./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash e5a4c274bc0fec0eeea8ea2f72c4bc5bbc7aef2fd24f2cf907e22c2c7f3759d4 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:12:00,805 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:12:00,808 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:12:00,845 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:12:00,845 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:12:00,847 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:12:00,849 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:12:00,852 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:12:00,853 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:12:00,857 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:12:00,858 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:12:00,859 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:12:00,859 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:12:00,861 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:12:00,862 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:12:00,864 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:12:00,865 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:12:00,866 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:12:00,868 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:12:00,872 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:12:00,874 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:12:00,874 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:12:00,876 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:12:00,876 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:12:00,881 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:12:00,881 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:12:00,882 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:12:00,883 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:12:00,883 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:12:00,884 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:12:00,884 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:12:00,885 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:12:00,886 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:12:00,887 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:12:00,888 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:12:00,888 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:12:00,888 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:12:00,888 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:12:00,889 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:12:00,889 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:12:00,890 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:12:00,891 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:12:00,916 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:12:00,917 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:12:00,917 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:12:00,917 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:12:00,918 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:12:00,918 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:12:00,918 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:12:00,918 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:12:00,919 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:12:00,919 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:12:00,919 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:12:00,919 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:12:00,919 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:12:00,919 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:12:00,919 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:12:00,919 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:12:00,920 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:12:00,920 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:12:00,920 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:12:00,920 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:12:00,920 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:12:00,920 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:12:00,920 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:12:00,920 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:12:00,921 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:12:00,921 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:12:00,921 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:12:00,921 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:12:00,921 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:12:00,921 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:12:00,921 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:12:00,921 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:12:00,922 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:12:00,922 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> e5a4c274bc0fec0eeea8ea2f72c4bc5bbc7aef2fd24f2cf907e22c2c7f3759d4 [2022-02-20 18:12:01,230 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:12:01,252 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:12:01,254 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:12:01,255 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:12:01,256 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:12:01,257 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c [2022-02-20 18:12:01,345 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c673ae9b1/6131e6ee366a43a4b68e81cacf2034a2/FLAG5df85164a [2022-02-20 18:12:01,746 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:12:01,747 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c [2022-02-20 18:12:01,753 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c673ae9b1/6131e6ee366a43a4b68e81cacf2034a2/FLAG5df85164a [2022-02-20 18:12:02,135 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c673ae9b1/6131e6ee366a43a4b68e81cacf2034a2 [2022-02-20 18:12:02,138 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:12:02,139 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:12:02,141 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:12:02,142 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:12:02,144 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:12:02,145 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,146 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@204b03ce and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02, skipping