {88#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {88#false} is VALID [2022-02-20 18:11:59,871 INFO L290 TraceCheckUtils]: 22: Hoare triple {88#false} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {88#false} is VALID [2022-02-20 18:11:59,871 INFO L290 TraceCheckUtils]: 23: Hoare triple {88#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {88#false} is VALID [2022-02-20 18:11:59,871 INFO L272 TraceCheckUtils]: 24: Hoare triple {88#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {87#true} is VALID [2022-02-20 18:11:59,872 INFO L290 TraceCheckUtils]: 25: Hoare triple {87#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {87#true} is VALID [2022-02-20 18:11:59,872 INFO L290 TraceCheckUtils]: 26: Hoare triple {87#true} assume true; {87#true} is VALID [2022-02-20 18:11:59,872 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {87#true} {88#false} #228#return; {88#false} is VALID [2022-02-20 18:11:59,872 INFO L290 TraceCheckUtils]: 28: Hoare triple {88#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {88#false} is VALID [2022-02-20 18:11:59,872 INFO L290 TraceCheckUtils]: 29: Hoare triple {88#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {88#false} is VALID [2022-02-20 18:11:59,872 INFO L290 TraceCheckUtils]: 30: Hoare triple {88#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {88#false} is VALID [2022-02-20 18:11:59,873 INFO L290 TraceCheckUtils]: 31: Hoare triple {88#false} assume !false; {88#false} is VALID [2022-02-20 18:11:59,873 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:11:59,874 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:11:59,874 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2103362173] [2022-02-20 18:11:59,874 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2103362173] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:11:59,875 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:11:59,875 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:11:59,876 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1839105498] [2022-02-20 18:11:59,876 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:11:59,880 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-02-20 18:11:59,882 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:11:59,884 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:11:59,917 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:11:59,917 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:11:59,918 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:11:59,933 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:11:59,933 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:11:59,936 INFO L87 Difference]: Start difference. First operand has 84 states, 66 states have (on average 1.378787878787879) internal successors, (91), 72 states have internal predecessors, (91), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:00,013 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,013 INFO L93 Difference]: Finished difference Result 159 states and 216 transitions. [2022-02-20 18:12:00,014 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:12:00,014 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-02-20 18:12:00,014 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:00,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:00,026 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 216 transitions. [2022-02-20 18:12:00,027 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:00,033 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 216 transitions. [2022-02-20 18:12:00,033 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 216 transitions. [2022-02-20 18:12:00,197 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 216 edges. 216 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:00,210 INFO L225 Difference]: With dead ends: 159 [2022-02-20 18:12:00,211 INFO L226 Difference]: Without dead ends: 75 [2022-02-20 18:12:00,214 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:12:00,217 INFO L933 BasicCegarLoop]: 105 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 105 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:00,220 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 105 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:00,233 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2022-02-20 18:12:00,253 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 75. [2022-02-20 18:12:00,258 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:00,261 INFO L82 GeneralOperation]: Start isEquivalent. First operand 75 states. Second operand has 75 states, 59 states have (on average 1.305084745762712) internal successors, (77), 64 states have internal predecessors, (77), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,264 INFO L74 IsIncluded]: Start isIncluded. First operand 75 states. Second operand has 75 states, 59 states have (on average 1.305084745762712) internal successors, (77), 64 states have internal predecessors, (77), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,265 INFO L87 Difference]: Start difference. First operand 75 states. Second operand has 75 states, 59 states have (on average 1.305084745762712) internal successors, (77), 64 states have internal predecessors, (77), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,274 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,275 INFO L93 Difference]: Finished difference Result 75 states and 96 transitions. [2022-02-20 18:12:00,275 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 96 transitions. [2022-02-20 18:12:00,276 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:00,276 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:00,276 INFO L74 IsIncluded]: Start isIncluded. First operand has 75 states, 59 states have (on average 1.305084745762712) internal successors, (77), 64 states have internal predecessors, (77), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 75 states. [2022-02-20 18:12:00,277 INFO L87 Difference]: Start difference. First operand has 75 states, 59 states have (on average 1.305084745762712) internal successors, (77), 64 states have internal predecessors, (77), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 75 states. [2022-02-20 18:12:00,281 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,281 INFO L93 Difference]: Finished difference Result 75 states and 96 transitions. [2022-02-20 18:12:00,281 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 96 transitions. [2022-02-20 18:12:00,282 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:00,282 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:00,282 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:00,283 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:00,283 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 75 states, 59 states have (on average 1.305084745762712) internal successors, (77), 64 states have internal predecessors, (77), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,286 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 75 states to 75 states and 96 transitions. [2022-02-20 18:12:00,288 INFO L78 Accepts]: Start accepts. Automaton has 75 states and 96 transitions. Word has length 32 [2022-02-20 18:12:00,288 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:00,288 INFO L470 AbstractCegarLoop]: Abstraction has 75 states and 96 transitions. [2022-02-20 18:12:00,288 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:00,289 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 96 transitions. [2022-02-20 18:12:00,290 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-02-20 18:12:00,290 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:00,290 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:00,291 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:12:00,291 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:00,291 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:00,291 INFO L85 PathProgramCache]: Analyzing trace with hash -843212119, now seen corresponding path program 1 times [2022-02-20 18:12:00,292 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:00,292 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1125077102] [2022-02-20 18:12:00,292 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:00,292 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:00,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:00,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:00,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:00,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {587#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {587#true} is VALID [2022-02-20 18:12:00,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {587#true} assume true; {587#true} is VALID [2022-02-20 18:12:00,391 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {587#true} {589#(= 1 ~systemActive~0)} #222#return; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-02-20 18:12:00,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:00,395 INFO L290 TraceCheckUtils]: 0: Hoare triple {587#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {587#true} is VALID [2022-02-20 18:12:00,395 INFO L290 TraceCheckUtils]: 1: Hoare triple {587#true} assume true; {587#true} is VALID [2022-02-20 18:12:00,396 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {587#true} {588#false} #228#return; {588#false} is VALID [2022-02-20 18:12:00,398 INFO L290 TraceCheckUtils]: 0: Hoare triple {587#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {589#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {589#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,400 INFO L290 TraceCheckUtils]: 3: Hoare triple {589#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,400 INFO L290 TraceCheckUtils]: 4: Hoare triple {589#(= 1 ~systemActive~0)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,400 INFO L290 TraceCheckUtils]: 5: Hoare triple {589#(= 1 ~systemActive~0)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,401 INFO L290 TraceCheckUtils]: 6: Hoare triple {589#(= 1 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,401 INFO L290 TraceCheckUtils]: 7: Hoare triple {589#(= 1 ~systemActive~0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,402 INFO L290 TraceCheckUtils]: 8: Hoare triple {589#(= 1 ~systemActive~0)} assume !false; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,402 INFO L290 TraceCheckUtils]: 9: Hoare triple {589#(= 1 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,403 INFO L290 TraceCheckUtils]: 10: Hoare triple {589#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,403 INFO L290 TraceCheckUtils]: 11: Hoare triple {589#(= 1 ~systemActive~0)} assume !(0 != test_~tmp~5#1); {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,404 INFO L290 TraceCheckUtils]: 12: Hoare triple {589#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,404 INFO L290 TraceCheckUtils]: 13: Hoare triple {589#(= 1 ~systemActive~0)} assume !(0 != test_~tmp___0~2#1); {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,405 INFO L290 TraceCheckUtils]: 14: Hoare triple {589#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,405 INFO L290 TraceCheckUtils]: 15: Hoare triple {589#(= 1 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,406 INFO L272 TraceCheckUtils]: 16: Hoare triple {589#(= 1 ~systemActive~0)} call timeShift(); {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,406 INFO L290 TraceCheckUtils]: 17: Hoare triple {589#(= 1 ~systemActive~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,406 INFO L272 TraceCheckUtils]: 18: Hoare triple {589#(= 1 ~systemActive~0)} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {587#true} is VALID [2022-02-20 18:12:00,406 INFO L290 TraceCheckUtils]: 19: Hoare triple {587#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {587#true} is VALID [2022-02-20 18:12:00,407 INFO L290 TraceCheckUtils]: 20: Hoare triple {587#true} assume true; {587#true} is VALID [2022-02-20 18:12:00,407 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {587#true} {589#(= 1 ~systemActive~0)} #222#return; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,408 INFO L290 TraceCheckUtils]: 22: Hoare triple {589#(= 1 ~systemActive~0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,408 INFO L290 TraceCheckUtils]: 23: Hoare triple {589#(= 1 ~systemActive~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,408 INFO L290 TraceCheckUtils]: 24: Hoare triple {589#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {589#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:00,409 INFO L290 TraceCheckUtils]: 25: Hoare triple {589#(= 1 ~systemActive~0)} assume !(0 != ~systemActive~0); {588#false} is VALID [2022-02-20 18:12:00,409 INFO L290 TraceCheckUtils]: 26: Hoare triple {588#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {588#false} is VALID [2022-02-20 18:12:00,409 INFO L290 TraceCheckUtils]: 27: Hoare triple {588#false} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {588#false} is VALID [2022-02-20 18:12:00,409 INFO L290 TraceCheckUtils]: 28: Hoare triple {588#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {588#false} is VALID [2022-02-20 18:12:00,410 INFO L272 TraceCheckUtils]: 29: Hoare triple {588#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {587#true} is VALID [2022-02-20 18:12:00,410 INFO L290 TraceCheckUtils]: 30: Hoare triple {587#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {587#true} is VALID [2022-02-20 18:12:00,410 INFO L290 TraceCheckUtils]: 31: Hoare triple {587#true} assume true; {587#true} is VALID [2022-02-20 18:12:00,410 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {587#true} {588#false} #228#return; {588#false} is VALID [2022-02-20 18:12:00,410 INFO L290 TraceCheckUtils]: 33: Hoare triple {588#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {588#false} is VALID [2022-02-20 18:12:00,411 INFO L290 TraceCheckUtils]: 34: Hoare triple {588#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {588#false} is VALID [2022-02-20 18:12:00,411 INFO L290 TraceCheckUtils]: 35: Hoare triple {588#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {588#false} is VALID [2022-02-20 18:12:00,411 INFO L290 TraceCheckUtils]: 36: Hoare triple {588#false} assume !false; {588#false} is VALID [2022-02-20 18:12:00,411 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:00,412 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:00,412 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1125077102] [2022-02-20 18:12:00,412 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1125077102] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:00,412 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:00,412 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:00,412 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1789981704] [2022-02-20 18:12:00,412 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:00,414 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-02-20 18:12:00,414 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:00,414 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:00,438 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:00,439 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:00,439 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:00,439 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:00,440 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:00,440 INFO L87 Difference]: Start difference. First operand 75 states and 96 transitions. Second operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:00,562 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,562 INFO L93 Difference]: Finished difference Result 142 states and 187 transitions. [2022-02-20 18:12:00,563 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:00,563 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-02-20 18:12:00,563 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:00,563 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:00,567 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 187 transitions. [2022-02-20 18:12:00,567 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:00,570 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 187 transitions. [2022-02-20 18:12:00,570 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 187 transitions. [2022-02-20 18:12:00,691 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 187 edges. 187 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:00,694 INFO L225 Difference]: With dead ends: 142 [2022-02-20 18:12:00,694 INFO L226 Difference]: Without dead ends: 75 [2022-02-20 18:12:00,695 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:00,696 INFO L933 BasicCegarLoop]: 94 mSDtfsCounter, 73 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 73 SdHoareTripleChecker+Valid, 94 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:00,696 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [73 Valid, 94 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:00,697 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2022-02-20 18:12:00,701 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 75. [2022-02-20 18:12:00,702 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:00,702 INFO L82 GeneralOperation]: Start isEquivalent. First operand 75 states. Second operand has 75 states, 59 states have (on average 1.2881355932203389) internal successors, (76), 64 states have internal predecessors, (76), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,702 INFO L74 IsIncluded]: Start isIncluded. First operand 75 states. Second operand has 75 states, 59 states have (on average 1.2881355932203389) internal successors, (76), 64 states have internal predecessors, (76), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,703 INFO L87 Difference]: Start difference. First operand 75 states. Second operand has 75 states, 59 states have (on average 1.2881355932203389) internal successors, (76), 64 states have internal predecessors, (76), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,705 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,705 INFO L93 Difference]: Finished difference Result 75 states and 95 transitions. [2022-02-20 18:12:00,706 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 95 transitions. [2022-02-20 18:12:00,706 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:00,707 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:00,707 INFO L74 IsIncluded]: Start isIncluded. First operand has 75 states, 59 states have (on average 1.2881355932203389) internal successors, (76), 64 states have internal predecessors, (76), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 75 states. [2022-02-20 18:12:00,707 INFO L87 Difference]: Start difference. First operand has 75 states, 59 states have (on average 1.2881355932203389) internal successors, (76), 64 states have internal predecessors, (76), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 75 states. [2022-02-20 18:12:00,710 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,710 INFO L93 Difference]: Finished difference Result 75 states and 95 transitions. [2022-02-20 18:12:00,710 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 95 transitions. [2022-02-20 18:12:00,711 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:00,711 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:00,711 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:00,711 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:00,711 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 75 states, 59 states have (on average 1.2881355932203389) internal successors, (76), 64 states have internal predecessors, (76), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:00,713 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 75 states to 75 states and 95 transitions. [2022-02-20 18:12:00,714 INFO L78 Accepts]: Start accepts. Automaton has 75 states and 95 transitions. Word has length 37 [2022-02-20 18:12:00,714 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:00,714 INFO L470 AbstractCegarLoop]: Abstraction has 75 states and 95 transitions. [2022-02-20 18:12:00,714 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:00,714 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 95 transitions. [2022-02-20 18:12:00,715 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:12:00,715 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:00,715 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:00,716 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:12:00,716 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:00,716 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:00,716 INFO L85 PathProgramCache]: Analyzing trace with hash 404070432, now seen corresponding path program 1 times [2022-02-20 18:12:00,717 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:00,717 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1669023203] [2022-02-20 18:12:00,717 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:00,717 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:00,750 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:00,770 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:12:00,771 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:00,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {1062#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1062#true} is VALID [2022-02-20 18:12:00,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {1062#true} assume true; {1062#true} is VALID [2022-02-20 18:12:00,774 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1062#true} {1063#false} #222#return; {1063#false} is VALID [2022-02-20 18:12:00,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:12:00,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:00,777 INFO L290 TraceCheckUtils]: 0: Hoare triple {1062#true} assume true; {1062#true} is VALID [2022-02-20 18:12:00,778 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1062#true} {1063#false} #226#return; {1063#false} is VALID [2022-02-20 18:12:00,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:12:00,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:00,781 INFO L290 TraceCheckUtils]: 0: Hoare triple {1062#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1062#true} is VALID [2022-02-20 18:12:00,781 INFO L290 TraceCheckUtils]: 1: Hoare triple {1062#true} assume true; {1062#true} is VALID [2022-02-20 18:12:00,782 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1062#true} {1063#false} #228#return; {1063#false} is VALID [2022-02-20 18:12:00,782 INFO L290 TraceCheckUtils]: 0: Hoare triple {1062#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {1062#true} is VALID [2022-02-20 18:12:00,782 INFO L290 TraceCheckUtils]: 1: Hoare triple {1062#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {1062#true} is VALID [2022-02-20 18:12:00,782 INFO L290 TraceCheckUtils]: 2: Hoare triple {1062#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1062#true} is VALID [2022-02-20 18:12:00,782 INFO L290 TraceCheckUtils]: 3: Hoare triple {1062#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {1062#true} is VALID [2022-02-20 18:12:00,783 INFO L290 TraceCheckUtils]: 4: Hoare triple {1062#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {1062#true} is VALID [2022-02-20 18:12:00,783 INFO L290 TraceCheckUtils]: 5: Hoare triple {1062#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {1062#true} is VALID [2022-02-20 18:12:00,783 INFO L290 TraceCheckUtils]: 6: Hoare triple {1062#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {1062#true} is VALID [2022-02-20 18:12:00,783 INFO L290 TraceCheckUtils]: 7: Hoare triple {1062#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1064#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:12:00,784 INFO L290 TraceCheckUtils]: 8: Hoare triple {1064#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {1064#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:12:00,784 INFO L290 TraceCheckUtils]: 9: Hoare triple {1064#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {1063#false} is VALID [2022-02-20 18:12:00,784 INFO L272 TraceCheckUtils]: 10: Hoare triple {1063#false} call cleanup(); {1063#false} is VALID [2022-02-20 18:12:00,784 INFO L290 TraceCheckUtils]: 11: Hoare triple {1063#false} havoc ~i~0;havoc ~__cil_tmp2~0; {1063#false} is VALID [2022-02-20 18:12:00,785 INFO L272 TraceCheckUtils]: 12: Hoare triple {1063#false} call timeShift(); {1063#false} is VALID [2022-02-20 18:12:00,785 INFO L290 TraceCheckUtils]: 13: Hoare triple {1063#false} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {1063#false} is VALID [2022-02-20 18:12:00,785 INFO L272 TraceCheckUtils]: 14: Hoare triple {1063#false} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {1062#true} is VALID [2022-02-20 18:12:00,785 INFO L290 TraceCheckUtils]: 15: Hoare triple {1062#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1062#true} is VALID [2022-02-20 18:12:00,785 INFO L290 TraceCheckUtils]: 16: Hoare triple {1062#true} assume true; {1062#true} is VALID [2022-02-20 18:12:00,786 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {1062#true} {1063#false} #222#return; {1063#false} is VALID [2022-02-20 18:12:00,786 INFO L290 TraceCheckUtils]: 18: Hoare triple {1063#false} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {1063#false} is VALID [2022-02-20 18:12:00,786 INFO L290 TraceCheckUtils]: 19: Hoare triple {1063#false} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {1063#false} is VALID [2022-02-20 18:12:00,786 INFO L290 TraceCheckUtils]: 20: Hoare triple {1063#false} assume !(0 != ~pumpRunning~0); {1063#false} is VALID [2022-02-20 18:12:00,786 INFO L290 TraceCheckUtils]: 21: Hoare triple {1063#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {1063#false} is VALID [2022-02-20 18:12:00,786 INFO L290 TraceCheckUtils]: 22: Hoare triple {1063#false} assume !(0 == ~pumpRunning~0); {1063#false} is VALID [2022-02-20 18:12:00,787 INFO L272 TraceCheckUtils]: 23: Hoare triple {1063#false} call processEnvironment__wrappee__base(); {1062#true} is VALID [2022-02-20 18:12:00,787 INFO L290 TraceCheckUtils]: 24: Hoare triple {1062#true} assume true; {1062#true} is VALID [2022-02-20 18:12:00,787 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {1062#true} {1063#false} #226#return; {1063#false} is VALID [2022-02-20 18:12:00,787 INFO L290 TraceCheckUtils]: 26: Hoare triple {1063#false} assume { :end_inline_processEnvironment } true; {1063#false} is VALID [2022-02-20 18:12:00,787 INFO L290 TraceCheckUtils]: 27: Hoare triple {1063#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1063#false} is VALID [2022-02-20 18:12:00,787 INFO L290 TraceCheckUtils]: 28: Hoare triple {1063#false} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {1063#false} is VALID [2022-02-20 18:12:00,788 INFO L290 TraceCheckUtils]: 29: Hoare triple {1063#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {1063#false} is VALID [2022-02-20 18:12:00,788 INFO L272 TraceCheckUtils]: 30: Hoare triple {1063#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {1062#true} is VALID [2022-02-20 18:12:00,788 INFO L290 TraceCheckUtils]: 31: Hoare triple {1062#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1062#true} is VALID [2022-02-20 18:12:00,788 INFO L290 TraceCheckUtils]: 32: Hoare triple {1062#true} assume true; {1062#true} is VALID [2022-02-20 18:12:00,788 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {1062#true} {1063#false} #228#return; {1063#false} is VALID [2022-02-20 18:12:00,788 INFO L290 TraceCheckUtils]: 34: Hoare triple {1063#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {1063#false} is VALID [2022-02-20 18:12:00,789 INFO L290 TraceCheckUtils]: 35: Hoare triple {1063#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {1063#false} is VALID [2022-02-20 18:12:00,789 INFO L290 TraceCheckUtils]: 36: Hoare triple {1063#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {1063#false} is VALID [2022-02-20 18:12:00,789 INFO L290 TraceCheckUtils]: 37: Hoare triple {1063#false} assume !false; {1063#false} is VALID [2022-02-20 18:12:00,789 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:00,789 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:00,790 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1669023203] [2022-02-20 18:12:00,790 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1669023203] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:00,790 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:00,790 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:00,790 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1515357471] [2022-02-20 18:12:00,790 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:00,791 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 38 [2022-02-20 18:12:00,791 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:00,791 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:00,813 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:00,813 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:00,814 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:00,814 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:00,814 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:00,815 INFO L87 Difference]: Start difference. First operand 75 states and 95 transitions. Second operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:00,882 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,882 INFO L93 Difference]: Finished difference Result 115 states and 145 transitions. [2022-02-20 18:12:00,882 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:00,883 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 38 [2022-02-20 18:12:00,883 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:00,883 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:00,885 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 145 transitions. [2022-02-20 18:12:00,885 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:00,887 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 145 transitions. [2022-02-20 18:12:00,887 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 145 transitions. [2022-02-20 18:12:00,974 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 145 edges. 145 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:00,975 INFO L225 Difference]: With dead ends: 115 [2022-02-20 18:12:00,975 INFO L226 Difference]: Without dead ends: 66 [2022-02-20 18:12:00,976 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:00,977 INFO L933 BasicCegarLoop]: 82 mSDtfsCounter, 12 mSDsluCounter, 66 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 148 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:00,977 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 148 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:00,978 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 66 states. [2022-02-20 18:12:00,981 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 66 to 66. [2022-02-20 18:12:00,981 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:00,981 INFO L82 GeneralOperation]: Start isEquivalent. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.3018867924528301) internal successors, (69), 58 states have internal predecessors, (69), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:12:00,981 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.3018867924528301) internal successors, (69), 58 states have internal predecessors, (69), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:12:00,982 INFO L87 Difference]: Start difference. First operand 66 states. Second operand has 66 states, 53 states have (on average 1.3018867924528301) internal successors, (69), 58 states have internal predecessors, (69), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:12:00,983 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,984 INFO L93 Difference]: Finished difference Result 66 states and 83 transitions. [2022-02-20 18:12:00,984 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 83 transitions. [2022-02-20 18:12:00,984 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:00,984 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:00,984 INFO L74 IsIncluded]: Start isIncluded. First operand has 66 states, 53 states have (on average 1.3018867924528301) internal successors, (69), 58 states have internal predecessors, (69), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 66 states. [2022-02-20 18:12:00,985 INFO L87 Difference]: Start difference. First operand has 66 states, 53 states have (on average 1.3018867924528301) internal successors, (69), 58 states have internal predecessors, (69), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 66 states. [2022-02-20 18:12:00,986 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:00,986 INFO L93 Difference]: Finished difference Result 66 states and 83 transitions. [2022-02-20 18:12:00,987 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 83 transitions. [2022-02-20 18:12:00,987 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:00,987 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:00,987 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:00,987 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:00,987 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 53 states have (on average 1.3018867924528301) internal successors, (69), 58 states have internal predecessors, (69), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:12:00,989 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 83 transitions. [2022-02-20 18:12:00,989 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 83 transitions. Word has length 38 [2022-02-20 18:12:00,989 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:00,989 INFO L470 AbstractCegarLoop]: Abstraction has 66 states and 83 transitions. [2022-02-20 18:12:00,990 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:00,990 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 83 transitions. [2022-02-20 18:12:00,990 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:12:00,990 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:00,990 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:00,991 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:12:00,991 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:00,991 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:00,991 INFO L85 PathProgramCache]: Analyzing trace with hash -611781306, now seen corresponding path program 1 times [2022-02-20 18:12:00,992 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:00,992 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [715799922] [2022-02-20 18:12:00,992 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:00,992 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:01,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:01,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {1469#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1469#true} is VALID [2022-02-20 18:12:01,037 INFO L290 TraceCheckUtils]: 1: Hoare triple {1469#true} assume true; {1469#true} is VALID [2022-02-20 18:12:01,038 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1469#true} {1471#(= ~pumpRunning~0 0)} #222#return; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:12:01,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {1469#true} assume true; {1469#true} is VALID [2022-02-20 18:12:01,041 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1469#true} {1470#false} #226#return; {1470#false} is VALID [2022-02-20 18:12:01,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 34 [2022-02-20 18:12:01,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {1469#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1469#true} is VALID [2022-02-20 18:12:01,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {1469#true} assume true; {1469#true} is VALID [2022-02-20 18:12:01,044 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1469#true} {1470#false} #228#return; {1470#false} is VALID [2022-02-20 18:12:01,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {1469#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {1471#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {1471#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,046 INFO L290 TraceCheckUtils]: 3: Hoare triple {1471#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,046 INFO L290 TraceCheckUtils]: 4: Hoare triple {1471#(= ~pumpRunning~0 0)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,046 INFO L290 TraceCheckUtils]: 5: Hoare triple {1471#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,047 INFO L290 TraceCheckUtils]: 6: Hoare triple {1471#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,047 INFO L290 TraceCheckUtils]: 7: Hoare triple {1471#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,047 INFO L290 TraceCheckUtils]: 8: Hoare triple {1471#(= ~pumpRunning~0 0)} assume !false; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,048 INFO L290 TraceCheckUtils]: 9: Hoare triple {1471#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,048 INFO L290 TraceCheckUtils]: 10: Hoare triple {1471#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,048 INFO L290 TraceCheckUtils]: 11: Hoare triple {1471#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~5#1); {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,049 INFO L290 TraceCheckUtils]: 12: Hoare triple {1471#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,049 INFO L290 TraceCheckUtils]: 13: Hoare triple {1471#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~2#1); {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,049 INFO L290 TraceCheckUtils]: 14: Hoare triple {1471#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,050 INFO L290 TraceCheckUtils]: 15: Hoare triple {1471#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,050 INFO L272 TraceCheckUtils]: 16: Hoare triple {1471#(= ~pumpRunning~0 0)} call timeShift(); {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,051 INFO L290 TraceCheckUtils]: 17: Hoare triple {1471#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,051 INFO L272 TraceCheckUtils]: 18: Hoare triple {1471#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {1469#true} is VALID [2022-02-20 18:12:01,051 INFO L290 TraceCheckUtils]: 19: Hoare triple {1469#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1469#true} is VALID [2022-02-20 18:12:01,051 INFO L290 TraceCheckUtils]: 20: Hoare triple {1469#true} assume true; {1469#true} is VALID [2022-02-20 18:12:01,052 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {1469#true} {1471#(= ~pumpRunning~0 0)} #222#return; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,052 INFO L290 TraceCheckUtils]: 22: Hoare triple {1471#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,052 INFO L290 TraceCheckUtils]: 23: Hoare triple {1471#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,053 INFO L290 TraceCheckUtils]: 24: Hoare triple {1471#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,053 INFO L290 TraceCheckUtils]: 25: Hoare triple {1471#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {1471#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,054 INFO L290 TraceCheckUtils]: 26: Hoare triple {1471#(= ~pumpRunning~0 0)} assume !(0 == ~pumpRunning~0); {1470#false} is VALID [2022-02-20 18:12:01,054 INFO L272 TraceCheckUtils]: 27: Hoare triple {1470#false} call processEnvironment__wrappee__base(); {1469#true} is VALID [2022-02-20 18:12:01,054 INFO L290 TraceCheckUtils]: 28: Hoare triple {1469#true} assume true; {1469#true} is VALID [2022-02-20 18:12:01,054 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {1469#true} {1470#false} #226#return; {1470#false} is VALID [2022-02-20 18:12:01,054 INFO L290 TraceCheckUtils]: 30: Hoare triple {1470#false} assume { :end_inline_processEnvironment } true; {1470#false} is VALID [2022-02-20 18:12:01,054 INFO L290 TraceCheckUtils]: 31: Hoare triple {1470#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {1470#false} is VALID [2022-02-20 18:12:01,055 INFO L290 TraceCheckUtils]: 32: Hoare triple {1470#false} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {1470#false} is VALID [2022-02-20 18:12:01,055 INFO L290 TraceCheckUtils]: 33: Hoare triple {1470#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {1470#false} is VALID [2022-02-20 18:12:01,055 INFO L272 TraceCheckUtils]: 34: Hoare triple {1470#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {1469#true} is VALID [2022-02-20 18:12:01,055 INFO L290 TraceCheckUtils]: 35: Hoare triple {1469#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1469#true} is VALID [2022-02-20 18:12:01,055 INFO L290 TraceCheckUtils]: 36: Hoare triple {1469#true} assume true; {1469#true} is VALID [2022-02-20 18:12:01,055 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {1469#true} {1470#false} #228#return; {1470#false} is VALID [2022-02-20 18:12:01,056 INFO L290 TraceCheckUtils]: 38: Hoare triple {1470#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {1470#false} is VALID [2022-02-20 18:12:01,056 INFO L290 TraceCheckUtils]: 39: Hoare triple {1470#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {1470#false} is VALID [2022-02-20 18:12:01,056 INFO L290 TraceCheckUtils]: 40: Hoare triple {1470#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {1470#false} is VALID [2022-02-20 18:12:01,056 INFO L290 TraceCheckUtils]: 41: Hoare triple {1470#false} assume !false; {1470#false} is VALID [2022-02-20 18:12:01,056 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:01,057 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:01,057 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [715799922] [2022-02-20 18:12:01,057 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [715799922] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:01,057 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:01,057 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:01,057 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [822337316] [2022-02-20 18:12:01,057 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:01,058 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 42 [2022-02-20 18:12:01,058 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:01,058 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:01,083 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:01,083 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:01,083 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:01,084 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:01,084 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:01,084 INFO L87 Difference]: Start difference. First operand 66 states and 83 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:01,154 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:01,154 INFO L93 Difference]: Finished difference Result 168 states and 216 transitions. [2022-02-20 18:12:01,154 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:01,155 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 42 [2022-02-20 18:12:01,155 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:01,155 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:01,158 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 216 transitions. [2022-02-20 18:12:01,158 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:01,160 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 216 transitions. [2022-02-20 18:12:01,160 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 216 transitions. [2022-02-20 18:12:01,313 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 216 edges. 216 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:01,315 INFO L225 Difference]: With dead ends: 168 [2022-02-20 18:12:01,316 INFO L226 Difference]: Without dead ends: 110 [2022-02-20 18:12:01,316 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:01,317 INFO L933 BasicCegarLoop]: 92 mSDtfsCounter, 52 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 7 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 52 SdHoareTripleChecker+Valid, 148 SdHoareTripleChecker+Invalid, 10 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 7 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:01,318 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [52 Valid, 148 Invalid, 10 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 7 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:01,318 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 110 states. [2022-02-20 18:12:01,324 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 110 to 108. [2022-02-20 18:12:01,324 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:01,324 INFO L82 GeneralOperation]: Start isEquivalent. First operand 110 states. Second operand has 108 states, 85 states have (on average 1.2941176470588236) internal successors, (110), 92 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,325 INFO L74 IsIncluded]: Start isIncluded. First operand 110 states. Second operand has 108 states, 85 states have (on average 1.2941176470588236) internal successors, (110), 92 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,325 INFO L87 Difference]: Start difference. First operand 110 states. Second operand has 108 states, 85 states have (on average 1.2941176470588236) internal successors, (110), 92 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,328 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:01,328 INFO L93 Difference]: Finished difference Result 110 states and 137 transitions. [2022-02-20 18:12:01,328 INFO L276 IsEmpty]: Start isEmpty. Operand 110 states and 137 transitions. [2022-02-20 18:12:01,329 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:01,329 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:01,329 INFO L74 IsIncluded]: Start isIncluded. First operand has 108 states, 85 states have (on average 1.2941176470588236) internal successors, (110), 92 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 110 states. [2022-02-20 18:12:01,329 INFO L87 Difference]: Start difference. First operand has 108 states, 85 states have (on average 1.2941176470588236) internal successors, (110), 92 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 110 states. [2022-02-20 18:12:01,332 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:01,332 INFO L93 Difference]: Finished difference Result 110 states and 137 transitions. [2022-02-20 18:12:01,332 INFO L276 IsEmpty]: Start isEmpty. Operand 110 states and 137 transitions. [2022-02-20 18:12:01,333 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:01,333 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:01,333 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:01,333 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:01,334 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 108 states, 85 states have (on average 1.2941176470588236) internal successors, (110), 92 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,336 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 108 states to 108 states and 136 transitions. [2022-02-20 18:12:01,336 INFO L78 Accepts]: Start accepts. Automaton has 108 states and 136 transitions. Word has length 42 [2022-02-20 18:12:01,336 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:01,337 INFO L470 AbstractCegarLoop]: Abstraction has 108 states and 136 transitions. [2022-02-20 18:12:01,337 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:01,337 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 136 transitions. [2022-02-20 18:12:01,337 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-02-20 18:12:01,338 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:01,338 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:01,338 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:12:01,338 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:01,338 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:01,339 INFO L85 PathProgramCache]: Analyzing trace with hash -1086611922, now seen corresponding path program 1 times [2022-02-20 18:12:01,339 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:01,339 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [427693258] [2022-02-20 18:12:01,339 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:01,339 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:01,360 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:01,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,398 INFO L290 TraceCheckUtils]: 0: Hoare triple {2092#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2092#true} is VALID [2022-02-20 18:12:01,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {2092#true} assume true; {2092#true} is VALID [2022-02-20 18:12:01,399 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2092#true} {2094#(= ~pumpRunning~0 0)} #222#return; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:12:01,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,402 INFO L290 TraceCheckUtils]: 0: Hoare triple {2092#true} assume true; {2092#true} is VALID [2022-02-20 18:12:01,402 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {2092#true} {2094#(= ~pumpRunning~0 0)} #224#return; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,402 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:12:01,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,426 INFO L290 TraceCheckUtils]: 0: Hoare triple {2092#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:01,426 INFO L290 TraceCheckUtils]: 1: Hoare triple {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:01,427 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} {2094#(= ~pumpRunning~0 0)} #228#return; {2103#(= |timeShift___utac_acc__Specification5_spec__3_#t~ret6#1| 0)} is VALID [2022-02-20 18:12:01,428 INFO L290 TraceCheckUtils]: 0: Hoare triple {2092#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,428 INFO L290 TraceCheckUtils]: 1: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,428 INFO L290 TraceCheckUtils]: 2: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,429 INFO L290 TraceCheckUtils]: 3: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,429 INFO L290 TraceCheckUtils]: 4: Hoare triple {2094#(= ~pumpRunning~0 0)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,429 INFO L290 TraceCheckUtils]: 5: Hoare triple {2094#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,430 INFO L290 TraceCheckUtils]: 6: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,430 INFO L290 TraceCheckUtils]: 7: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,430 INFO L290 TraceCheckUtils]: 8: Hoare triple {2094#(= ~pumpRunning~0 0)} assume !false; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,431 INFO L290 TraceCheckUtils]: 9: Hoare triple {2094#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,431 INFO L290 TraceCheckUtils]: 10: Hoare triple {2094#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,431 INFO L290 TraceCheckUtils]: 11: Hoare triple {2094#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~5#1); {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,432 INFO L290 TraceCheckUtils]: 12: Hoare triple {2094#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,432 INFO L290 TraceCheckUtils]: 13: Hoare triple {2094#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~2#1); {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,432 INFO L290 TraceCheckUtils]: 14: Hoare triple {2094#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,433 INFO L290 TraceCheckUtils]: 15: Hoare triple {2094#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,433 INFO L272 TraceCheckUtils]: 16: Hoare triple {2094#(= ~pumpRunning~0 0)} call timeShift(); {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,434 INFO L290 TraceCheckUtils]: 17: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,434 INFO L272 TraceCheckUtils]: 18: Hoare triple {2094#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {2092#true} is VALID [2022-02-20 18:12:01,434 INFO L290 TraceCheckUtils]: 19: Hoare triple {2092#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2092#true} is VALID [2022-02-20 18:12:01,434 INFO L290 TraceCheckUtils]: 20: Hoare triple {2092#true} assume true; {2092#true} is VALID [2022-02-20 18:12:01,435 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {2092#true} {2094#(= ~pumpRunning~0 0)} #222#return; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,435 INFO L290 TraceCheckUtils]: 22: Hoare triple {2094#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,435 INFO L290 TraceCheckUtils]: 23: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,436 INFO L290 TraceCheckUtils]: 24: Hoare triple {2094#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,436 INFO L290 TraceCheckUtils]: 25: Hoare triple {2094#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,436 INFO L290 TraceCheckUtils]: 26: Hoare triple {2094#(= ~pumpRunning~0 0)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,437 INFO L290 TraceCheckUtils]: 27: Hoare triple {2094#(= ~pumpRunning~0 0)} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,437 INFO L290 TraceCheckUtils]: 28: Hoare triple {2094#(= ~pumpRunning~0 0)} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,437 INFO L290 TraceCheckUtils]: 29: Hoare triple {2094#(= ~pumpRunning~0 0)} assume 0 != isHighWaterLevel_~tmp~4#1;isHighWaterLevel_~tmp___0~1#1 := 0; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,438 INFO L290 TraceCheckUtils]: 30: Hoare triple {2094#(= ~pumpRunning~0 0)} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,438 INFO L290 TraceCheckUtils]: 31: Hoare triple {2094#(= ~pumpRunning~0 0)} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,439 INFO L290 TraceCheckUtils]: 32: Hoare triple {2094#(= ~pumpRunning~0 0)} assume !