insertion in model container [2022-02-20 18:12:02,146 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,151 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:12:02,183 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:12:02,466 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c[18537,18550] [2022-02-20 18:12:02,469 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:12:02,476 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:12:02,570 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c[18537,18550] [2022-02-20 18:12:02,571 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:12:02,586 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:12:02,587 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02 WrapperNode [2022-02-20 18:12:02,587 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:12:02,592 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:12:02,592 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:12:02,593 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:12:02,598 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,619 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,646 INFO L137 Inliner]: procedures = 56, calls = 156, calls flagged for inlining = 26, calls inlined = 23, statements flattened = 258 [2022-02-20 18:12:02,647 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:12:02,648 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:12:02,648 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:12:02,648 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:12:02,654 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,654 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,656 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,666 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,671 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,674 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,682 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,684 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:12:02,685 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:12:02,685 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:12:02,685 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:12:02,686 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (1/1) ... [2022-02-20 18:12:02,691 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:12:02,706 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:12:02,729 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:12:02,743 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:12:02,776 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:12:02,776 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:12:02,776 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:12:02,776 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:12:02,776 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:12:02,776 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:12:02,776 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:12:02,776 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:12:02,778 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:12:02,778 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-02-20 18:12:02,778 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-02-20 18:12:02,778 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:12:02,778 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:12:02,778 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:12:02,778 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:12:02,778 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:12:02,867 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:12:02,868 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:12:03,215 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:12:03,222 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:12:03,223 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:12:03,225 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:12:03 BoogieIcfgContainer [2022-02-20 18:12:03,225 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:12:03,227 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:12:03,227 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:12:03,230 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:12:03,230 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:12:02" (1/3) ... [2022-02-20 18:12:03,231 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2d832e52 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:12:03, skipping insertion in model container [2022-02-20 18:12:03,231 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:02" (2/3) ... [2022-02-20 18:12:03,231 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2d832e52 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:12:03, skipping insertion in model container [2022-02-20 18:12:03,231 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:12:03" (3/3) ... [2022-02-20 18:12:03,232 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product43.cil.c [2022-02-20 18:12:03,236 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:12:03,236 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:12:03,276 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:12:03,282 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:12:03,283 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:12:03,304 INFO L276 IsEmpty]: Start isEmpty. Operand has 88 states, 70 states have (on average 1.3714285714285714) internal successors, (96), 76 states have internal predecessors, (96), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:12:03,311 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:12:03,312 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:03,312 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:03,313 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:03,316 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:03,317 INFO L85 PathProgramCache]: Analyzing trace with hash 991645006, now seen corresponding path program 1 times [2022-02-20 18:12:03,324 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:03,324 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [905089739] [2022-02-20 18:12:03,324 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:03,325 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:03,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:03,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:12:03,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:03,514 INFO L290 TraceCheckUtils]: 0: Hoare triple {91#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {91#true} is VALID [2022-02-20 18:12:03,514 INFO L290 TraceCheckUtils]: 1: Hoare triple {91#true} assume true; {91#true} is VALID [2022-02-20 18:12:03,515 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {91#true} {92#false} #233#return; {92#false} is VALID [2022-02-20 18:12:03,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:12:03,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:03,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {91#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {91#true} is VALID [2022-02-20 18:12:03,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {91#true} assume true; {91#true} is VALID [2022-02-20 18:12:03,531 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {91#true} {92#false} #239#return; {92#false} is VALID [2022-02-20 18:12:03,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {91#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {91#true} is VALID [2022-02-20 18:12:03,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {91#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {91#true} is VALID [2022-02-20 18:12:03,536 INFO L290 TraceCheckUtils]: 2: Hoare triple {91#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {91#true} is VALID [2022-02-20 18:12:03,537 INFO L290 TraceCheckUtils]: 3: Hoare triple {91#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {91#true} is VALID [2022-02-20 18:12:03,537 INFO L290 TraceCheckUtils]: 4: Hoare triple {91#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {91#true} is VALID [2022-02-20 18:12:03,537 INFO L290 TraceCheckUtils]: 5: Hoare triple {91#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {91#true} is VALID [2022-02-20 18:12:03,538 INFO L290 TraceCheckUtils]: 6: Hoare triple {91#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {91#true} is VALID [2022-02-20 18:12:03,538 INFO L290 TraceCheckUtils]: 7: Hoare triple {91#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {91#true} is VALID [2022-02-20 18:12:03,540 INFO L290 TraceCheckUtils]: 8: Hoare triple {91#true} assume !true; {92#false} is VALID [2022-02-20 18:12:03,541 INFO L272 TraceCheckUtils]: 9: Hoare triple {92#false} call cleanup(); {92#false} is VALID [2022-02-20 18:12:03,541 INFO L290 TraceCheckUtils]: 10: Hoare triple {92#false} havoc ~i~0;havoc ~__cil_tmp2~0; {92#false} is VALID [2022-02-20 18:12:03,541 INFO L272 TraceCheckUtils]: 11: Hoare triple {92#false} call timeShift(); {92#false} is VALID [2022-02-20 18:12:03,542 INFO L290 TraceCheckUtils]: 12: Hoare triple {92#false} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {92#false} is VALID [2022-02-20 18:12:03,542 INFO L272 TraceCheckUtils]: 13: Hoare triple {92#false} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {91#true} is VALID [2022-02-20 18:12:03,542 INFO L290 TraceCheckUtils]: 14: Hoare triple {91#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {91#true} is VALID [2022-02-20 18:12:03,542 INFO L290 TraceCheckUtils]: 15: Hoare triple {91#true} assume true; {91#true} is VALID [2022-02-20 18:12:03,543 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {91#true} {92#false} #233#return; {92#false} is VALID [2022-02-20 18:12:03,543 INFO L290 TraceCheckUtils]: 17: Hoare triple {92#false} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {92#false} is VALID [2022-02-20 18:12:03,544 INFO L290 TraceCheckUtils]: 18: Hoare triple {92#false} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {92#false} is VALID [2022-02-20 18:12:03,544 INFO L290 TraceCheckUtils]: 19: Hoare triple {92#false} assume !(0 != ~pumpRunning~0); {92#false} is VALID [2022-02-20 18:12:03,544 INFO L290 TraceCheckUtils]: 20: Hoare triple {92#false} assume !(0 != ~systemActive~0); {92#false} is VALID [2022-02-20 18:12:03,544 INFO L290 TraceCheckUtils]: 21: Hoare triple {92#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {92#false} is VALID [2022-02-20 18:12:03,545 INFO L290 TraceCheckUtils]: 22: Hoare triple {92#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {92#false} is VALID [2022-02-20 18:12:03,545 INFO L290 TraceCheckUtils]: 23: Hoare triple {92#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {92#false} is VALID [2022-02-20 18:12:03,545 INFO L272 TraceCheckUtils]: 24: Hoare triple {92#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {91#true} is VALID [2022-02-20 18:12:03,545 INFO L290 TraceCheckUtils]: 25: Hoare triple {91#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {91#true} is VALID [2022-02-20 18:12:03,546 INFO L290 TraceCheckUtils]: 26: Hoare triple {91#true} assume true; {91#true} is VALID [2022-02-20 18:12:03,546 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {91#true} {92#false} #239#return; {92#false} is VALID [2022-02-20 18:12:03,546 INFO L290 TraceCheckUtils]: 28: Hoare triple {92#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {92#false} is VALID [2022-02-20 18:12:03,546 INFO L290 TraceCheckUtils]: 29: Hoare triple {92#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {92#false} is VALID [2022-02-20 18:12:03,546 INFO L290 TraceCheckUtils]: 30: Hoare triple {92#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {92#false} is VALID [2022-02-20 18:12:03,547 INFO L290 TraceCheckUtils]: 31: Hoare triple {92#false} assume !false; {92#false} is VALID [2022-02-20 18:12:03,547 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:03,548 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:03,548 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [905089739] [2022-02-20 18:12:03,549 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [905089739] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:03,549 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:03,550 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:12:03,552 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [893176049] [2022-02-20 18:12:03,553 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:03,557 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-02-20 18:12:03,559 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:03,562 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:03,601 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:03,601 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:12:03,602 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:03,620 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:12:03,621 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:12:03,625 INFO L87 Difference]: Start difference. First operand has 88 