(0 != processEnvironment_~tmp~2#1); {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,439 INFO L272 TraceCheckUtils]: 33: Hoare triple {2094#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {2092#true} is VALID [2022-02-20 18:12:01,439 INFO L290 TraceCheckUtils]: 34: Hoare triple {2092#true} assume true; {2092#true} is VALID [2022-02-20 18:12:01,439 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {2092#true} {2094#(= ~pumpRunning~0 0)} #224#return; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,440 INFO L290 TraceCheckUtils]: 36: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,440 INFO L290 TraceCheckUtils]: 37: Hoare triple {2094#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,440 INFO L290 TraceCheckUtils]: 38: Hoare triple {2094#(= ~pumpRunning~0 0)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,441 INFO L290 TraceCheckUtils]: 39: Hoare triple {2094#(= ~pumpRunning~0 0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {2094#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:01,441 INFO L272 TraceCheckUtils]: 40: Hoare triple {2094#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {2092#true} is VALID [2022-02-20 18:12:01,441 INFO L290 TraceCheckUtils]: 41: Hoare triple {2092#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:01,442 INFO L290 TraceCheckUtils]: 42: Hoare triple {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:01,442 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {2105#(= ~pumpRunning~0 |isPumpRunning_#res|)} {2094#(= ~pumpRunning~0 0)} #228#return; {2103#(= |timeShift___utac_acc__Specification5_spec__3_#t~ret6#1| 0)} is VALID [2022-02-20 18:12:01,443 INFO L290 TraceCheckUtils]: 44: Hoare triple {2103#(= |timeShift___utac_acc__Specification5_spec__3_#t~ret6#1| 0)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {2104#(= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:12:01,443 INFO L290 TraceCheckUtils]: 45: Hoare triple {2104#(= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {2093#false} is VALID [2022-02-20 18:12:01,443 INFO L290 TraceCheckUtils]: 46: Hoare triple {2093#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {2093#false} is VALID [2022-02-20 18:12:01,443 INFO L290 TraceCheckUtils]: 47: Hoare triple {2093#false} assume !false; {2093#false} is VALID [2022-02-20 18:12:01,444 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-02-20 18:12:01,444 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:01,444 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [427693258] [2022-02-20 18:12:01,445 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [427693258] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:01,445 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:01,445 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:12:01,445 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1703702743] [2022-02-20 18:12:01,445 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:01,446 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 5 states have internal predecessors, (41), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 48 [2022-02-20 18:12:01,446 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:01,446 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 5 states have internal predecessors, (41), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:01,475 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:01,476 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:12:01,476 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:01,476 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:12:01,476 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:12:01,477 INFO L87 Difference]: Start difference. First operand 108 states and 136 transitions. Second operand has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 5 states have internal predecessors, (41), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:01,729 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:01,729 INFO L93 Difference]: Finished difference Result 213 states and 272 transitions. [2022-02-20 18:12:01,729 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:12:01,730 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 5 states have internal predecessors, (41), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 48 [2022-02-20 18:12:01,730 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:01,730 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 5 states have internal predecessors, (41), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:01,733 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 219 transitions. [2022-02-20 18:12:01,734 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 5 states have internal predecessors, (41), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:01,736 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 219 transitions. [2022-02-20 18:12:01,737 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 219 transitions. [2022-02-20 18:12:01,877 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 219 edges. 219 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:01,879 INFO L225 Difference]: With dead ends: 213 [2022-02-20 18:12:01,879 INFO L226 Difference]: Without dead ends: 113 [2022-02-20 18:12:01,879 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:12:01,880 INFO L933 BasicCegarLoop]: 94 mSDtfsCounter, 36 mSDsluCounter, 306 mSDsCounter, 0 mSdLazyCounter, 50 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 400 SdHoareTripleChecker+Invalid, 54 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 50 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:01,881 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [37 Valid, 400 Invalid, 54 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 50 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:01,881 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 113 states. [2022-02-20 18:12:01,886 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 113 to 107. [2022-02-20 18:12:01,887 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:01,887 INFO L82 GeneralOperation]: Start isEquivalent. First operand 113 states. Second operand has 107 states, 84 states have (on average 1.2738095238095237) internal successors, (107), 91 states have internal predecessors, (107), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,887 INFO L74 IsIncluded]: Start isIncluded. First operand 113 states. Second operand has 107 states, 84 states have (on average 1.2738095238095237) internal successors, (107), 91 states have internal predecessors, (107), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,888 INFO L87 Difference]: Start difference. First operand 113 states. Second operand has 107 states, 84 states have (on average 1.2738095238095237) internal successors, (107), 91 states have internal predecessors, (107), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,890 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:01,890 INFO L93 Difference]: Finished difference Result 113 states and 141 transitions. [2022-02-20 18:12:01,891 INFO L276 IsEmpty]: Start isEmpty. Operand 113 states and 141 transitions. [2022-02-20 18:12:01,891 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:01,891 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:01,891 INFO L74 IsIncluded]: Start isIncluded. First operand has 107 states, 84 states have (on average 1.2738095238095237) internal successors, (107), 91 states have internal predecessors, (107), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 113 states. [2022-02-20 18:12:01,892 INFO L87 Difference]: Start difference. First operand has 107 states, 84 states have (on average 1.2738095238095237) internal successors, (107), 91 states have internal predecessors, (107), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 113 states. [2022-02-20 18:12:01,894 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:01,894 INFO L93 Difference]: Finished difference Result 113 states and 141 transitions. [2022-02-20 18:12:01,894 INFO L276 IsEmpty]: Start isEmpty. Operand 113 states and 141 transitions. [2022-02-20 18:12:01,895 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:01,895 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:01,895 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:01,895 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:01,895 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 107 states, 84 states have (on average 1.2738095238095237) internal successors, (107), 91 states have internal predecessors, (107), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:01,898 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 107 states to 107 states and 133 transitions. [2022-02-20 18:12:01,898 INFO L78 Accepts]: Start accepts. Automaton has 107 states and 133 transitions. Word has length 48 [2022-02-20 18:12:01,898 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:01,898 INFO L470 AbstractCegarLoop]: Abstraction has 107 states and 133 transitions. [2022-02-20 18:12:01,898 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 5 states have internal predecessors, (41), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:01,898 INFO L276 IsEmpty]: Start isEmpty. Operand 107 states and 133 transitions. [2022-02-20 18:12:01,899 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:12:01,899 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:01,899 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:01,899 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:12:01,899 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:01,900 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:01,900 INFO L85 PathProgramCache]: Analyzing trace with hash -1241687140, now seen corresponding path program 1 times [2022-02-20 18:12:01,900 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:01,900 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [69834781] [2022-02-20 18:12:01,900 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:01,900 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:01,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:01,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,944 INFO L290 TraceCheckUtils]: 0: Hoare triple {2792#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2792#true} is VALID [2022-02-20 18:12:01,944 INFO L290 TraceCheckUtils]: 1: Hoare triple {2792#true} assume true; {2792#true} is VALID [2022-02-20 18:12:01,944 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2792#true} {2792#true} #222#return; {2792#true} is VALID [2022-02-20 18:12:01,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 18:12:01,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:01,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {2792#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2792#true} is VALID [2022-02-20 18:12:01,947 INFO L290 TraceCheckUtils]: 1: Hoare triple {2792#true} assume true; {2792#true} is VALID [2022-02-20 18:12:01,947 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2792#true} {2793#false} #228#return; {2793#false} is VALID [2022-02-20 18:12:01,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {2792#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {2792#true} is VALID [2022-02-20 18:12:01,947 INFO L290 TraceCheckUtils]: 1: Hoare triple {2792#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2792#true} is VALID [2022-02-20 18:12:01,947 INFO L290 TraceCheckUtils]: 2: Hoare triple {2792#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2792#true} is VALID [2022-02-20 18:12:01,947 INFO L290 TraceCheckUtils]: 3: Hoare triple {2792#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {2792#true} is VALID [2022-02-20 18:12:01,948 INFO L290 TraceCheckUtils]: 4: Hoare triple {2792#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2792#true} is VALID [2022-02-20 18:12:01,948 INFO L290 TraceCheckUtils]: 5: Hoare triple {2792#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {2792#true} is VALID [2022-02-20 18:12:01,948 INFO L290 TraceCheckUtils]: 6: Hoare triple {2792#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {2792#true} is VALID [2022-02-20 18:12:01,948 INFO L290 TraceCheckUtils]: 7: Hoare triple {2792#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2792#true} is VALID [2022-02-20 18:12:01,948 INFO L290 TraceCheckUtils]: 8: Hoare triple {2792#true} assume !false; {2792#true} is VALID [2022-02-20 18:12:01,948 INFO L290 TraceCheckUtils]: 9: Hoare triple {2792#true} assume test_~splverifierCounter~0#1 < 4; {2792#true} is VALID [2022-02-20 18:12:01,948 INFO L290 TraceCheckUtils]: 10: Hoare triple {2792#true} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L290 TraceCheckUtils]: 11: Hoare triple {2792#true} assume !(0 != test_~tmp~5#1); {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L290 TraceCheckUtils]: 12: Hoare triple {2792#true} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L290 TraceCheckUtils]: 13: Hoare triple {2792#true} assume !(0 != test_~tmp___0~2#1); {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L290 TraceCheckUtils]: 14: Hoare triple {2792#true} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L290 TraceCheckUtils]: 15: Hoare triple {2792#true} assume 0 != test_~tmp___2~0#1; {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L272 TraceCheckUtils]: 16: Hoare triple {2792#true} call timeShift(); {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L290 TraceCheckUtils]: 17: Hoare triple {2792#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {2792#true} is VALID [2022-02-20 18:12:01,949 INFO L272 TraceCheckUtils]: 18: Hoare triple {2792#true} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L290 TraceCheckUtils]: 19: Hoare triple {2792#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L290 TraceCheckUtils]: 20: Hoare triple {2792#true} assume true; {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {2792#true} {2792#true} #222#return; {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L290 TraceCheckUtils]: 22: Hoare triple {2792#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L290 TraceCheckUtils]: 23: Hoare triple {2792#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L290 TraceCheckUtils]: 24: Hoare triple {2792#true} assume !(0 != ~pumpRunning~0); {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L290 TraceCheckUtils]: 25: Hoare triple {2792#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {2792#true} is VALID [2022-02-20 18:12:01,950 INFO L290 TraceCheckUtils]: 26: Hoare triple {2792#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {2792#true} is VALID [2022-02-20 18:12:01,951 INFO L290 TraceCheckUtils]: 27: Hoare triple {2792#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {2792#true} is VALID [2022-02-20 18:12:01,951 INFO L290 TraceCheckUtils]: 28: Hoare triple {2792#true} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {2792#true} is VALID [2022-02-20 18:12:01,951 INFO L290 TraceCheckUtils]: 29: Hoare triple {2792#true} assume 0 != isHighWaterLevel_~tmp~4#1;isHighWaterLevel_~tmp___0~1#1 := 0; {2797#(= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0)} is VALID [2022-02-20 18:12:01,952 INFO L290 TraceCheckUtils]: 30: Hoare triple {2797#(= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0)} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {2798#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:12:01,952 INFO L290 TraceCheckUtils]: 31: Hoare triple {2798#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {2799#(= |timeShift_processEnvironment_~tmp~2#1| 0)} is VALID [2022-02-20 18:12:01,953 INFO L290 TraceCheckUtils]: 32: Hoare triple {2799#(= |timeShift_processEnvironment_~tmp~2#1| 0)} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {2793#false} is VALID [2022-02-20 18:12:01,953 INFO L290 TraceCheckUtils]: 33: Hoare triple {2793#false} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {2793#false} is VALID [2022-02-20 18:12:01,953 INFO L290 TraceCheckUtils]: 34: Hoare triple {2793#false} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {2793#false} is VALID [2022-02-20 18:12:01,953 INFO L290 TraceCheckUtils]: 35: Hoare triple {2793#false} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {2793#false} is VALID [2022-02-20 18:12:01,953 INFO L290 TraceCheckUtils]: 36: Hoare triple {2793#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {2793#false} is VALID [2022-02-20 18:12:01,953 INFO L290 TraceCheckUtils]: 37: Hoare triple {2793#false} assume { :end_inline_activatePump } true; {2793#false} is VALID [2022-02-20 18:12:01,953 INFO L290 TraceCheckUtils]: 38: Hoare triple {2793#false} assume { :end_inline_processEnvironment } true; {2793#false} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 39: Hoare triple {2793#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {2793#false} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 40: Hoare triple {2793#false} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {2793#false} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 41: Hoare triple {2793#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {2793#false} is VALID [2022-02-20 18:12:01,954 INFO L272 TraceCheckUtils]: 42: Hoare triple {2793#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {2792#true} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 43: Hoare triple {2792#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2792#true} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 44: Hoare triple {2792#true} assume true; {2792#true} is VALID [2022-02-20 18:12:01,954 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {2792#true} {2793#false} #228#return; {2793#false} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 46: Hoare triple {2793#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {2793#false} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 47: Hoare triple {2793#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {2793#false} is VALID [2022-02-20 18:12:01,954 INFO L290 TraceCheckUtils]: 48: Hoare triple {2793#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {2793#false} is VALID [2022-02-20 18:12:01,955 INFO L290 TraceCheckUtils]: 49: Hoare triple {2793#false} assume !false; {2793#false} is VALID [2022-02-20 18:12:01,959 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:01,959 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:01,959 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [69834781] [2022-02-20 18:12:01,959 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [69834781] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:01,959 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:01,959 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:12:01,959 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1146745947] [2022-02-20 18:12:01,959 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:01,960 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:01,960 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:01,960 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,000 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:02,000 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:12:02,000 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:02,001 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:12:02,001 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:12:02,001 INFO L87 Difference]: Start difference. First operand 107 states and 133 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,173 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:02,173 INFO L93 Difference]: Finished difference Result 230 states and 294 transitions. [2022-02-20 18:12:02,173 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:12:02,173 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:02,174 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:02,174 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,177 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 189 transitions. [2022-02-20 18:12:02,178 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,191 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 189 transitions. [2022-02-20 18:12:02,191 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 189 transitions. [2022-02-20 18:12:02,312 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 189 edges. 