states, 70 states have (on average 1.3714285714285714) internal successors, (96), 76 states have internal predecessors, (96), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:03,765 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:03,765 INFO L93 Difference]: Finished difference Result 167 states and 226 transitions. [2022-02-20 18:12:03,766 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:12:03,766 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-02-20 18:12:03,766 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:03,767 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:03,780 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 226 transitions. [2022-02-20 18:12:03,781 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:03,790 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 226 transitions. [2022-02-20 18:12:03,792 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 226 transitions. [2022-02-20 18:12:03,968 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 226 edges. 226 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:03,975 INFO L225 Difference]: With dead ends: 167 [2022-02-20 18:12:03,976 INFO L226 Difference]: Without dead ends: 79 [2022-02-20 18:12:03,978 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:12:03,981 INFO L933 BasicCegarLoop]: 110 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 110 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:03,982 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 110 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:03,993 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-02-20 18:12:04,010 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-02-20 18:12:04,014 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:04,016 INFO L82 GeneralOperation]: Start isEquivalent. First operand 79 states. Second operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 68 states have internal predecessors, (82), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:04,019 INFO L74 IsIncluded]: Start isIncluded. First operand 79 states. Second operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 68 states have internal predecessors, (82), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:04,020 INFO L87 Difference]: Start difference. First operand 79 states. Second operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 68 states have internal predecessors, (82), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:04,027 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,028 INFO L93 Difference]: Finished difference Result 79 states and 101 transitions. [2022-02-20 18:12:04,028 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-02-20 18:12:04,033 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:04,034 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:04,035 INFO L74 IsIncluded]: Start isIncluded. First operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 68 states have internal predecessors, (82), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 79 states. [2022-02-20 18:12:04,036 INFO L87 Difference]: Start difference. First operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 68 states have internal predecessors, (82), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 79 states. [2022-02-20 18:12:04,046 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,047 INFO L93 Difference]: Finished difference Result 79 states and 101 transitions. [2022-02-20 18:12:04,047 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-02-20 18:12:04,049 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:04,049 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:04,049 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:04,050 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:04,050 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 68 states have internal predecessors, (82), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:12:04,056 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 101 transitions. [2022-02-20 18:12:04,058 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 101 transitions. Word has length 32 [2022-02-20 18:12:04,058 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:04,059 INFO L470 AbstractCegarLoop]: Abstraction has 79 states and 101 transitions. [2022-02-20 18:12:04,059 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:04,059 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-02-20 18:12:04,060 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-02-20 18:12:04,060 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:04,060 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:04,061 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:12:04,061 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:04,062 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:04,062 INFO L85 PathProgramCache]: Analyzing trace with hash -1721110732, now seen corresponding path program 1 times [2022-02-20 18:12:04,062 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:04,062 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1571237839] [2022-02-20 18:12:04,062 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:04,063 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:04,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:04,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,143 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 18:12:04,143 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 18:12:04,144 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {622#(not (= 0 ~systemActive~0))} #233#return; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,144 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-02-20 18:12:04,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,147 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 18:12:04,148 INFO L290 TraceCheckUtils]: 1: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 18:12:04,148 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {617#true} {618#false} #239#return; {618#false} is VALID [2022-02-20 18:12:04,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {617#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {619#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {619#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {619#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {619#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {619#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:12:04,152 INFO L290 TraceCheckUtils]: 