189 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:02,314 INFO L225 Difference]: With dead ends: 230 [2022-02-20 18:12:02,314 INFO L226 Difference]: Without dead ends: 131 [2022-02-20 18:12:02,315 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:12:02,316 INFO L933 BasicCegarLoop]: 94 mSDtfsCounter, 35 mSDsluCounter, 248 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 342 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:02,316 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [37 Valid, 342 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:02,317 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 131 states. [2022-02-20 18:12:02,322 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 131 to 110. [2022-02-20 18:12:02,323 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:02,323 INFO L82 GeneralOperation]: Start isEquivalent. First operand 131 states. Second operand has 110 states, 87 states have (on average 1.264367816091954) internal successors, (110), 94 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,323 INFO L74 IsIncluded]: Start isIncluded. First operand 131 states. Second operand has 110 states, 87 states have (on average 1.264367816091954) internal successors, (110), 94 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,324 INFO L87 Difference]: Start difference. First operand 131 states. Second operand has 110 states, 87 states have (on average 1.264367816091954) internal successors, (110), 94 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,327 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:02,327 INFO L93 Difference]: Finished difference Result 131 states and 164 transitions. [2022-02-20 18:12:02,327 INFO L276 IsEmpty]: Start isEmpty. Operand 131 states and 164 transitions. [2022-02-20 18:12:02,327 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:02,327 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:02,328 INFO L74 IsIncluded]: Start isIncluded. First operand has 110 states, 87 states have (on average 1.264367816091954) internal successors, (110), 94 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 131 states. [2022-02-20 18:12:02,328 INFO L87 Difference]: Start difference. First operand has 110 states, 87 states have (on average 1.264367816091954) internal successors, (110), 94 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 131 states. [2022-02-20 18:12:02,331 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:02,331 INFO L93 Difference]: Finished difference Result 131 states and 164 transitions. [2022-02-20 18:12:02,331 INFO L276 IsEmpty]: Start isEmpty. Operand 131 states and 164 transitions. [2022-02-20 18:12:02,332 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:02,332 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:02,332 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:02,332 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:02,333 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 110 states, 87 states have (on average 1.264367816091954) internal successors, (110), 94 states have internal predecessors, (110), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,335 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 110 states to 110 states and 136 transitions. [2022-02-20 18:12:02,335 INFO L78 Accepts]: Start accepts. Automaton has 110 states and 136 transitions. Word has length 50 [2022-02-20 18:12:02,335 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:02,335 INFO L470 AbstractCegarLoop]: Abstraction has 110 states and 136 transitions. [2022-02-20 18:12:02,335 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,336 INFO L276 IsEmpty]: Start isEmpty. Operand 110 states and 136 transitions. [2022-02-20 18:12:02,336 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:12:02,336 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:02,336 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:02,336 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:12:02,337 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:02,337 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:02,337 INFO L85 PathProgramCache]: Analyzing trace with hash -818985314, now seen corresponding path program 1 times [2022-02-20 18:12:02,337 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:02,337 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [512030609] [2022-02-20 18:12:02,337 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:02,337 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:02,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:02,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:02,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:02,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {3552#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {3552#true} is VALID [2022-02-20 18:12:02,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {3552#true} assume true; {3552#true} is VALID [2022-02-20 18:12:02,386 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3552#true} {3554#(= 1 ~systemActive~0)} #222#return; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 18:12:02,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:02,388 INFO L290 TraceCheckUtils]: 0: Hoare triple {3552#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {3552#true} is VALID [2022-02-20 18:12:02,389 INFO L290 TraceCheckUtils]: 1: Hoare triple {3552#true} assume true; {3552#true} is VALID [2022-02-20 18:12:02,389 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3552#true} {3553#false} #228#return; {3553#false} is VALID [2022-02-20 18:12:02,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {3552#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {3554#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,391 INFO L290 TraceCheckUtils]: 2: Hoare triple {3554#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,392 INFO L290 TraceCheckUtils]: 3: Hoare triple {3554#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,392 INFO L290 TraceCheckUtils]: 4: Hoare triple {3554#(= 1 ~systemActive~0)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,393 INFO L290 TraceCheckUtils]: 5: Hoare triple {3554#(= 1 ~systemActive~0)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,393 INFO L290 TraceCheckUtils]: 6: Hoare triple {3554#(= 1 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,393 INFO L290 TraceCheckUtils]: 7: Hoare triple {3554#(= 1 ~systemActive~0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,394 INFO L290 TraceCheckUtils]: 8: Hoare triple {3554#(= 1 ~systemActive~0)} assume !false; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,394 INFO L290 TraceCheckUtils]: 9: Hoare triple {3554#(= 1 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,394 INFO L290 TraceCheckUtils]: 10: Hoare triple {3554#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,395 INFO L290 TraceCheckUtils]: 11: Hoare triple {3554#(= 1 ~systemActive~0)} assume !(0 != test_~tmp~5#1); {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,395 INFO L290 TraceCheckUtils]: 12: Hoare triple {3554#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,395 INFO L290 TraceCheckUtils]: 13: Hoare triple {3554#(= 1 ~systemActive~0)} assume !(0 != test_~tmp___0~2#1); {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,396 INFO L290 TraceCheckUtils]: 14: Hoare triple {3554#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,396 INFO L290 TraceCheckUtils]: 15: Hoare triple {3554#(= 1 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,397 INFO L272 TraceCheckUtils]: 16: Hoare triple {3554#(= 1 ~systemActive~0)} call timeShift(); {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,397 INFO L290 TraceCheckUtils]: 17: Hoare triple {3554#(= 1 ~systemActive~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,397 INFO L272 TraceCheckUtils]: 18: Hoare triple {3554#(= 1 ~systemActive~0)} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {3552#true} is VALID [2022-02-20 18:12:02,397 INFO L290 TraceCheckUtils]: 19: Hoare triple {3552#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {3552#true} is VALID [2022-02-20 18:12:02,397 INFO L290 TraceCheckUtils]: 20: Hoare triple {3552#true} assume true; {3552#true} is VALID [2022-02-20 18:12:02,398 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {3552#true} {3554#(= 1 ~systemActive~0)} #222#return; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,398 INFO L290 TraceCheckUtils]: 22: Hoare triple {3554#(= 1 ~systemActive~0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,399 INFO L290 TraceCheckUtils]: 23: Hoare triple {3554#(= 1 ~systemActive~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,399 INFO L290 TraceCheckUtils]: 24: Hoare triple {3554#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {3554#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:02,399 INFO L290 TraceCheckUtils]: 25: Hoare triple {3554#(= 1 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {3552#true} is VALID [2022-02-20 18:12:02,399 INFO L290 TraceCheckUtils]: 26: Hoare triple {3552#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {3552#true} is VALID [2022-02-20 18:12:02,400 INFO L290 TraceCheckUtils]: 27: Hoare triple {3552#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {3558#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:12:02,400 INFO L290 TraceCheckUtils]: 28: Hoare triple {3558#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {3559#(not (= |timeShift_isHighWaterLevel_~tmp~4#1| 0))} is VALID [2022-02-20 18:12:02,400 INFO L290 TraceCheckUtils]: 29: Hoare triple {3559#(not (= |timeShift_isHighWaterLevel_~tmp~4#1| 0))} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~1#1 := 1; {3553#false} is VALID [2022-02-20 18:12:02,400 INFO L290 TraceCheckUtils]: 30: Hoare triple {3553#false} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 31: Hoare triple {3553#false} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 32: Hoare triple {3553#false} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 33: Hoare triple {3553#false} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 34: Hoare triple {3553#false} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 35: Hoare triple {3553#false} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 36: Hoare triple {3553#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 37: Hoare triple {3553#false} assume { :end_inline_activatePump } true; {3553#false} is VALID [2022-02-20 18:12:02,401 INFO L290 TraceCheckUtils]: 38: Hoare triple {3553#false} assume { :end_inline_processEnvironment } true; {3553#false} is VALID [2022-02-20 18:12:02,402 INFO L290 TraceCheckUtils]: 39: Hoare triple {3553#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {3553#false} is VALID [2022-02-20 18:12:02,402 INFO L290 TraceCheckUtils]: 40: Hoare triple {3553#false} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {3553#false} is VALID [2022-02-20 18:12:02,402 INFO L290 TraceCheckUtils]: 41: Hoare triple {3553#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {3553#false} is VALID [2022-02-20 18:12:02,402 INFO L272 TraceCheckUtils]: 42: Hoare triple {3553#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {3552#true} is VALID [2022-02-20 18:12:02,402 INFO L290 TraceCheckUtils]: 43: Hoare triple {3552#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {3552#true} is VALID [2022-02-20 18:12:02,402 INFO L290 TraceCheckUtils]: 44: Hoare triple {3552#true} assume true; {3552#true} is VALID [2022-02-20 18:12:02,402 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {3552#true} {3553#false} #228#return; {3553#false} is VALID [2022-02-20 18:12:02,403 INFO L290 TraceCheckUtils]: 46: Hoare triple {3553#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {3553#false} is VALID [2022-02-20 18:12:02,403 INFO L290 TraceCheckUtils]: 47: Hoare triple {3553#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {3553#false} is VALID [2022-02-20 18:12:02,403 INFO L290 TraceCheckUtils]: 48: Hoare triple {3553#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {3553#false} is VALID [2022-02-20 18:12:02,403 INFO L290 TraceCheckUtils]: 49: Hoare triple {3553#false} assume !false; {3553#false} is VALID [2022-02-20 18:12:02,403 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:02,403 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:02,403 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [512030609] [2022-02-20 18:12:02,404 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [512030609] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:02,404 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:02,404 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:12:02,404 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1119350255] [2022-02-20 18:12:02,404 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:02,405 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:02,405 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:02,405 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,442 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:02,442 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:12:02,442 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:02,442 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:12:02,443 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:12:02,443 INFO L87 Difference]: Start difference. First operand 110 states and 136 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,633 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:02,633 INFO L93 Difference]: Finished difference Result 239 states and 304 transitions. [2022-02-20 18:12:02,633 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:12:02,633 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:02,634 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:02,634 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,636 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 196 transitions. [2022-02-20 18:12:02,636 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,638 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 196 transitions. [2022-02-20 18:12:02,638 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 196 transitions. [2022-02-20 18:12:02,764 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 196 edges. 196 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:02,766 INFO L225 Difference]: With dead ends: 239 [2022-02-20 18:12:02,766 INFO L226 Difference]: Without dead ends: 137 [2022-02-20 18:12:02,767 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:12:02,767 INFO L933 BasicCegarLoop]: 91 mSDtfsCounter, 112 mSDsluCounter, 169 mSDsCounter, 0 mSdLazyCounter, 17 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 112 SdHoareTripleChecker+Valid, 260 SdHoareTripleChecker+Invalid, 26 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 17 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:02,768 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [112 Valid, 260 Invalid, 26 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 17 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:02,768 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 137 states. [2022-02-20 18:12:02,774 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 137 to 112. [2022-02-20 18:12:02,774 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:02,775 INFO L82 GeneralOperation]: Start isEquivalent. First operand 137 states. Second operand has 112 states, 89 states have (on average 1.2584269662921348) internal successors, (112), 96 states have internal predecessors, (112), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,775 INFO L74 IsIncluded]: Start isIncluded. First operand 137 states. Second operand has 112 states, 89 states have (on average 1.2584269662921348) internal successors, (112), 96 states have internal predecessors, (112), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,775 INFO L87 Difference]: Start difference. First operand 137 states. Second operand has 112 states, 89 states have (on average 1.2584269662921348) internal successors, (112), 96 states have internal predecessors, (112), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,778 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:02,778 INFO L93 Difference]: Finished difference Result 137 states and 171 transitions. [2022-02-20 18:12:02,778 INFO L276 IsEmpty]: Start isEmpty. Operand 137 states and 171 transitions. [2022-02-20 18:12:02,779 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:02,779 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:02,779 INFO L74 IsIncluded]: Start isIncluded. First operand has 112 states, 89 states have (on average 1.2584269662921348) internal successors, (112), 96 states have internal predecessors, (112), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 137 states. [2022-02-20 18:12:02,780 INFO L87 Difference]: Start difference. First operand has 112 states, 89 states have (on average 1.2584269662921348) internal successors, (112), 96 states have internal predecessors, (112), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) Second operand 137 states. [2022-02-20 18:12:02,782 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:02,782 INFO L93 Difference]: Finished difference Result 137 states and 171 transitions. [2022-02-20 18:12:02,783 INFO L276 IsEmpty]: Start isEmpty. Operand 137 states and 171 transitions. [2022-02-20 18:12:02,783 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:02,783 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:02,783 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:02,783 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:02,783 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 112 states, 89 states have (on average 1.2584269662921348) internal successors, (112), 96 states have internal predecessors, (112), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-02-20 18:12:02,786 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 112 states to 112 states and 138 transitions. [2022-02-20 18:12:02,786 INFO L78 Accepts]: Start accepts. Automaton has 112 states and 138 transitions. Word has length 50 [2022-02-20 18:12:02,786 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:02,786 INFO L470 AbstractCegarLoop]: Abstraction has 112 states and 138 transitions. [2022-02-20 18:12:02,786 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,786 INFO L276 IsEmpty]: Start isEmpty. Operand 112 states and 138 transitions. [2022-02-20 18:12:02,787 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:12:02,787 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:02,787 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:02,787 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:12:02,787 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:02,788 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:02,788 INFO L85 PathProgramCache]: Analyzing trace with hash 1670543648, now seen corresponding path program 1 times [2022-02-20 18:12:02,788 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:02,788 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [780611223] [2022-02-20 18:12:02,788 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:02,788 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:02,804 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:02,830 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:02,831 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:02,833 INFO L290 TraceCheckUtils]: 0: Hoare triple {4342#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4342#true} is VALID [2022-02-20 18:12:02,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {4342#true} assume true; {4342#true} is VALID [2022-02-20 18:12:02,834 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4342#true} {4344#(= ~waterLevel~0 1)} #222#return; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 18:12:02,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:02,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {4342#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4342#true} is VALID [2022-02-20 18:12:02,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {4342#true} assume true; {4342#true} is VALID [2022-02-20 18:12:02,837 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4342#true} {4343#false} #228#return; {4343#false} is VALID [2022-02-20 18:12:02,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {4342#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {4344#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {4344#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,838 INFO L290 TraceCheckUtils]: 3: Hoare triple {4344#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,839 INFO L290 TraceCheckUtils]: 4: Hoare triple {4344#(= ~waterLevel~0 1)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,839 INFO L290 TraceCheckUtils]: 5: Hoare triple {4344#(= ~waterLevel~0 1)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,839 INFO L290 TraceCheckUtils]: 6: Hoare triple {4344#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,840 INFO L290 TraceCheckUtils]: 7: Hoare triple {4344#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,840 INFO L290 TraceCheckUtils]: 8: Hoare triple {4344#(= ~waterLevel~0 1)} assume !false; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,840 INFO L290 TraceCheckUtils]: 9: Hoare triple {4344#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,841 INFO L290 TraceCheckUtils]: 10: Hoare triple {4344#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,841 INFO L290 TraceCheckUtils]: 11: Hoare triple {4344#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~5#1); {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,841 INFO L290 TraceCheckUtils]: 12: Hoare triple {4344#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,842 INFO L290 TraceCheckUtils]: 13: Hoare triple {4344#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~2#1); {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,842 INFO L290 TraceCheckUtils]: 14: Hoare triple {4344#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,842 INFO L290 TraceCheckUtils]: 15: Hoare triple {4344#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,843 INFO L272 TraceCheckUtils]: 16: Hoare triple {4344#(= ~waterLevel~0 1)} call timeShift(); {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,843 INFO L290 TraceCheckUtils]: 17: Hoare triple {4344#(= ~waterLevel~0 1)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,843 INFO L272 TraceCheckUtils]: 18: Hoare triple {4344#(= ~waterLevel~0 1)} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {4342#true} is VALID [2022-02-20 18:12:02,843 INFO L290 TraceCheckUtils]: 19: Hoare triple {4342#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4342#true} is VALID [2022-02-20 18:12:02,843 INFO L290 TraceCheckUtils]: 20: Hoare triple {4342#true} assume true; {4342#true} is VALID [2022-02-20 18:12:02,844 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4342#true} {4344#(= ~waterLevel~0 1)} #222#return; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,844 INFO L290 TraceCheckUtils]: 22: Hoare triple {4344#(= ~waterLevel~0 1)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,844 INFO L290 TraceCheckUtils]: 23: Hoare triple {4344#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,845 INFO L290 TraceCheckUtils]: 24: Hoare triple {4344#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,845 INFO L290 TraceCheckUtils]: 25: Hoare triple {4344#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,845 INFO L290 TraceCheckUtils]: 26: Hoare triple {4344#(= ~waterLevel~0 1)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {4344#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:02,846 INFO L290 TraceCheckUtils]: 27: Hoare triple {4344#(= ~waterLevel~0 1)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {4343#false} is VALID [2022-02-20 18:12:02,846 INFO L290 TraceCheckUtils]: 28: Hoare triple {4343#false} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {4343#false} is VALID [2022-02-20 18:12:02,846 INFO L290 TraceCheckUtils]: 29: Hoare triple {4343#false} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~1#1 := 1; {4343#false} is VALID [2022-02-20 18:12:02,846 INFO L290 TraceCheckUtils]: 30: Hoare triple {4343#false} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {4343#false} is VALID [2022-02-20 18:12:02,846 INFO L290 TraceCheckUtils]: 31: Hoare triple {4343#false} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {4343#false} is VALID [2022-02-20 18:12:02,846 INFO L290 TraceCheckUtils]: 32: Hoare triple {4343#false} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {4343#false} is VALID [2022-02-20 18:12:02,846 INFO L290 TraceCheckUtils]: 33: Hoare triple {4343#false} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {4343#false} is VALID [2022-02-20 18:12:02,847 INFO L290 TraceCheckUtils]: 34: Hoare triple {4343#false} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {4343#false} is VALID [2022-02-20 18:12:02,847 INFO L290 TraceCheckUtils]: 35: Hoare triple {4343#false} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {4343#false} is VALID [2022-02-20 18:12:02,847 INFO L290 TraceCheckUtils]: 36: Hoare triple {4343#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {4343#false} is VALID [2022-02-20 18:12:02,847 INFO L290 TraceCheckUtils]: 37: Hoare triple {4343#false} assume { :end_inline_activatePump } true; {4343#false} is VALID [2022-02-20 18:12:02,847 INFO L290 TraceCheckUtils]: 38: Hoare triple {4343#false} assume { :end_inline_processEnvironment } true; {4343#false} is VALID [2022-02-20 18:12:02,847 INFO L290 TraceCheckUtils]: 39: Hoare triple {4343#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {4343#false} is VALID [2022-02-20 18:12:02,847 INFO L290 TraceCheckUtils]: 40: Hoare triple {4343#false} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {4343#false} is VALID [2022-02-20 18:12:02,848 INFO L290 TraceCheckUtils]: 41: Hoare triple {4343#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {4343#false} is VALID [2022-02-20 18:12:02,848 INFO L272 TraceCheckUtils]: 42: Hoare triple {4343#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {4342#true} is VALID [2022-02-20 18:12:02,848 INFO L290 TraceCheckUtils]: 43: Hoare triple {4342#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4342#true} is VALID [2022-02-20 18:12:02,848 INFO L290 TraceCheckUtils]: 44: Hoare triple {4342#true} assume true; {4342#true} is VALID [2022-02-20 18:12:02,848 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {4342#true} {4343#false} #228#return; {4343#false} is VALID [2022-02-20 18:12:02,848 INFO L290 TraceCheckUtils]: 46: Hoare triple {4343#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {4343#false} is VALID [2022-02-20 18:12:02,848 INFO L290 TraceCheckUtils]: 47: Hoare triple {4343#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {4343#false} is VALID [2022-02-20 18:12:02,848 INFO L290 TraceCheckUtils]: 48: Hoare triple {4343#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {4343#false} is VALID [2022-02-20 18:12:02,849 INFO L290 TraceCheckUtils]: 49: Hoare triple {4343#false} assume !false; {4343#false} is VALID [2022-02-20 18:12:02,849 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:02,849 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:02,849 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [780611223] [2022-02-20 18:12:02,849 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [780611223] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:02,849 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:02,849 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:02,850 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [694916643] [2022-02-20 18:12:02,850 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:02,850 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:02,850 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:02,851 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,887 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:02,887 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:02,887 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:02,888 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:02,888 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:02,888 INFO L87 Difference]: Start difference. First operand 112 states and 138 transitions. Second operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,987 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:02,988 INFO L93 Difference]: Finished difference Result 261 states and 326 transitions. [2022-02-20 18:12:02,988 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:02,988 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:02,988 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:02,988 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,991 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 215 transitions. [2022-02-20 18:12:02,991 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:02,993 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 215 transitions. [2022-02-20 18:12:02,993 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 215 transitions. [2022-02-20 18:12:03,132 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 215 edges. 215 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:03,135 INFO L225 Difference]: With dead ends: 261 [2022-02-20 18:12:03,135 INFO L226 Difference]: Without dead ends: 157 [2022-02-20 18:12:03,135 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 6 SyntacticMatches, 1 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:03,136 INFO L933 BasicCegarLoop]: 88 mSDtfsCounter, 35 mSDsluCounter, 69 mSDsCounter, 0 mSdLazyCounter, 10 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 35 SdHoareTripleChecker+Valid, 157 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 10 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:03,136 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [35 Valid, 157 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 10 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:03,136 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 157 states. [2022-02-20 18:12:03,142 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 157 to 157. [2022-02-20 18:12:03,142 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:03,143 INFO L82 GeneralOperation]: Start isEquivalent. First operand 157 states. Second operand has 157 states, 124 states have (on average 1.2338709677419355) internal successors, (153), 132 states have internal predecessors, (153), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) [2022-02-20 18:12:03,143 INFO L74 IsIncluded]: Start isIncluded. First operand 157 states. Second operand has 157 states, 124 states have (on average 1.2338709677419355) internal successors, (153), 132 states have internal predecessors, (153), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) [2022-02-20 18:12:03,144 INFO L87 Difference]: Start difference. First operand 157 states. Second operand has 157 states, 124 states have (on average 1.2338709677419355) internal successors, (153), 132 states have internal predecessors, (153), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) [2022-02-20 18:12:03,147 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:03,147 INFO L93 Difference]: Finished difference Result 157 states and 191 transitions. [2022-02-20 18:12:03,147 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 191 transitions. [2022-02-20 18:12:03,147 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:03,147 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:03,148 INFO L74 IsIncluded]: Start isIncluded. First operand has 157 states, 124 states have (on average 1.2338709677419355) internal successors, (153), 132 states have internal predecessors, (153), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) Second operand 157 states. [2022-02-20 18:12:03,148 INFO L87 Difference]: Start difference. First operand has 157 states, 124 states have (on average 1.2338709677419355) internal successors, (153), 132 states have internal predecessors, (153), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) Second operand 157 states. [2022-02-20 18:12:03,150 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:03,151 INFO L93 Difference]: Finished difference Result 157 states and 191 transitions. [2022-02-20 18:12:03,151 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 191 transitions. [2022-02-20 18:12:03,151 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:03,151 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:03,151 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:03,151 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:03,152 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 157 states, 124 states have (on average 1.2338709677419355) internal successors, (153), 132 states have internal predecessors, (153), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) [2022-02-20 18:12:03,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 157 states to 157 states and 191 transitions. [2022-02-20 18:12:03,154 INFO L78 Accepts]: Start accepts. Automaton has 157 states and 191 transitions. Word has length 50 [2022-02-20 18:12:03,154 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:03,154 INFO L470 AbstractCegarLoop]: Abstraction has 157 states and 191 transitions. [2022-02-20 18:12:03,155 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:03,155 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 191 transitions. [2022-02-20 18:12:03,155 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2022-02-20 18:12:03,155 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:03,155 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:03,156 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:12:03,156 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:03,156 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:03,156 INFO L85 PathProgramCache]: Analyzing trace with hash 1976434234, now seen corresponding path program 1 times [2022-02-20 18:12:03,156 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:03,156 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [25130928] [2022-02-20 18:12:03,157 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:03,157 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:03,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:03,225 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:12:03,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:03,245 INFO L290 TraceCheckUtils]: 0: Hoare triple {5272#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} assume true; {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,248 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} {5259#(= ~waterLevel~0 1)} #234#return; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-02-20 18:12:03,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:03,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {5257#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5257#true} is VALID [2022-02-20 18:12:03,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {5257#true} assume true; {5257#true} is VALID [2022-02-20 18:12:03,252 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5257#true} {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} #222#return; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2022-02-20 18:12:03,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:03,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {5257#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5257#true} is VALID [2022-02-20 18:12:03,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {5257#true} assume true; {5257#true} is VALID [2022-02-20 18:12:03,255 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5257#true} {5258#false} #228#return; {5258#false} is VALID [2022-02-20 18:12:03,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {5257#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {5259#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {5259#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,256 INFO L290 TraceCheckUtils]: 3: Hoare triple {5259#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,256 INFO L290 TraceCheckUtils]: 4: Hoare triple {5259#(= ~waterLevel~0 1)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,257 INFO L290 TraceCheckUtils]: 5: Hoare triple {5259#(= ~waterLevel~0 1)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,257 INFO L290 TraceCheckUtils]: 6: Hoare triple {5259#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,257 INFO L290 TraceCheckUtils]: 7: Hoare triple {5259#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,258 INFO L290 TraceCheckUtils]: 8: Hoare triple {5259#(= ~waterLevel~0 1)} assume !false; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,258 INFO L290 TraceCheckUtils]: 9: Hoare triple {5259#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,258 INFO L290 TraceCheckUtils]: 10: Hoare triple {5259#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,259 INFO L290 TraceCheckUtils]: 11: Hoare triple {5259#(= ~waterLevel~0 1)} assume 0 != test_~tmp~5#1; {5259#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:03,259 INFO L272 TraceCheckUtils]: 12: Hoare triple {5259#(= ~waterLevel~0 1)} call waterRise(); {5272#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:12:03,260 INFO L290 TraceCheckUtils]: 13: Hoare triple {5272#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,260 INFO L290 TraceCheckUtils]: 14: Hoare triple {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} assume true; {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,261 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {5273#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} {5259#(= ~waterLevel~0 1)} #234#return; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,261 INFO L290 TraceCheckUtils]: 16: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,261 INFO L290 TraceCheckUtils]: 17: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != test_~tmp___0~2#1); {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,262 INFO L290 TraceCheckUtils]: 18: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,262 INFO L290 TraceCheckUtils]: 19: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 != test_~tmp___2~0#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,263 INFO L272 TraceCheckUtils]: 20: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} call timeShift(); {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,263 INFO L290 TraceCheckUtils]: 21: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,263 INFO L272 TraceCheckUtils]: 22: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {5257#true} is VALID [2022-02-20 18:12:03,263 INFO L290 TraceCheckUtils]: 23: Hoare triple {5257#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5257#true} is VALID [2022-02-20 18:12:03,263 INFO L290 TraceCheckUtils]: 24: Hoare triple {5257#true} assume true; {5257#true} is VALID [2022-02-20 18:12:03,264 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {5257#true} {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} #222#return; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,264 INFO L290 TraceCheckUtils]: 26: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,265 INFO L290 TraceCheckUtils]: 27: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,265 INFO L290 TraceCheckUtils]: 28: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != ~pumpRunning~0); {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,265 INFO L290 TraceCheckUtils]: 29: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,266 INFO L290 TraceCheckUtils]: 30: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,266 INFO L290 TraceCheckUtils]: 31: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,266 INFO L290 TraceCheckUtils]: 32: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,267 INFO L290 TraceCheckUtils]: 33: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~1#1 := 1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,267 INFO L290 TraceCheckUtils]: 34: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,268 INFO L290 TraceCheckUtils]: 35: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,268 INFO L290 TraceCheckUtils]: 36: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,268 INFO L290 TraceCheckUtils]: 37: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,269 INFO L290 TraceCheckUtils]: 38: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,269 INFO L290 TraceCheckUtils]: 39: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,270 INFO L290 TraceCheckUtils]: 40: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,270 INFO L290 TraceCheckUtils]: 41: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline_activatePump } true; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,270 INFO L290 TraceCheckUtils]: 42: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline_processEnvironment } true; {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:03,271 INFO L290 TraceCheckUtils]: 43: Hoare triple {5263#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {5267#(= 2 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:12:03,271 INFO L290 TraceCheckUtils]: 44: Hoare triple {5267#(= 2 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {5268#(= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)} is VALID [2022-02-20 18:12:03,271 INFO L290 TraceCheckUtils]: 45: Hoare triple {5268#(= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {5258#false} is VALID [2022-02-20 18:12:03,272 INFO L272 TraceCheckUtils]: 46: Hoare triple {5258#false} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {5257#true} is VALID [2022-02-20 18:12:03,272 INFO L290 TraceCheckUtils]: 47: Hoare triple {5257#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5257#true} is VALID [2022-02-20 18:12:03,272 INFO L290 TraceCheckUtils]: 48: Hoare triple {5257#true} assume true; {5257#true} is VALID [2022-02-20 18:12:03,272 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {5257#true} {5258#false} #228#return; {5258#false} is VALID [2022-02-20 18:12:03,272 INFO L290 TraceCheckUtils]: 50: Hoare triple {5258#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {5258#false} is VALID [2022-02-20 18:12:03,272 INFO L290 TraceCheckUtils]: 51: Hoare triple {5258#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {5258#false} is VALID [2022-02-20 18:12:03,272 INFO L290 TraceCheckUtils]: 52: Hoare triple {5258#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {5258#false} is VALID [2022-02-20 18:12:03,272 INFO L290 TraceCheckUtils]: 53: Hoare triple {5258#false} assume !false; {5258#false} is VALID [2022-02-20 18:12:03,273 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:03,273 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:03,273 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [25130928] [2022-02-20 18:12:03,273 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [25130928] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:03,273 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:03,273 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:12:03,274 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1941320088] [2022-02-20 18:12:03,274 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:03,274 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 54 [2022-02-20 18:12:03,274 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:03,274 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:03,307 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 52 edges. 52 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:03,307 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:12:03,307 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:03,308 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:12:03,308 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:12:03,308 INFO L87 Difference]: Start difference. First operand 157 states and 191 transitions. Second operand has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:04,241 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,241 INFO L93 Difference]: Finished difference Result 531 states and 670 transitions. [2022-02-20 18:12:04,241 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-02-20 18:12:04,241 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 54 [2022-02-20 18:12:04,242 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:04,242 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:04,245 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 370 transitions. [2022-02-20 18:12:04,249 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:04,253 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 370 transitions. [2022-02-20 18:12:04,253 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states and 370 transitions. [2022-02-20 18:12:04,500 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 370 edges. 370 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:04,510 INFO L225 Difference]: With dead ends: 531 [2022-02-20 18:12:04,511 INFO L226 Difference]: Without dead ends: 427 [2022-02-20 18:12:04,511 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 7 SyntacticMatches, 1 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=56, Invalid=184, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:12:04,513 INFO L933 BasicCegarLoop]: 126 mSDtfsCounter, 222 mSDsluCounter, 499 mSDsCounter, 0 mSdLazyCounter, 287 mSolverCounterSat, 50 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 231 SdHoareTripleChecker+Valid, 625 SdHoareTripleChecker+Invalid, 337 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 50 IncrementalHoareTripleChecker+Valid, 287 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:04,513 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [231 Valid, 625 Invalid, 337 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [50 Valid, 287 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:12:04,514 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 427 states. [2022-02-20 18:12:04,565 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 427 to 393. [2022-02-20 18:12:04,565 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:04,567 INFO L82 GeneralOperation]: Start isEquivalent. First operand 427 states. Second operand has 393 states, 312 states have (on average 1.2211538461538463) internal successors, (381), 334 states have internal predecessors, (381), 44 states have call successors, (44), 33 states have call predecessors, (44), 36 states have return successors, (54), 42 states have call predecessors, (54), 44 states have call successors, (54) [2022-02-20 18:12:04,568 INFO L74 IsIncluded]: Start isIncluded. First operand 427 states. Second operand has 393 states, 312 states have (on average 1.2211538461538463) internal successors, (381), 334 states have internal predecessors, (381), 44 states have call successors, (44), 33 states have call predecessors, (44), 36 states have return successors, (54), 42 states have call predecessors, (54), 44 states have call successors, (54) [2022-02-20 18:12:04,568 INFO L87 Difference]: Start difference. First operand 427 states. Second operand has 393 states, 312 states have (on average 1.2211538461538463) internal successors, (381), 334 states have internal predecessors, (381), 44 states have call successors, (44), 33 states have call predecessors, (44), 36 states have return successors, (54), 42 states have call predecessors, (54), 44 states have call successors, (54) [2022-02-20 18:12:04,579 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,579 INFO L93 Difference]: Finished difference Result 427 states and 517 transitions. [2022-02-20 18:12:04,579 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 517 transitions. [2022-02-20 18:12:04,580 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:04,580 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:04,582 INFO L74 IsIncluded]: Start isIncluded. First operand has 393 states, 312 states have (on average 1.2211538461538463) internal successors, (381), 334 states have internal predecessors, (381), 44 states have call successors, (44), 33 states have call predecessors, (44), 36 states have return successors, (54), 42 states have call predecessors, (54), 44 states have call successors, (54) Second operand 427 states. [2022-02-20 18:12:04,582 INFO L87 Difference]: Start difference. First operand has 393 states, 312 states have (on average 1.2211538461538463) internal successors, (381), 334 states have internal predecessors, (381), 44 states have call successors, (44), 33 states have call predecessors, (44), 36 states have return successors, (54), 42 states have call predecessors, (54), 44 states have call successors, (54) Second operand 427 states. [2022-02-20 18:12:04,592 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,592 INFO L93 Difference]: Finished difference Result 427 states and 517 transitions. [2022-02-20 18:12:04,592 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 517 transitions. [2022-02-20 18:12:04,594 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:04,594 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:04,595 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:04,595 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:04,595 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 393 states, 312 states have (on average 1.2211538461538463) internal successors, (381), 334 states have internal predecessors, (381), 44 states have call successors, (44), 33 states have call predecessors, (44), 36 states have return successors, (54), 42 states have call predecessors, (54), 44 states have call successors, (54) [2022-02-20 18:12:04,604 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 393 states to 393 states and 479 transitions. [2022-02-20 18:12:04,605 INFO L78 Accepts]: Start accepts. Automaton has 393 states and 479 transitions. Word has length 54 [2022-02-20 18:12:04,605 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:04,605 INFO L470 AbstractCegarLoop]: Abstraction has 393 states and 479 transitions. [2022-02-20 18:12:04,605 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:04,606 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 479 transitions. [2022-02-20 18:12:04,607 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-02-20 18:12:04,607 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:04,608 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:04,608 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:12:04,608 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:04,608 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:04,608 INFO L85 PathProgramCache]: Analyzing trace with hash -128825948, now seen corresponding path program 1 times [2022-02-20 18:12:04,609 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:04,609 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [28258242] [2022-02-20 18:12:04,609 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:04,609 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:04,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,719 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:12:04,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {7491#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {7446#true} is VALID [2022-02-20 18:12:04,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,724 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7446#true} {7448#(= 1 ~systemActive~0)} #234#return; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:12:04,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:12:04,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:04,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,772 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7446#true} {7446#true} #222#return; {7446#true} is VALID [2022-02-20 18:12:04,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {7492#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:04,772 INFO L272 TraceCheckUtils]: 1: Hoare triple {7446#true} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:04,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:04,772 INFO L290 TraceCheckUtils]: 3: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {7446#true} {7446#true} #222#return; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 5: Hoare triple {7446#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 6: Hoare triple {7446#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 7: Hoare triple {7446#true} assume !