3: Hoare triple {619#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {620#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:12:04,152 INFO L290 TraceCheckUtils]: 4: Hoare triple {620#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {621#(= |ULTIMATE.start_main_~tmp~3#1| ~systemActive~0)} is VALID [2022-02-20 18:12:04,153 INFO L290 TraceCheckUtils]: 5: Hoare triple {621#(= |ULTIMATE.start_main_~tmp~3#1| ~systemActive~0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,153 INFO L290 TraceCheckUtils]: 6: Hoare triple {622#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,153 INFO L290 TraceCheckUtils]: 7: Hoare triple {622#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,154 INFO L290 TraceCheckUtils]: 8: Hoare triple {622#(not (= 0 ~systemActive~0))} assume !false; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,154 INFO L290 TraceCheckUtils]: 9: Hoare triple {622#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,155 INFO L290 TraceCheckUtils]: 10: Hoare triple {622#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,155 INFO L290 TraceCheckUtils]: 11: Hoare triple {622#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~4#1); {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,156 INFO L290 TraceCheckUtils]: 12: Hoare triple {622#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,156 INFO L290 TraceCheckUtils]: 13: Hoare triple {622#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~0#1); {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,157 INFO L290 TraceCheckUtils]: 14: Hoare triple {622#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,157 INFO L290 TraceCheckUtils]: 15: Hoare triple {622#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___2~0#1; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,158 INFO L272 TraceCheckUtils]: 16: Hoare triple {622#(not (= 0 ~systemActive~0))} call timeShift(); {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,158 INFO L290 TraceCheckUtils]: 17: Hoare triple {622#(not (= 0 ~systemActive~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,158 INFO L272 TraceCheckUtils]: 18: Hoare triple {622#(not (= 0 ~systemActive~0))} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {617#true} is VALID [2022-02-20 18:12:04,159 INFO L290 TraceCheckUtils]: 19: Hoare triple {617#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 18:12:04,159 INFO L290 TraceCheckUtils]: 20: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 18:12:04,159 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {617#true} {622#(not (= 0 ~systemActive~0))} #233#return; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,160 INFO L290 TraceCheckUtils]: 22: Hoare triple {622#(not (= 0 ~systemActive~0))} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,160 INFO L290 TraceCheckUtils]: 23: Hoare triple {622#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,161 INFO L290 TraceCheckUtils]: 24: Hoare triple {622#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {622#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:04,161 INFO L290 TraceCheckUtils]: 25: Hoare triple {622#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {618#false} is VALID [2022-02-20 18:12:04,161 INFO L290 TraceCheckUtils]: 26: Hoare triple {618#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {618#false} is VALID [2022-02-20 18:12:04,161 INFO L290 TraceCheckUtils]: 27: Hoare triple {618#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {618#false} is VALID [2022-02-20 18:12:04,162 INFO L290 TraceCheckUtils]: 28: Hoare triple {618#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {618#false} is VALID [2022-02-20 18:12:04,162 INFO L272 TraceCheckUtils]: 29: Hoare triple {618#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {617#true} is VALID [2022-02-20 18:12:04,162 INFO L290 TraceCheckUtils]: 30: Hoare triple {617#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {617#true} is VALID [2022-02-20 18:12:04,162 INFO L290 TraceCheckUtils]: 31: Hoare triple {617#true} assume true; {617#true} is VALID [2022-02-20 18:12:04,162 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {617#true} {618#false} #239#return; {618#false} is VALID [2022-02-20 18:12:04,162 INFO L290 TraceCheckUtils]: 33: Hoare triple {618#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {618#false} is VALID [2022-02-20 18:12:04,163 INFO L290 TraceCheckUtils]: 34: Hoare triple {618#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {618#false} is VALID [2022-02-20 18:12:04,163 INFO L290 TraceCheckUtils]: 35: Hoare triple {618#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {618#false} is VALID [2022-02-20 18:12:04,163 INFO L290 TraceCheckUtils]: 36: Hoare triple {618#false} assume !false; {618#false} is VALID [2022-02-20 18:12:04,163 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:04,164 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:04,164 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1571237839] [2022-02-20 18:12:04,164 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1571237839] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:04,164 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:04,164 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:12:04,164 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1347596613] [2022-02-20 18:12:04,165 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:04,166 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-02-20 18:12:04,166 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:04,166 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:04,191 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:04,191 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:12:04,191 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:04,192 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:12:04,192 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:12:04,192 INFO L87 Difference]: Start difference. First operand 79 states and 101 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:04,623 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,623 INFO L93 Difference]: Finished difference Result 273 states and 364 transitions. [2022-02-20 18:12:04,623 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:12:04,624 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-02-20 18:12:04,624 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:04,624 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:04,629 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 364 transitions. [2022-02-20 18:12:04,629 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:04,634 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 364 transitions. [2022-02-20 18:12:04,634 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 364 transitions. [2022-02-20 18:12:04,900 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 364 edges. 364 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:04,906 INFO L225 Difference]: With dead ends: 273 [2022-02-20 18:12:04,907 INFO L226 Difference]: Without dead ends: 202 [2022-02-20 18:12:04,908 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:12:04,909 INFO L933 BasicCegarLoop]: 120 mSDtfsCounter, 212 mSDsluCounter, 404 mSDsCounter, 0 mSdLazyCounter, 99 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 212 SdHoareTripleChecker+Valid, 524 SdHoareTripleChecker+Invalid, 111 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 99 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:04,909 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [212 Valid, 524 Invalid, 111 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 99 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:12:04,910 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 202 states. [2022-02-20 18:12:04,923 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 202 to 192. [2022-02-20 18:12:04,924 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:04,924 INFO L82 GeneralOperation]: Start isEquivalent. First operand 202 states. Second operand has 192 states, 149 states have (on average 1.3221476510067114) internal successors, (197), 160 states have internal predecessors, (197), 28 states have call successors, (28), 17 states have call predecessors, (28), 14 states have return successors, (28), 23 states have call predecessors, (28), 25 states have call successors, (28) [2022-02-20 18:12:04,925 INFO L74 IsIncluded]: Start isIncluded. First operand 202 states. Second operand has 192 states, 149 states have (on average 1.3221476510067114) internal successors, (197), 160 states have internal predecessors, (197), 28 states have call successors, (28), 17 states have call predecessors, (28), 14 states have return successors, (28), 23 states have call predecessors, (28), 25 states have call successors, (28) [2022-02-20 18:12:04,926 INFO L87 Difference]: Start difference. First operand 202 states. Second operand has 192 states, 149 states have (on average 1.3221476510067114) internal successors, (197), 160 states have internal predecessors, (197), 28 states have call successors, (28), 17 states have call predecessors, (28), 14 states have return successors, (28), 23 states have call predecessors, (28), 25 states have call successors, (28) [2022-02-20 18:12:04,933 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,933 INFO L93 Difference]: Finished difference Result 202 states and 263 transitions. [2022-02-20 18:12:04,933 INFO L276 IsEmpty]: Start isEmpty. Operand 202 states and 263 transitions. [2022-02-20 18:12:04,934 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:04,934 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:04,935 INFO L74 IsIncluded]: Start isIncluded. First operand has 192 states, 149 states have (on average 1.3221476510067114) internal successors, (197), 160 states have internal predecessors, (197), 28 states have call successors, (28), 17 states have call predecessors, (28), 14 states have return successors, (28), 23 states have call predecessors, (28), 25 states have call successors, (28) Second operand 202 states. [2022-02-20 18:12:04,936 INFO L87 Difference]: Start difference. First operand has 192 states, 149 states have (on average 1.3221476510067114) internal successors, (197), 160 states have internal predecessors, (197), 28 states have call successors, (28), 17 states have call predecessors, (28), 14 states have return successors, (28), 23 states have call predecessors, (28), 25 states have call successors, (28) Second operand 202 states. [2022-02-20 18:12:04,943 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:04,943 INFO L93 Difference]: Finished difference Result 202 states and 263 transitions. [2022-02-20 18:12:04,943 INFO L276 IsEmpty]: Start isEmpty. Operand 202 states and 263 transitions. [2022-02-20 18:12:04,944 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:04,944 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:04,944 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:04,944 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:04,945 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 192 states, 149 states have (on average 1.3221476510067114) internal successors, (197), 160 states have internal predecessors, (197), 28 states have call successors, (28), 17 states have call predecessors, (28), 14 states have return successors, (28), 23 states have call predecessors, (28), 25 states have call successors, (28) [2022-02-20 18:12:04,952 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 192 states to 192 states and 253 transitions. [2022-02-20 18:12:04,952 INFO L78 Accepts]: Start accepts. Automaton has 192 states and 253 transitions. Word has length 37 [2022-02-20 18:12:04,952 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:04,952 INFO L470 AbstractCegarLoop]: Abstraction has 192 states and 253 transitions. [2022-02-20 18:12:04,953 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:04,953 INFO L276 IsEmpty]: Start isEmpty. Operand 192 states and 253 transitions. [2022-02-20 18:12:04,953 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:12:04,954 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:04,954 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:04,954 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:12:04,954 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:04,954 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:04,955 INFO L85 PathProgramCache]: Analyzing trace with hash -940805792, now seen corresponding path program 1 times [2022-02-20 18:12:04,955 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:04,955 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [850303351] [2022-02-20 18:12:04,955 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:04,955 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:04,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:04,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:12:04,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {1705#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1705#true} is VALID [2022-02-20 18:12:05,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {1705#true} assume true; {1705#true} is VALID [2022-02-20 18:12:05,002 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1705#true} {1706#false} #233#return; {1706#false} is VALID [2022-02-20 18:12:05,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:12:05,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,005 INFO L290 TraceCheckUtils]: 0: Hoare triple {1705#true} assume true; {1705#true} is VALID [2022-02-20 18:12:05,006 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1705#true} {1706#false} #237#return; {1706#false} is VALID [2022-02-20 18:12:05,006 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:12:05,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {1705#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1705#true} is VALID [2022-02-20 18:12:05,009 INFO L290 TraceCheckUtils]: 1: Hoare triple {1705#true} assume true; {1705#true} is VALID [2022-02-20 18:12:05,009 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1705#true} {1706#false} #239#return; {1706#false} is VALID [2022-02-20 18:12:05,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {1705#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {1705#true} is VALID [2022-02-20 18:12:05,010 INFO L290 TraceCheckUtils]: 1: Hoare triple {1705#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {1705#true} is VALID [2022-02-20 18:12:05,010 INFO L290 TraceCheckUtils]: 2: Hoare triple {1705#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1705#true} is VALID [2022-02-20 18:12:05,010 INFO L290 TraceCheckUtils]: 3: Hoare triple {1705#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {1705#true} is VALID [2022-02-20 18:12:05,010 INFO L290 TraceCheckUtils]: 4: Hoare triple {1705#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {1705#true} is VALID [2022-02-20 18:12:05,010 INFO L290 TraceCheckUtils]: 5: Hoare triple {1705#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {1705#true} is VALID [2022-02-20 18:12:05,011 INFO L290 TraceCheckUtils]: 6: Hoare triple {1705#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {1705#true} is VALID [2022-02-20 18:12:05,011 INFO L290 TraceCheckUtils]: 7: Hoare triple {1705#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1707#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:12:05,011 INFO L290 TraceCheckUtils]: 8: Hoare triple {1707#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {1707#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:12:05,012 INFO L290 TraceCheckUtils]: 9: Hoare triple {1707#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {1706#false} is VALID [2022-02-20 18:12:05,012 INFO L272 TraceCheckUtils]: 10: Hoare triple {1706#false} call cleanup(); {1706#false} is VALID [2022-02-20 18:12:05,012 INFO L290 TraceCheckUtils]: 11: Hoare triple {1706#false} havoc ~i~0;havoc ~__cil_tmp2~0; {1706#false} is VALID [2022-02-20 18:12:05,012 INFO L272 TraceCheckUtils]: 12: Hoare triple {1706#false} call timeShift(); {1706#false} is VALID [2022-02-20 18:12:05,013 INFO L290 TraceCheckUtils]: 13: Hoare triple {1706#false} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {1706#false} is VALID [2022-02-20 18:12:05,013 INFO L272 TraceCheckUtils]: 14: Hoare triple {1706#false} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {1705#true} is VALID [2022-02-20 18:12:05,013 INFO L290 TraceCheckUtils]: 15: Hoare triple {1705#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1705#true} is VALID [2022-02-20 18:12:05,013 INFO L290 TraceCheckUtils]: 16: Hoare triple {1705#true} assume true; {1705#true} is VALID [2022-02-20 18:12:05,013 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {1705#true} {1706#false} #233#return; {1706#false} is VALID [2022-02-20 18:12:05,013 INFO L290 TraceCheckUtils]: 18: Hoare triple {1706#false} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {1706#false} is VALID [2022-02-20 18:12:05,014 INFO L290 TraceCheckUtils]: 19: Hoare triple {1706#false} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {1706#false} is VALID [2022-02-20 18:12:05,014 INFO L290 TraceCheckUtils]: 20: Hoare triple {1706#false} assume !(0 != ~pumpRunning~0); {1706#false} is VALID [2022-02-20 18:12:05,014 INFO L290 TraceCheckUtils]: 21: Hoare triple {1706#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {1706#false} is VALID [2022-02-20 18:12:05,014 INFO L290 TraceCheckUtils]: 22: Hoare triple {1706#false} assume !(0 == ~pumpRunning~0); {1706#false} is VALID [2022-02-20 18:12:05,014 INFO L272 TraceCheckUtils]: 23: Hoare triple {1706#false} call processEnvironment__wrappee__base(); {1705#true} is VALID [2022-02-20 18:12:05,014 INFO L290 TraceCheckUtils]: 24: Hoare triple {1705#true} assume true; {1705#true} is VALID [2022-02-20 18:12:05,015 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {1705#true} {1706#false} #237#return; {1706#false} is VALID [2022-02-20 18:12:05,015 INFO L290 TraceCheckUtils]: 26: Hoare triple {1706#false} assume { :end_inline_processEnvironment } true; {1706#false} is VALID [2022-02-20 18:12:05,015 INFO L290 TraceCheckUtils]: 27: Hoare triple {1706#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {1706#false} is VALID [2022-02-20 18:12:05,015 INFO L290 TraceCheckUtils]: 28: Hoare triple {1706#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {1706#false} is VALID [2022-02-20 18:12:05,015 INFO L290 TraceCheckUtils]: 29: Hoare triple {1706#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {1706#false} is VALID [2022-02-20 18:12:05,016 INFO L272 TraceCheckUtils]: 30: Hoare triple {1706#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {1705#true} is VALID [2022-02-20 18:12:05,016 INFO L290 TraceCheckUtils]: 31: Hoare triple {1705#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {1705#true} is VALID [2022-02-20 18:12:05,016 INFO L290 TraceCheckUtils]: 32: Hoare triple {1705#true} assume true; {1705#true} is VALID [2022-02-20 18:12:05,016 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {1705#true} {1706#false} #239#return; {1706#false} is VALID [2022-02-20 18:12:05,016 INFO L290 TraceCheckUtils]: 34: Hoare triple {1706#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {1706#false} is VALID [2022-02-20 18:12:05,016 INFO L290 TraceCheckUtils]: 35: Hoare triple {1706#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {1706#false} is VALID [2022-02-20 18:12:05,017 INFO L290 TraceCheckUtils]: 36: Hoare triple {1706#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {1706#false} is VALID [2022-02-20 18:12:05,017 INFO L290 