(0 != ~pumpRunning~0); {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 8: Hoare triple {7446#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 9: Hoare triple {7446#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 10: Hoare triple {7446#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 11: Hoare triple {7446#true} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 12: Hoare triple {7446#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~1#1 := 1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 13: Hoare triple {7446#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 14: Hoare triple {7446#true} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {7446#true} is VALID [2022-02-20 18:12:04,773 INFO L290 TraceCheckUtils]: 15: Hoare triple {7446#true} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {7446#true} is VALID [2022-02-20 18:12:04,774 INFO L290 TraceCheckUtils]: 16: Hoare triple {7446#true} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {7446#true} is VALID [2022-02-20 18:12:04,774 INFO L290 TraceCheckUtils]: 17: Hoare triple {7446#true} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {7446#true} is VALID [2022-02-20 18:12:04,775 INFO L290 TraceCheckUtils]: 18: Hoare triple {7446#true} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,775 INFO L290 TraceCheckUtils]: 19: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,775 INFO L290 TraceCheckUtils]: 20: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,775 INFO L290 TraceCheckUtils]: 21: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,776 INFO L290 TraceCheckUtils]: 22: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,776 INFO L290 TraceCheckUtils]: 23: Hoare triple {7496#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,776 INFO L290 TraceCheckUtils]: 24: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~0#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,777 INFO L290 TraceCheckUtils]: 25: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,777 INFO L290 TraceCheckUtils]: 26: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,778 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {7496#(<= 1 ~pumpRunning~0)} {7448#(= 1 ~systemActive~0)} #238#return; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:12:04,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,787 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:04,787 INFO L290 TraceCheckUtils]: 1: Hoare triple {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:04,788 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} {7480#(not (= ~pumpRunning~0 0))} #222#return; {7484#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1| 0))} is VALID [2022-02-20 18:12:04,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:12:04,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,791 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {7446#true} {7485#(not (= ~switchedOnBeforeTS~0 0))} #226#return; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,791 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:12:04,792 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,795 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:04,795 INFO L290 TraceCheckUtils]: 1: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,796 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7446#true} {7485#(not (= ~switchedOnBeforeTS~0 0))} #228#return; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,801 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {7448#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {7448#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,823 INFO L290 TraceCheckUtils]: 3: Hoare triple {7448#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,824 INFO L290 TraceCheckUtils]: 4: Hoare triple {7448#(= 1 ~systemActive~0)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,824 INFO L290 TraceCheckUtils]: 5: Hoare triple {7448#(= 1 ~systemActive~0)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,825 INFO L290 TraceCheckUtils]: 6: Hoare triple {7448#(= 1 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,825 INFO L290 TraceCheckUtils]: 7: Hoare triple {7448#(= 1 ~systemActive~0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,825 INFO L290 TraceCheckUtils]: 8: Hoare triple {7448#(= 1 ~systemActive~0)} assume !false; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,826 INFO L290 TraceCheckUtils]: 9: Hoare triple {7448#(= 1 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,826 INFO L290 TraceCheckUtils]: 10: Hoare triple {7448#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,827 INFO L290 TraceCheckUtils]: 11: Hoare triple {7448#(= 1 ~systemActive~0)} assume 0 != test_~tmp~5#1; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,827 INFO L272 TraceCheckUtils]: 12: Hoare triple {7448#(= 1 ~systemActive~0)} call waterRise(); {7491#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:12:04,827 INFO L290 TraceCheckUtils]: 13: Hoare triple {7491#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {7446#true} is VALID [2022-02-20 18:12:04,827 INFO L290 TraceCheckUtils]: 14: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,828 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {7446#true} {7448#(= 1 ~systemActive~0)} #234#return; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,828 INFO L290 TraceCheckUtils]: 16: Hoare triple {7448#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,828 INFO L290 TraceCheckUtils]: 17: Hoare triple {7448#(= 1 ~systemActive~0)} assume !(0 != test_~tmp___0~2#1); {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,829 INFO L290 TraceCheckUtils]: 18: Hoare triple {7448#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,829 INFO L290 TraceCheckUtils]: 19: Hoare triple {7448#(= 1 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {7448#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,830 INFO L272 TraceCheckUtils]: 20: Hoare triple {7448#(= 1 ~systemActive~0)} call timeShift(); {7492#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 21: Hoare triple {7492#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L272 TraceCheckUtils]: 22: Hoare triple {7446#true} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 23: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 24: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {7446#true} {7446#true} #222#return; {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 26: Hoare triple {7446#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 27: Hoare triple {7446#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 28: Hoare triple {7446#true} assume !(0 != ~pumpRunning~0); {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 29: Hoare triple {7446#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {7446#true} is VALID [2022-02-20 18:12:04,830 INFO L290 TraceCheckUtils]: 30: Hoare triple {7446#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 31: Hoare triple {7446#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 32: Hoare triple {7446#true} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 33: Hoare triple {7446#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~1#1 := 1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 34: Hoare triple {7446#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 35: Hoare triple {7446#true} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 36: Hoare triple {7446#true} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 37: Hoare triple {7446#true} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 38: Hoare triple {7446#true} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {7446#true} is VALID [2022-02-20 18:12:04,831 INFO L290 TraceCheckUtils]: 39: Hoare triple {7446#true} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,832 INFO L290 TraceCheckUtils]: 40: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,832 INFO L290 TraceCheckUtils]: 41: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,832 INFO L290 TraceCheckUtils]: 42: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,833 INFO L290 TraceCheckUtils]: 43: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,833 INFO L290 TraceCheckUtils]: 44: Hoare triple {7496#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,833 INFO L290 TraceCheckUtils]: 45: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~0#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,833 INFO L290 TraceCheckUtils]: 46: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,834 INFO L290 TraceCheckUtils]: 47: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:04,834 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {7496#(<= 1 ~pumpRunning~0)} {7448#(= 1 ~systemActive~0)} #238#return; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,834 INFO L290 TraceCheckUtils]: 49: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume !false; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,835 INFO L290 TraceCheckUtils]: 50: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume test_~splverifierCounter~0#1 < 4; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,835 INFO L290 TraceCheckUtils]: 51: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,835 INFO L290 TraceCheckUtils]: 52: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp~5#1); {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,835 INFO L290 TraceCheckUtils]: 53: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,836 INFO L290 TraceCheckUtils]: 54: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp___0~2#1); {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,836 INFO L290 TraceCheckUtils]: 55: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,836 INFO L290 TraceCheckUtils]: 56: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume 0 != test_~tmp___2~0#1; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,847 INFO L272 TraceCheckUtils]: 57: Hoare triple {7480#(not (= ~pumpRunning~0 0))} call timeShift(); {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,848 INFO L290 TraceCheckUtils]: 58: Hoare triple {7480#(not (= ~pumpRunning~0 0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7480#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:04,848 INFO L272 TraceCheckUtils]: 59: Hoare triple {7480#(not (= ~pumpRunning~0 0))} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:04,848 INFO L290 TraceCheckUtils]: 60: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:04,849 INFO L290 TraceCheckUtils]: 61: Hoare triple {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:04,849 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7497#(= ~pumpRunning~0 |isPumpRunning_#res|)} {7480#(not (= ~pumpRunning~0 0))} #222#return; {7484#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1| 0))} is VALID [2022-02-20 18:12:04,849 INFO L290 TraceCheckUtils]: 63: Hoare triple {7484#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1| 0))} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,850 INFO L290 TraceCheckUtils]: 64: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,850 INFO L290 TraceCheckUtils]: 65: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,850 INFO L290 TraceCheckUtils]: 66: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,851 INFO L290 TraceCheckUtils]: 67: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline_lowerWaterLevel } true; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,851 INFO L290 TraceCheckUtils]: 68: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,851 INFO L290 TraceCheckUtils]: 69: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume !(0 == ~pumpRunning~0); {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,851 INFO L272 TraceCheckUtils]: 70: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} call processEnvironment__wrappee__base(); {7446#true} is VALID [2022-02-20 18:12:04,852 INFO L290 TraceCheckUtils]: 71: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,852 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {7446#true} {7485#(not (= ~switchedOnBeforeTS~0 0))} #226#return; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,852 INFO L290 TraceCheckUtils]: 73: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline_processEnvironment } true; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,852 INFO L290 TraceCheckUtils]: 74: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,853 INFO L290 TraceCheckUtils]: 75: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,853 INFO L290 TraceCheckUtils]: 76: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,853 INFO L272 TraceCheckUtils]: 77: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:04,853 INFO L290 TraceCheckUtils]: 78: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:04,853 INFO L290 TraceCheckUtils]: 79: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:04,854 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {7446#true} {7485#(not (= ~switchedOnBeforeTS~0 0))} #228#return; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,854 INFO L290 TraceCheckUtils]: 81: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,854 INFO L290 TraceCheckUtils]: 82: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {7485#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:04,855 INFO L290 TraceCheckUtils]: 83: Hoare triple {7485#(not (= ~switchedOnBeforeTS~0 0))} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {7447#false} is VALID [2022-02-20 18:12:04,855 INFO L290 TraceCheckUtils]: 84: Hoare triple {7447#false} assume !false; {7447#false} is VALID [2022-02-20 18:12:04,855 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 8 proven. 16 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:12:04,855 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:04,855 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [28258242] [2022-02-20 18:12:04,855 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [28258242] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:12:04,855 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1642178408] [2022-02-20 18:12:04,856 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:04,856 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:12:04,856 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:12:04,885 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:12:04,911 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:12:04,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,999 INFO L263 TraceCheckSpWp]: Trace formula consists of 448 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:12:05,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,021 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:12:05,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {7446#true} is VALID [2022-02-20 18:12:05,365 INFO L290 TraceCheckUtils]: 1: Hoare triple {7446#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7446#true} is VALID [2022-02-20 18:12:05,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {7446#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7446#true} is VALID [2022-02-20 18:12:05,365 INFO L290 TraceCheckUtils]: 3: Hoare triple {7446#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {7446#true} is VALID [2022-02-20 18:12:05,365 INFO L290 TraceCheckUtils]: 4: Hoare triple {7446#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {7446#true} is VALID [2022-02-20 18:12:05,365 INFO L290 TraceCheckUtils]: 5: Hoare triple {7446#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {7446#true} is VALID [2022-02-20 18:12:05,365 INFO L290 TraceCheckUtils]: 6: Hoare triple {7446#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {7446#true} is VALID [2022-02-20 18:12:05,365 INFO L290 TraceCheckUtils]: 7: Hoare triple {7446#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L290 TraceCheckUtils]: 8: Hoare triple {7446#true} assume !false; {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L290 TraceCheckUtils]: 9: Hoare triple {7446#true} assume test_~splverifierCounter~0#1 < 4; {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L290 TraceCheckUtils]: 10: Hoare triple {7446#true} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L290 TraceCheckUtils]: 11: Hoare triple {7446#true} assume 0 != test_~tmp~5#1; {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L272 TraceCheckUtils]: 12: Hoare triple {7446#true} call waterRise(); {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L290 TraceCheckUtils]: 13: Hoare triple {7446#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L290 TraceCheckUtils]: 14: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:05,366 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {7446#true} {7446#true} #234#return; {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L290 TraceCheckUtils]: 16: Hoare triple {7446#true} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L290 TraceCheckUtils]: 17: Hoare triple {7446#true} assume !(0 != test_~tmp___0~2#1); {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L290 TraceCheckUtils]: 18: Hoare triple {7446#true} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L290 TraceCheckUtils]: 19: Hoare triple {7446#true} assume 0 != test_~tmp___2~0#1; {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L272 TraceCheckUtils]: 20: Hoare triple {7446#true} call timeShift(); {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L290 TraceCheckUtils]: 21: Hoare triple {7446#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L272 TraceCheckUtils]: 22: Hoare triple {7446#true} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L290 TraceCheckUtils]: 23: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:05,367 INFO L290 TraceCheckUtils]: 24: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {7446#true} {7446#true} #222#return; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 26: Hoare triple {7446#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 27: Hoare triple {7446#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 28: Hoare triple {7446#true} assume !(0 != ~pumpRunning~0); {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 29: Hoare triple {7446#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 30: Hoare triple {7446#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 31: Hoare triple {7446#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 32: Hoare triple {7446#true} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {7446#true} is VALID [2022-02-20 18:12:05,368 INFO L290 TraceCheckUtils]: 33: Hoare triple {7446#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~1#1 := 1; {7446#true} is VALID [2022-02-20 18:12:05,369 INFO L290 TraceCheckUtils]: 34: Hoare triple {7446#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {7446#true} is VALID [2022-02-20 18:12:05,369 INFO L290 TraceCheckUtils]: 35: Hoare triple {7446#true} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {7446#true} is VALID [2022-02-20 18:12:05,369 INFO L290 TraceCheckUtils]: 36: Hoare triple {7446#true} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {7446#true} is VALID [2022-02-20 18:12:05,369 INFO L290 TraceCheckUtils]: 37: Hoare triple {7446#true} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {7446#true} is VALID [2022-02-20 18:12:05,369 INFO L290 TraceCheckUtils]: 38: Hoare triple {7446#true} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {7446#true} is VALID [2022-02-20 18:12:05,370 INFO L290 TraceCheckUtils]: 39: Hoare triple {7446#true} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,370 INFO L290 TraceCheckUtils]: 40: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,370 INFO L290 TraceCheckUtils]: 41: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,370 INFO L290 TraceCheckUtils]: 42: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,371 INFO L290 TraceCheckUtils]: 43: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,371 INFO L290 TraceCheckUtils]: 44: Hoare triple {7496#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,371 INFO L290 TraceCheckUtils]: 45: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~0#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,372 INFO L290 TraceCheckUtils]: 46: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,372 INFO L290 TraceCheckUtils]: 47: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,372 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {7496#(<= 1 ~pumpRunning~0)} {7446#true} #238#return; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,373 INFO L290 TraceCheckUtils]: 49: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !false; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,373 INFO L290 TraceCheckUtils]: 50: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume test_~splverifierCounter~0#1 < 4; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,373 INFO L290 TraceCheckUtils]: 51: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,374 INFO L290 TraceCheckUtils]: 52: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp~5#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,374 INFO L290 TraceCheckUtils]: 53: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,374 INFO L290 TraceCheckUtils]: 54: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp___0~2#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,375 INFO L290 TraceCheckUtils]: 55: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,375 INFO L290 TraceCheckUtils]: 56: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume 0 != test_~tmp___2~0#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,375 INFO L272 TraceCheckUtils]: 57: Hoare triple {7496#(<= 1 ~pumpRunning~0)} call timeShift(); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,376 INFO L290 TraceCheckUtils]: 58: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,376 INFO L272 TraceCheckUtils]: 59: Hoare triple {7496#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,376 INFO L290 TraceCheckUtils]: 60: Hoare triple {7496#(<= 1 ~pumpRunning~0)} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7681#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} is VALID [2022-02-20 18:12:05,377 INFO L290 TraceCheckUtils]: 61: Hoare triple {7681#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} assume true; {7681#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} is VALID [2022-02-20 18:12:05,377 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7681#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} {7496#(<= 1 ~pumpRunning~0)} #222#return; {7688#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1|)} is VALID [2022-02-20 18:12:05,378 INFO L290 TraceCheckUtils]: 63: Hoare triple {7688#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,378 INFO L290 TraceCheckUtils]: 64: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,378 INFO L290 TraceCheckUtils]: 65: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,379 INFO L290 TraceCheckUtils]: 66: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,379 INFO L290 TraceCheckUtils]: 67: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_lowerWaterLevel } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,379 INFO L290 TraceCheckUtils]: 68: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,380 INFO L290 TraceCheckUtils]: 69: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume !(0 == ~pumpRunning~0); {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,380 INFO L272 TraceCheckUtils]: 70: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} call processEnvironment__wrappee__base(); {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,380 INFO L290 TraceCheckUtils]: 71: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,381 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {7692#(<= 1 ~switchedOnBeforeTS~0)} {7692#(<= 1 ~switchedOnBeforeTS~0)} #226#return; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,381 INFO L290 TraceCheckUtils]: 73: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_processEnvironment } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,381 INFO L290 TraceCheckUtils]: 74: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,381 INFO L290 TraceCheckUtils]: 75: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,382 INFO L290 TraceCheckUtils]: 76: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,382 INFO L272 TraceCheckUtils]: 77: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,382 INFO L290 TraceCheckUtils]: 78: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,383 INFO L290 TraceCheckUtils]: 79: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,383 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {7692#(<= 1 ~switchedOnBeforeTS~0)} {7692#(<= 1 ~switchedOnBeforeTS~0)} #228#return; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,384 INFO L290 TraceCheckUtils]: 81: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,384 INFO L290 TraceCheckUtils]: 82: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,384 INFO L290 TraceCheckUtils]: 83: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {7447#false} is VALID [2022-02-20 18:12:05,384 INFO L290 TraceCheckUtils]: 84: Hoare triple {7447#false} assume !false; {7447#false} is VALID [2022-02-20 18:12:05,385 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 22 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:12:05,385 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:12:05,789 INFO L290 TraceCheckUtils]: 84: Hoare triple {7447#false} assume !false; {7447#false} is VALID [2022-02-20 18:12:05,790 INFO L290 TraceCheckUtils]: 83: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {7447#false} is VALID [2022-02-20 18:12:05,790 INFO L290 TraceCheckUtils]: 82: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~0#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,791 INFO L290 TraceCheckUtils]: 81: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret6#1 && __utac_acc__Specification5_spec__3_#t~ret6#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~0#1 := __utac_acc__Specification5_spec__3_#t~ret6#1;havoc __utac_acc__Specification5_spec__3_#t~ret6#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,791 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {7446#true} {7692#(<= 1 ~switchedOnBeforeTS~0)} #228#return; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,791 INFO L290 TraceCheckUtils]: 79: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:05,791 INFO L290 TraceCheckUtils]: 78: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:05,791 INFO L272 TraceCheckUtils]: 77: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} call __utac_acc__Specification5_spec__3_#t~ret6#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:05,792 INFO L290 TraceCheckUtils]: 76: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~0#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,792 INFO L290 TraceCheckUtils]: 75: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,792 INFO L290 TraceCheckUtils]: 74: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,793 INFO L290 TraceCheckUtils]: 73: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_processEnvironment } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,793 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {7446#true} {7692#(<= 1 ~switchedOnBeforeTS~0)} #226#return; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,793 INFO L290 TraceCheckUtils]: 71: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:05,793 INFO L272 TraceCheckUtils]: 70: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} call processEnvironment__wrappee__base(); {7446#true} is VALID [2022-02-20 18:12:05,794 INFO L290 TraceCheckUtils]: 69: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume !(0 == ~pumpRunning~0); {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,794 INFO L290 TraceCheckUtils]: 68: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,794 INFO L290 TraceCheckUtils]: 67: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_lowerWaterLevel } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,795 INFO L290 TraceCheckUtils]: 66: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,795 INFO L290 TraceCheckUtils]: 65: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,795 INFO L290 TraceCheckUtils]: 64: Hoare triple {7692#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,796 INFO L290 TraceCheckUtils]: 63: Hoare triple {7688#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7692#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:05,796 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7825#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} {7496#(<= 1 ~pumpRunning~0)} #222#return; {7688#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1|)} is VALID [2022-02-20 18:12:05,797 INFO L290 TraceCheckUtils]: 61: Hoare triple {7825#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} assume true; {7825#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} is VALID [2022-02-20 18:12:05,797 INFO L290 TraceCheckUtils]: 60: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7825#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} is VALID [2022-02-20 18:12:05,797 INFO L272 TraceCheckUtils]: 59: Hoare triple {7496#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:05,798 INFO L290 TraceCheckUtils]: 58: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,798 INFO L272 TraceCheckUtils]: 57: Hoare triple {7496#(<= 1 ~pumpRunning~0)} call timeShift(); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,798 INFO L290 TraceCheckUtils]: 56: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume 0 != test_~tmp___2~0#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,799 INFO L290 TraceCheckUtils]: 55: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,799 INFO L290 TraceCheckUtils]: 54: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp___0~2#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,799 INFO L290 TraceCheckUtils]: 53: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,799 INFO L290 TraceCheckUtils]: 52: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp~5#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,800 INFO L290 TraceCheckUtils]: 51: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,800 INFO L290 TraceCheckUtils]: 50: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume test_~splverifierCounter~0#1 < 4; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,800 INFO L290 TraceCheckUtils]: 49: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !false; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,801 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {7496#(<= 1 ~pumpRunning~0)} {7446#true} #238#return; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,801 INFO L290 TraceCheckUtils]: 47: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,801 INFO L290 TraceCheckUtils]: 46: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,802 INFO L290 TraceCheckUtils]: 45: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~0#1); {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,802 INFO L290 TraceCheckUtils]: 44: Hoare triple {7496#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret5#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret5#1 && __utac_acc__Specification5_spec__3_#t~ret5#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~0#1 := __utac_acc__Specification5_spec__3_#t~ret5#1;havoc __utac_acc__Specification5_spec__3_#t~ret5#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,802 INFO L290 TraceCheckUtils]: 43: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret5#1, __utac_acc__Specification5_spec__3_#t~ret6#1, __utac_acc__Specification5_spec__3_~tmp~0#1, __utac_acc__Specification5_spec__3_~tmp___0~0#1;havoc __utac_acc__Specification5_spec__3_~tmp~0#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~0#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~1#1;havoc getWaterLevel_~retValue_acc~1#1;getWaterLevel_~retValue_acc~1#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~1#1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,802 INFO L290 TraceCheckUtils]: 42: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,803 INFO L290 TraceCheckUtils]: 41: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,803 INFO L290 TraceCheckUtils]: 40: Hoare triple {7496#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,813 INFO L290 TraceCheckUtils]: 39: Hoare triple {7446#true} assume !(0 != activatePump_~tmp~3#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {7496#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:05,813 INFO L290 TraceCheckUtils]: 38: Hoare triple {7446#true} activatePump_#t~ret14#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret14#1 && activatePump_#t~ret14#1 <= 2147483647;activatePump_~tmp~3#1 := activatePump_#t~ret14#1;havoc activatePump_#t~ret14#1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 37: Hoare triple {7446#true} isMethaneAlarm_#t~ret15#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret15#1 && isMethaneAlarm_#t~ret15#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret15#1;havoc isMethaneAlarm_#t~ret15#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 36: Hoare triple {7446#true} assume 0 != processEnvironment_~tmp~2#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret14#1, activatePump_~tmp~3#1;havoc activatePump_~tmp~3#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret15#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;havoc isMethaneLevelCritical_~retValue_acc~0#1;isMethaneLevelCritical_~retValue_acc~0#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~0#1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 35: Hoare triple {7446#true} processEnvironment_#t~ret13#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret13#1 && processEnvironment_#t~ret13#1 <= 2147483647;processEnvironment_~tmp~2#1 := processEnvironment_#t~ret13#1;havoc processEnvironment_#t~ret13#1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 34: Hoare triple {7446#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 33: Hoare triple {7446#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~1#1 := 1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 32: Hoare triple {7446#true} isHighWaterLevel_#t~ret24#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret24#1 && isHighWaterLevel_#t~ret24#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret24#1;havoc isHighWaterLevel_#t~ret24#1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 31: Hoare triple {7446#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:05,814 INFO L290 TraceCheckUtils]: 30: Hoare triple {7446#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret24#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L290 TraceCheckUtils]: 29: Hoare triple {7446#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret13#1, processEnvironment_~tmp~2#1;havoc processEnvironment_~tmp~2#1; {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L290 TraceCheckUtils]: 28: Hoare triple {7446#true} assume !(0 != ~pumpRunning~0); {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L290 TraceCheckUtils]: 27: Hoare triple {7446#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L290 TraceCheckUtils]: 26: Hoare triple {7446#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret4#1 && __utac_acc__Specification5_spec__2_#t~ret4#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret4#1;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {7446#true} {7446#true} #222#return; {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L290 TraceCheckUtils]: 24: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L290 TraceCheckUtils]: 23: Hoare triple {7446#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L272 TraceCheckUtils]: 22: Hoare triple {7446#true} call __utac_acc__Specification5_spec__2_#t~ret4#1 := isPumpRunning(); {7446#true} is VALID [2022-02-20 18:12:05,815 INFO L290 TraceCheckUtils]: 21: Hoare triple {7446#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret4#1; {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L272 TraceCheckUtils]: 20: Hoare triple {7446#true} call timeShift(); {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L290 TraceCheckUtils]: 19: Hoare triple {7446#true} assume 0 != test_~tmp___2~0#1; {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L290 TraceCheckUtils]: 18: Hoare triple {7446#true} assume -2147483648 <= test_#t~nondet27#1 && test_#t~nondet27#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet27#1;havoc test_#t~nondet27#1; {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L290 TraceCheckUtils]: 17: Hoare triple {7446#true} assume !(0 != test_~tmp___0~2#1); {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L290 TraceCheckUtils]: 16: Hoare triple {7446#true} assume -2147483648 <= test_#t~nondet26#1 && test_#t~nondet26#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet26#1;havoc test_#t~nondet26#1; {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {7446#true} {7446#true} #234#return; {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L290 TraceCheckUtils]: 14: Hoare triple {7446#true} assume true; {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L290 TraceCheckUtils]: 13: Hoare triple {7446#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {7446#true} is VALID [2022-02-20 18:12:05,816 INFO L272 TraceCheckUtils]: 12: Hoare triple {7446#true} call waterRise(); {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 11: Hoare triple {7446#true} assume 0 != test_~tmp~5#1; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 10: Hoare triple {7446#true} assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 9: Hoare triple {7446#true} assume test_~splverifierCounter~0#1 < 4; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 8: Hoare triple {7446#true} assume !false; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 7: Hoare triple {7446#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 6: Hoare triple {7446#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 5: Hoare triple {7446#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 4: Hoare triple {7446#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {7446#true} is VALID [2022-02-20 18:12:05,817 INFO L290 TraceCheckUtils]: 3: Hoare triple {7446#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {7446#true} is VALID [2022-02-20 18:12:05,818 INFO L290 TraceCheckUtils]: 2: Hoare triple {7446#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7446#true} is VALID [2022-02-20 18:12:05,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {7446#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~3#1, main_~tmp~1#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {7446#true} is VALID [2022-02-20 18:12:05,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~switchedOnBeforeTS~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0; {7446#true} is VALID [2022-02-20 18:12:05,818 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 18 proven. 6 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:12:05,818 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1642178408] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:12:05,818 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:12:05,819 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 6, 6] total 14 [2022-02-20 18:12:05,819 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [760010673] [2022-02-20 18:12:05,819 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:12:05,820 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 8.428571428571429) internal successors, (118), 10 states have internal predecessors, (118), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (14), 8 states have call predecessors, (14), 6 states have call successors, (14) Word has length 85 [2022-02-20 18:12:05,820 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:05,820 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 14 states, 14 states have (on average 8.428571428571429) internal successors, (118), 10 states have internal predecessors, (118), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (14), 8 states have call predecessors, (14), 6 states have call successors, (14) [2022-02-20 18:12:05,900 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 148 edges. 148 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:05,900 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-02-20 18:12:05,901 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:05,901 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-02-20 18:12:05,901 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=149, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:12:05,901 INFO L87 Difference]: Start difference. First operand 393 states and 479 transitions. Second operand has 14 states, 14 states have (on average 8.428571428571429) internal successors, (118), 10 states have internal predecessors, (118), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (14), 8 states have call predecessors, (14), 6 states have call successors, (14) [2022-02-20 18:12:07,629 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,629 INFO L93 Difference]: Finished difference Result 624 states and 786 transitions. [2022-02-20 18:12:07,629 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-02-20 18:12:07,629 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 8.428571428571429) internal successors, (118), 10 states have internal predecessors, (118), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (14), 8 states have call predecessors, (14), 6 states have call successors, (14) Word has length 85 [2022-02-20 18:12:07,630 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:07,630 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 14 states, 14 states have (on average 8.428571428571429) internal successors, (118), 10 states have internal predecessors, (118), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (14), 8 states have call predecessors, (14), 6 states have call successors, (14) [2022-02-20 18:12:07,633 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 18 states to 18 states and 289 transitions. [2022-02-20 18:12:07,633 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 14 states, 14 states have (on average 8.428571428571429) internal successors, (118), 10 states have internal predecessors, (118), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (14), 8 states have call predecessors, (14), 6 states have call successors, (14) [2022-02-20 18:12:07,652 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 18 states to 18 states and 289 transitions. [2022-02-20 18:12:07,652 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 18 states and 289 transitions. [2022-02-20 18:12:07,935 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 289 edges. 289 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:07,935 INFO L225 Difference]: With dead ends: 624 [2022-02-20 18:12:07,935 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:12:07,937 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 210 GetRequests, 182 SyntacticMatches, 1 SemanticMatches, 27 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 126 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=201, Invalid=611, Unknown=0, NotChecked=0, Total=812 [2022-02-20 18:12:07,937 INFO L933 BasicCegarLoop]: 148 mSDtfsCounter, 240 mSDsluCounter, 629 mSDsCounter, 0 mSdLazyCounter, 399 mSolverCounterSat, 83 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 243 SdHoareTripleChecker+Valid, 777 SdHoareTripleChecker+Invalid, 482 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 83 IncrementalHoareTripleChecker+Valid, 399 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:07,938 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [243 Valid, 777 Invalid, 482 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [83 Valid, 399 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-02-20 18:12:07,938 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:12:07,938 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:12:07,939 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:07,939 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:07,939 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:07,939 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:07,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,939 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:12:07,939 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:12:07,939 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:07,939 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:07,939 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:12:07,939 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:12:07,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,955 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:12:07,955 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:12:07,955 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:07,955 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:07,955 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:07,955 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:07,955 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:07,955 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:12:07,956 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 85 [2022-02-20 18:12:07,956 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:07,956 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:12:07,956 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 8.428571428571429) internal successors, (118), 10 states have internal predecessors, (118), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (14), 8 states have call predecessors, (14), 6 states have call successors, (14) [2022-02-20 18:12:07,956 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:12:07,956 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:07,958 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:12:08,003 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:12:08,158 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-02-20 18:12:08,161 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:12:11,301 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 337 343) no Hoare annotation was computed. [2022-02-20 18:12:11,301 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 337 343) the Hoare annotation is: true [2022-02-20 18:12:11,301 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 134 145) the Hoare annotation is: true [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point L138-1(lines 134 145) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 134 145) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point L353(lines 353 361) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L854 garLoopResultBuilder]: At program point L386-2(lines 379 395) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse2 .cse3) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0) (let ((.cse5 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse4 (and (= ~pumpRunning~0 0) .cse5) .cse0 .cse2 (and (<= 1 ~pumpRunning~0) .cse5) .cse3)))) [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point L349(lines 349 366) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L854 garLoopResultBuilder]: At program point L411(lines 404 414) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0))) [2022-02-20 18:12:11,302 INFO L854 garLoopResultBuilder]: At program point L151(lines 146 154) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0))) [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point L469(lines 469 473) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point L85(lines 85 91) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point L469-2(lines 469 473) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L858 garLoopResultBuilder]: For program point L114(lines 114 118) no Hoare annotation was computed. [2022-02-20 18:12:11,302 INFO L854 garLoopResultBuilder]: At program point L114-2(lines 110 121) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse1 .cse4 .cse2 .cse3 (and .cse5 (= ~waterLevel~0 1) .cse6)))) [2022-02-20 18:12:11,303 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 310 336) no Hoare annotation was computed. [2022-02-20 18:12:11,305 INFO L854 garLoopResultBuilder]: At program point L69(lines 62 71) the Hoare annotation is: (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (= ~pumpRunning~0 0)) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (and (<= 1 ~pumpRunning~0) .cse7 (<= 1 ~switchedOnBeforeTS~0)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 (= ~waterLevel~0 1))) (or .cse1 .cse3 .cse4 .cse5 .cse6) (or .cse0 (and .cse2 .cse7) .cse1 .cse4 .cse6) (or .cse1 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-02-20 18:12:11,305 INFO L858 garLoopResultBuilder]: For program point L317(lines 317 323) no Hoare annotation was computed. [2022-02-20 18:12:11,305 INFO L858 garLoopResultBuilder]: For program point L317-2(lines 313 335) no Hoare annotation was computed. [2022-02-20 18:12:11,305 INFO L854 garLoopResultBuilder]: At program point L375(lines 370 377) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse0 .cse3 (and (<= 1 ~pumpRunning~0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0))) [2022-02-20 18:12:11,305 INFO L854 garLoopResultBuilder]: At program point L82(line 82) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (<= 1 ~pumpRunning~0)) (.cse4 (= ~waterLevel~0 1)) (.cse7 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and (= ~pumpRunning~0 0) .cse4)) (or .cse1 .cse5 (and .cse6 .cse7) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse5 .cse2 .cse3 (and .cse6 .cse4 .cse7)))) [2022-02-20 18:12:11,305 INFO L858 garLoopResultBuilder]: For program point L82-1(line 82) no Hoare annotation was computed. [2022-02-20 18:12:11,305 INFO L854 garLoopResultBuilder]: At program point L359(line 359) the Hoare annotation is: (let ((.cse6 (= 1 ~systemActive~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 0)) (.cse5 (= |timeShift_processEnvironment_~tmp~2#1| 0)) (.cse1 (not .cse6)) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5 .cse6 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse1 .cse7 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse4 .cse5 .cse6 (= ~waterLevel~0 1))) (or .cse1 .cse7 .cse2 .cse3)))) [2022-02-20 18:12:11,306 INFO L854 garLoopResultBuilder]: At program point L475(lines 460 478) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (= ~pumpRunning~0 0)) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and .cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse4 .cse5) (or .cse0 .cse1 .cse4 .cse5) (or .cse2 (and .cse3 (= |timeShift_isHighWaterLevel_#res#1| 0) (= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0) (= ~waterLevel~0 1) (not (= |timeShift_isHighWaterLevel_~tmp~4#1| 0))) (not (= |old(~waterLevel~0)| 1)) .cse0))) [2022-02-20 18:12:11,306 INFO L858 garLoopResultBuilder]: For program point L950(line 950) no Hoare annotation was computed. [2022-02-20 18:12:11,306 INFO L854 garLoopResultBuilder]: At program point L364(line 364) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse1 .cse4 .cse2 .cse3 (and .cse5 (= ~waterLevel~0 1) .cse6)))) [2022-02-20 18:12:11,307 INFO L854 garLoopResultBuilder]: At program point L364-1(lines 345 369) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (= ~pumpRunning~0 0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (< 1 |old(~waterLevel~0)|))) (.cse9 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse3 (= ~waterLevel~0 1)) (.cse6 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 .cse3)) (or .cse1 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse2 .cse7) .cse1 .cse8 (and .cse5 .cse7) .cse9)) (or .cse1 .cse4 .cse8 .cse9 (and .cse5 .cse3 .cse6)))) [2022-02-20 18:12:11,307 INFO L854 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: (let ((.cse1 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (= ~pumpRunning~0 0)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse4))) (and (or (and .cse0 .cse1 (= ~waterLevel~0 1)) .cse2 (not (= |old(~waterLevel~0)| 1)) .cse3) (or (and .cse0 .cse1 .cse4) .cse2 .cse3 .cse5 .cse6) (or .cse3 .cse7 .cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse7 .cse5 .cse6 .cse8)))) [2022-02-20 18:12:11,307 INFO L858 garLoopResultBuilder]: For program point L67-1(line 67) no Hoare annotation was computed. [2022-02-20 18:12:11,307 INFO L858 garLoopResultBuilder]: For program point L191(lines 191 197) no Hoare annotation was computed. [2022-02-20 18:12:11,307 INFO L854 garLoopResultBuilder]: At program point L183(lines 178 186) the Hoare annotation is: (let ((.