TraceCheckUtils]: 37: Hoare triple {1706#false} assume !false; {1706#false} is VALID [2022-02-20 18:12:05,017 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:05,017 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:05,017 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [850303351] [2022-02-20 18:12:05,018 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [850303351] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:05,018 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:05,018 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:05,018 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1620655875] [2022-02-20 18:12:05,018 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:05,019 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 38 [2022-02-20 18:12:05,019 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:05,019 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:05,062 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:05,062 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:05,063 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:05,063 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:05,063 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:05,063 INFO L87 Difference]: Start difference. First operand 192 states and 253 transitions. Second operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:05,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:05,142 INFO L93 Difference]: Finished difference Result 291 states and 379 transitions. [2022-02-20 18:12:05,142 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:05,142 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 38 [2022-02-20 18:12:05,143 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:05,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:05,162 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 152 transitions. [2022-02-20 18:12:05,162 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:05,164 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 152 transitions. [2022-02-20 18:12:05,164 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 152 transitions. [2022-02-20 18:12:05,242 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 152 edges. 152 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:05,246 INFO L225 Difference]: With dead ends: 291 [2022-02-20 18:12:05,246 INFO L226 Difference]: Without dead ends: 165 [2022-02-20 18:12:05,247 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:05,248 INFO L933 BasicCegarLoop]: 88 mSDtfsCounter, 17 mSDsluCounter, 67 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 155 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:05,249 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 155 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:05,249 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 165 states. [2022-02-20 18:12:05,271 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 165 to 165. [2022-02-20 18:12:05,290 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:05,292 INFO L82 GeneralOperation]: Start isEquivalent. First operand 165 states. Second operand has 165 states, 131 states have (on average 1.3435114503816794) internal successors, (176), 142 states have internal predecessors, (176), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) [2022-02-20 18:12:05,292 INFO L74 IsIncluded]: Start isIncluded. First operand 165 states. Second operand has 165 states, 131 states have (on average 1.3435114503816794) internal successors, (176), 142 states have internal predecessors, (176), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) [2022-02-20 18:12:05,293 INFO L87 Difference]: Start difference. First operand 165 states. Second operand has 165 states, 131 states have (on average 1.3435114503816794) internal successors, (176), 142 states have internal predecessors, (176), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) [2022-02-20 18:12:05,298 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:05,299 INFO L93 Difference]: Finished difference Result 165 states and 215 transitions. [2022-02-20 18:12:05,299 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 215 transitions. [2022-02-20 18:12:05,299 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:05,299 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:05,300 INFO L74 IsIncluded]: Start isIncluded. First operand has 165 states, 131 states have (on average 1.3435114503816794) internal successors, (176), 142 states have internal predecessors, (176), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) Second operand 165 states. [2022-02-20 18:12:05,300 INFO L87 Difference]: Start difference. First operand has 165 states, 131 states have (on average 1.3435114503816794) internal successors, (176), 142 states have internal predecessors, (176), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) Second operand 165 states. [2022-02-20 18:12:05,315 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:05,332 INFO L93 Difference]: Finished difference Result 165 states and 215 transitions. [2022-02-20 18:12:05,332 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 215 transitions. [2022-02-20 18:12:05,333 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:05,333 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:05,333 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:05,333 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:05,334 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 165 states, 131 states have (on average 1.3435114503816794) internal successors, (176), 142 states have internal predecessors, (176), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) [2022-02-20 18:12:05,340 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 165 states to 165 states and 215 transitions. [2022-02-20 18:12:05,340 INFO L78 Accepts]: Start accepts. Automaton has 165 states and 215 transitions. Word has length 38 [2022-02-20 18:12:05,341 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:05,341 INFO L470 AbstractCegarLoop]: Abstraction has 165 states and 215 transitions. [2022-02-20 18:12:05,341 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 1 states have call successors, (5), 2 states have call predecessors, (5), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:12:05,342 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 215 transitions. [2022-02-20 18:12:05,343 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:12:05,343 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