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (= ~pumpRunning~0 0)) (.cse4 (not (= 1 ~systemActive~0))) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (<= 1 ~pumpRunning~0)) (.cse8 (= ~waterLevel~0 1)) (.cse10 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse1 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (or (and .cse0 .cse1 .cse2) .cse3 .cse4 .cse5 (and .cse6 .cse1 .cse2) .cse7)) (or .cse3 (not (= |old(~waterLevel~0)| 1)) .cse4 (and .cse0 .cse8)) (or .cse4 .cse9 (and .cse6 .cse10) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 .cse9 .cse5 .cse7 (and .cse6 .cse8 .cse10)))) [2022-02-20 18:12:11,308 INFO L854 garLoopResultBuilder]: At program point L951(lines 946 953) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0))) [2022-02-20 18:12:11,308 INFO L858 garLoopResultBuilder]: For program point L84(lines 84 94) no Hoare annotation was computed. [2022-02-20 18:12:11,308 INFO L858 garLoopResultBuilder]: For program point L80(lines 80 97) no Hoare annotation was computed. [2022-02-20 18:12:11,308 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 310 336) the Hoare annotation is: (let ((.cse1 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (= ~pumpRunning~0 0)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse4))) (and (or (and .cse0 .cse1 (= ~waterLevel~0 1)) .cse2 (not (= |old(~waterLevel~0)| 1)) .cse3) (or (and .cse0 .cse1 .cse4) .cse2 .cse3 .cse5 .cse6) (or .cse3 .cse7 .cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse7 .cse5 .cse6 .cse8)))) [2022-02-20 18:12:11,308 INFO L854 garLoopResultBuilder]: At program point L80-1(lines 72 100) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (< 1 |old(~waterLevel~0)|))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 (and .cse1 .cse2) (not (= |old(~waterLevel~0)| 1)) .cse3) (or .cse3 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse4 .cse7 .cse8 (and .cse5 (= ~waterLevel~0 1) .cse6)) (let ((.cse9 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse10 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2))) (or (and .cse1 .cse9 .cse2 .cse10) .cse0 .cse3 .cse7 (and .cse5 .cse9 .cse2 .cse10) .cse8)))) [2022-02-20 18:12:11,308 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 310 336) no Hoare annotation was computed. [2022-02-20 18:12:11,309 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 950) no Hoare annotation was computed. [2022-02-20 18:12:11,309 INFO L854 garLoopResultBuilder]: At program point L196(lines 187 200) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (= ~pumpRunning~0 0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 (not (= |timeShift_isHighWaterSensorDry_#res#1| 0)) (= ~waterLevel~0 1))) (or .cse1 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (and .cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1 .cse4 .cse5) (or .cse1 .cse3 .cse4 .cse5))) [2022-02-20 18:12:11,309 INFO L858 garLoopResultBuilder]: For program point L324-1(lines 324 330) no Hoare annotation was computed. [2022-02-20 18:12:11,309 INFO L858 garLoopResultBuilder]: For program point L386(lines 386 392) no Hoare annotation was computed. [2022-02-20 18:12:11,309 INFO L858 garLoopResultBuilder]: For program point L225(line 225) no Hoare annotation was computed. [2022-02-20 18:12:11,309 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 204 233) no Hoare annotation was computed. [2022-02-20 18:12:11,309 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 204 233) the Hoare annotation is: true [2022-02-20 18:12:11,309 INFO L858 garLoopResultBuilder]: For program point L218(lines 218 222) no Hoare annotation was computed. [2022-02-20 18:12:11,310 INFO L861 garLoopResultBuilder]: At program point L218-1(lines 218 222) the Hoare annotation is: true [2022-02-20 18:12:11,310 INFO L858 garLoopResultBuilder]: For program point L215(line 215) no Hoare annotation was computed. [2022-02-20 18:12:11,310 INFO L861 garLoopResultBuilder]: At program point L214-2(lines 214 228) the Hoare annotation is: true [2022-02-20 18:12:11,310 INFO L861 garLoopResultBuilder]: At program point L210(line 210) the Hoare annotation is: true [2022-02-20 18:12:11,310 INFO L858 garLoopResultBuilder]: For program point L210-1(line 210) no Hoare annotation was computed. [2022-02-20 18:12:11,311 INFO L861 garLoopResultBuilder]: At program point L229(lines 204 233) the Hoare annotation is: true [2022-02-20 18:12:11,311 INFO L858 garLoopResultBuilder]: For program point L291-2(lines 291 298) no Hoare annotation was computed. [2022-02-20 18:12:11,311 INFO L858 garLoopResultBuilder]: For program point L510(lines 510 516) no Hoare annotation was computed. [2022-02-20 18:12:11,311 INFO L858 garLoopResultBuilder]: For program point L510-1(lines 510 516) no Hoare annotation was computed. [2022-02-20 18:12:11,311 INFO L861 garLoopResultBuilder]: At program point L539(lines 480 543) the Hoare annotation is: true [2022-02-20 18:12:11,311 INFO L854 garLoopResultBuilder]: At program point L502(line 502) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse3 (< 1 ~waterLevel~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse3 .cse1 .cse2 .cse4) (and .cse5 .cse1 .cse2 (= ~waterLevel~0 1)) (and .cse5 .cse3 .cse1 .cse2 .cse4))) [2022-02-20 18:12:11,311 INFO L861 garLoopResultBuilder]: At program point L275(lines 267 277) the Hoare annotation is: true [2022-02-20 18:12:11,312 INFO L861 garLoopResultBuilder]: At program point L300(lines 281 303) the Hoare annotation is: true [2022-02-20 18:12:11,312 INFO L854 garLoopResultBuilder]: At program point L263(lines 259 265) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:11,312 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:12:11,312 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:12:11,312 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:12:11,313 INFO L854 garLoopResultBuilder]: At program point L536(lines 489 537) the Hoare annotation is: false [2022-02-20 18:12:11,313 INFO L854 garLoopResultBuilder]: At program point L941(lines 936 944) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:11,313 INFO L858 garLoopResultBuilder]: For program point L491(lines 490 535) no Hoare annotation was computed. [2022-02-20 18:12:11,313 INFO L858 garLoopResultBuilder]: For program point L520(lines 520 531) no Hoare annotation was computed. [2022-02-20 18:12:11,313 INFO L854 garLoopResultBuilder]: At program point L933(lines 929 935) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:11,313 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:12:11,313 INFO L854 garLoopResultBuilder]: At program point L512(line 512) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse3 (< 1 ~waterLevel~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse3 .cse1 .cse2 .cse4) (and .cse5 .cse1 .cse2 (= ~waterLevel~0 1)) (and .cse5 .cse3 .cse1 .cse2 .cse4))) [2022-02-20 18:12:11,314 INFO L854 garLoopResultBuilder]: At program point L533(lines 490 535) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse3 (< 1 ~waterLevel~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse3 .cse1 .cse2 .cse4) (and .cse5 .cse1 .cse2 (= ~waterLevel~0 1)) (and .cse5 .cse3 .cse1 .cse2 .cse4))) [2022-02-20 18:12:11,314 INFO L858 garLoopResultBuilder]: For program point L500(lines 500 506) no Hoare annotation was computed. [2022-02-20 18:12:11,314 INFO L858 garLoopResultBuilder]: For program point L500-1(lines 500 506) no Hoare annotation was computed. [2022-02-20 18:12:11,314 INFO L858 garLoopResultBuilder]: For program point L492(lines 492 496) no Hoare annotation was computed. [2022-02-20 18:12:11,314 INFO L854 garLoopResultBuilder]: At program point L926(lines 922 928) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:11,314 INFO L854 garLoopResultBuilder]: At program point L59(lines 54 61) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:11,315 INFO L858 garLoopResultBuilder]: For program point L526(lines 526 530) no Hoare annotation was computed. [2022-02-20 18:12:11,315 INFO L854 garLoopResultBuilder]: At program point L526-2(lines 520 531) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse3 (< 1 ~waterLevel~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse3 .cse1 .cse2 .cse4) (and .cse5 .cse1 .cse2 (= ~waterLevel~0 1)) (and .cse5 .cse3 .cse1 .cse2 .cse4))) [2022-02-20 18:12:11,315 INFO L858 garLoopResultBuilder]: For program point L291(lines 291 298) no Hoare annotation was computed. [2022-02-20 18:12:11,315 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 122 133) no Hoare annotation was computed. [2022-02-20 18:12:11,316 INFO L858 garLoopResultBuilder]: For program point L126-1(lines 122 133) no Hoare annotation was computed. [2022-02-20 18:12:11,316 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 122 133) the Hoare annotation is: (let ((.cse2 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (= ~waterLevel~0 1)) (or .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse1 .cse4 .cse2 .cse3 .cse5) (or .cse0 .cse1 .cse4 .cse3 .cse5))) [2022-02-20 18:12:11,316 INFO L858 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 415 423) no Hoare annotation was computed. [2022-02-20 18:12:11,317 INFO L861 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 415 423) the Hoare annotation is: true [2022-02-20 18:12:11,317 INFO L858 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 415 423) no Hoare annotation was computed. [2022-02-20 18:12:11,320 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:11,321 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:12:11,325 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:12:11,325 WARN L170 areAnnotationChecker]: L138-1 has no Hoare annotation [2022-02-20 18:12:11,325 WARN L170 areAnnotationChecker]: L138-1 has no Hoare annotation [2022-02-20 18:12:11,328 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:12:11,328 WARN L170 areAnnotationChecker]: L126-1 has no Hoare annotation [2022-02-20 18:12:11,328 WARN L170 areAnnotationChecker]: L126-1 has no Hoare annotation [2022-02-20 18:12:11,329 WARN L170 areAnnotationChecker]: isPumpRunningFINAL has no Hoare annotation [2022-02-20 18:12:11,329 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:12:11,329 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:12:11,329 WARN L170 areAnnotationChecker]: L138-1 has no Hoare annotation [2022-02-20 18:12:11,329 WARN L170 areAnnotationChecker]: L67-1 has no Hoare annotation [2022-02-20 18:12:11,329 WARN L170 areAnnotationChecker]: L210-1 has no Hoare annotation [2022-02-20 18:12:11,330 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:12:11,330 WARN L170 areAnnotationChecker]: L126-1 has no Hoare annotation [2022-02-20 18:12:11,330 WARN L170 areAnnotationChecker]: isPumpRunningFINAL has no Hoare annotation [2022-02-20 18:12:11,331 WARN L170 areAnnotationChecker]: L324-1 has no Hoare annotation [2022-02-20 18:12:11,331 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:12:11,331 WARN L170 areAnnotationChecker]: L67-1 has no Hoare annotation [2022-02-20 18:12:11,331 WARN L170 areAnnotationChecker]: L210-1 has no Hoare annotation [2022-02-20 18:12:11,331 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:12:11,331 WARN L170 areAnnotationChecker]: isPumpRunningEXIT has no Hoare annotation [2022-02-20 18:12:11,332 WARN L170 areAnnotationChecker]: isPumpRunningEXIT has no Hoare annotation [2022-02-20 18:12:11,332 WARN L170 areAnnotationChecker]: L324-1 has no Hoare annotation [2022-02-20 18:12:11,332 WARN L170 areAnnotationChecker]: L510-1 has no Hoare annotation [2022-02-20 18:12:11,332 WARN L170 areAnnotationChecker]: L317 has no Hoare annotation [2022-02-20 18:12:11,332 WARN L170 areAnnotationChecker]: L215 has no Hoare annotation [2022-02-20 18:12:11,332 WARN L170 areAnnotationChecker]: L500-1 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L82-1 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L80 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L520 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L520 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L317 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L317 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L215 has no Hoare annotation [2022-02-20 18:12:11,333 WARN L170 areAnnotationChecker]: L291 has no Hoare annotation [2022-02-20 18:12:11,334 WARN L170 areAnnotationChecker]: L510 has no Hoare annotation [2022-02-20 18:12:11,335 WARN L170 areAnnotationChecker]: L510 has no Hoare annotation [2022-02-20 18:12:11,335 WARN L170 areAnnotationChecker]: L84 has no Hoare annotation [2022-02-20 18:12:11,335 WARN L170 areAnnotationChecker]: L84 has no Hoare annotation [2022-02-20 18:12:11,335 WARN L170 areAnnotationChecker]: L80 has no Hoare annotation [2022-02-20 18:12:11,335 WARN L170 areAnnotationChecker]: L80 has no Hoare annotation [2022-02-20 18:12:11,336 WARN L170 areAnnotationChecker]: L526 has no Hoare annotation [2022-02-20 18:12:11,336 WARN L170 areAnnotationChecker]: L526 has no Hoare annotation [2022-02-20 18:12:11,336 WARN L170 areAnnotationChecker]: L114 has no Hoare annotation [2022-02-20 18:12:11,336 WARN L170 areAnnotationChecker]: L114 has no Hoare annotation [2022-02-20 18:12:11,336 WARN L170 areAnnotationChecker]: L317-2 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L317-2 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L218 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L218 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L291 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L291 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L510-1 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L85 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: L85 has no Hoare annotation [2022-02-20 18:12:11,337 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:12:11,338 WARN L170 areAnnotationChecker]: L82-1 has no Hoare annotation [2022-02-20 18:12:11,340 WARN L170 areAnnotationChecker]: L491 has no Hoare annotation [2022-02-20 18:12:11,340 WARN L170 areAnnotationChecker]: L317-2 has no Hoare annotation [2022-02-20 18:12:11,340 WARN L170 areAnnotationChecker]: L349 has no Hoare annotation [2022-02-20 18:12:11,340 WARN L170 areAnnotationChecker]: L349 has no Hoare annotation [2022-02-20 18:12:11,340 WARN L170 areAnnotationChecker]: L225 has no Hoare annotation [2022-02-20 18:12:11,341 WARN L170 areAnnotationChecker]: L291-2 has no Hoare annotation [2022-02-20 18:12:11,342 WARN L170 areAnnotationChecker]: L950 has no Hoare annotation [2022-02-20 18:12:11,342 WARN L170 areAnnotationChecker]: L950 has no Hoare annotation [2022-02-20 18:12:11,342 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:12:11,342 WARN L170 areAnnotationChecker]: L491 has no Hoare annotation [2022-02-20 18:12:11,342 WARN L170 areAnnotationChecker]: L491 has no Hoare annotation [2022-02-20 18:12:11,342 WARN L170 areAnnotationChecker]: L191 has no Hoare annotation [2022-02-20 18:12:11,342 WARN L170 areAnnotationChecker]: L191 has no Hoare annotation [2022-02-20 18:12:11,343 WARN L170 areAnnotationChecker]: L291-2 has no Hoare annotation [2022-02-20 18:12:11,343 WARN L170 areAnnotationChecker]: L225 has no Hoare annotation [2022-02-20 18:12:11,344 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: L492 has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: L469 has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: L500 has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: L500 has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: L469 has no Hoare annotation [2022-02-20 18:12:11,346 WARN L170 areAnnotationChecker]: L469 has no Hoare annotation [2022-02-20 18:12:11,347 WARN L170 areAnnotationChecker]: L500-1 has no Hoare annotation [2022-02-20 18:12:11,348 WARN L170 areAnnotationChecker]: L469-2 has no Hoare annotation [2022-02-20 18:12:11,348 WARN L170 areAnnotationChecker]: L353 has no Hoare annotation [2022-02-20 18:12:11,348 WARN L170 areAnnotationChecker]: L353 has no Hoare annotation [2022-02-20 18:12:11,348 WARN L170 areAnnotationChecker]: L353 has no Hoare annotation [2022-02-20 18:12:11,350 WARN L170 areAnnotationChecker]: L386 has no Hoare annotation [2022-02-20 18:12:11,350 WARN L170 areAnnotationChecker]: L386 has no Hoare annotation [2022-02-20 18:12:11,350 WARN L170 areAnnotationChecker]: L386 has no Hoare annotation [2022-02-20 18:12:11,354 INFO L163 areAnnotationChecker]: CFG has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:12:11,411 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:12:11 BoogieIcfgContainer [2022-02-20 18:12:11,413 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:12:11,414 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:12:11,414 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:12:11,414 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:12:11,414 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:11:59" (3/4) ... [2022-02-20 18:12:11,417 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:12:11,421 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:12:11,422 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:12:11,422 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:12:11,422 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:12:11,422 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:12:11,423 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-02-20 18:12:11,436 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 51 nodes and edges [2022-02-20 18:12:11,436 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:12:11,437 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:12:11,437 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:12:11,437 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:12:11,438 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:12:11,438 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:12:11,463 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-02-20 18:12:11,464 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-02-20 18:12:11,464 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) [2022-02-20 18:12:11,465 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-02-20 18:12:11,465 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) [2022-02-20 18:12:11,465 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-02-20 18:12:11,465 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) [2022-02-20 18:12:11,466 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && \result == 0) && tmp___0 == 0) && waterLevel == 1) && !(tmp == 0))) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) [2022-02-20 18:12:11,466 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) [2022-02-20 18:12:11,466 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) [2022-02-20 18:12:11,466 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-02-20 18:12:11,466 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) [2022-02-20 18:12:11,500 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:12:11,501 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:12:11,502 INFO L158 Benchmark]: Toolchain (without parser) took 12917.19ms. Allocated memory was 140.5MB in the beginning and 213.9MB in the end (delta: 73.4MB). Free memory was 108.4MB in the beginning and 125.0MB in the end (delta: -16.6MB). Peak memory consumption was 57.0MB. Max. memory is 16.1GB. [2022-02-20 18:12:11,502 INFO L158 Benchmark]: CDTParser took 0.17ms. Allocated memory is still 92.3MB. Free memory is still 48.0MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:12:11,502 INFO L158 Benchmark]: CACSL2BoogieTranslator took 412.49ms. Allocated memory is still 140.5MB. Free memory was 107.9MB in the beginning and 104.2MB in the end (delta: 3.6MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-20 18:12:11,503 INFO L158 Benchmark]: Boogie Procedure Inliner took 62.26ms. Allocated memory is still 140.5MB. Free memory was 104.2MB in the beginning and 101.5MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:12:11,506 INFO L158 Benchmark]: Boogie Preprocessor took 27.65ms. Allocated memory is still 140.5MB. Free memory was 101.5MB in the beginning and 100.0MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:12:11,506 INFO L158 Benchmark]: RCFGBuilder took 470.49ms. Allocated memory is still 140.5MB. Free memory was 100.0MB in the beginning and 79.0MB in the end (delta: 21.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:12:11,507 INFO L158 Benchmark]: TraceAbstraction took 11838.79ms. Allocated memory was 140.5MB in the beginning and 213.9MB in the end (delta: 73.4MB). Free memory was 79.0MB in the beginning and 130.2MB in the end (delta: -51.2MB). Peak memory consumption was 92.1MB. Max. memory is 16.1GB. [2022-02-20 18:12:11,507 INFO L158 Benchmark]: Witness Printer took 87.20ms. Allocated memory is still 213.9MB. Free memory was 130.2MB in the beginning and 125.0MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:12:11,509 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.17ms. Allocated memory is still 92.3MB. Free memory is still 48.0MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 412.49ms. Allocated memory is still 140.5MB. Free memory was 107.9MB in the beginning and 104.2MB in the end (delta: 3.6MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 62.26ms. Allocated memory is still 140.5MB. Free memory was 104.2MB in the beginning and 101.5MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 27.65ms. Allocated memory is still 140.5MB. Free memory was 101.5MB in the beginning and 100.0MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 470.49ms. Allocated memory is still 140.5MB. Free memory was 100.0MB in the beginning and 79.0MB in the end (delta: 21.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 11838.79ms. Allocated memory was 140.5MB in the beginning and 213.9MB in the end (delta: 73.4MB). Free memory was 79.0MB in the beginning and 130.2MB in the end (delta: -51.2MB). Peak memory consumption was 92.1MB. Max. memory is 16.1GB. * Witness Printer took 87.20ms. Allocated memory is still 213.9MB. Free memory was 130.2MB in the beginning and 125.0MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 950]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 7 procedures, 84 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 11.7s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 5.5s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 3.1s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 835 SdHoareTripleChecker+Valid, 0.9s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 817 mSDsluCounter, 3056 SdHoareTripleChecker+Invalid, 0.9s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2042 mSDsCounter, 157 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 785 IncrementalHoareTripleChecker+Invalid, 942 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 157 mSolverCounterUnsat, 1014 mSDtfsCounter, 785 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 307 GetRequests, 241 SyntacticMatches, 3 SemanticMatches, 63 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 155 ImplicationChecksByTransitivity, 0.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=393occurred in iteration=9, InterpolantAutomatonStates: 67, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 10 MinimizatonAttempts, 88 StatesRemovedByMinimization, 5 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 39 LocationsWithAnnotation, 723 PreInvPairs, 829 NumberOfFragments, 1815 HoareAnnotationTreeSize, 723 FomulaSimplifications, 424 FormulaSimplificationTreeSizeReduction, 0.3s HoareSimplificationTime, 39 FomulaSimplificationsInter, 3663 FormulaSimplificationTreeSizeReductionInter, 2.6s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.6s InterpolantComputationTime, 571 NumberOfCodeBlocks, 571 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 644 ConstructedInterpolants, 0 QuantifiedInterpolants, 1446 SizeOfPredicates, 3 NumberOfNonLiveVariables, 448 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 85/114 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 480]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 460]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && \result == 0) && tmp___0 == 0) && waterLevel == 1) && !(tmp == 0))) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) - InvariantResult [Line: 62]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 54]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 929]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 204]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 936]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 214]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 110]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 345]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 490]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && 1 < waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel == 1)) || ((((pumpRunning == 0 && 1 < waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 267]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 259]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 178]: Loop Invariant Derived loop invariant: (((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 922]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 187]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 946]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) - InvariantResult [Line: 379]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 404]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) - InvariantResult [Line: 146]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) - InvariantResult [Line: 489]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 281]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 370]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) RESULT: Ultimate proved your program to be correct! [2022-02-20 18:12:11,569 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE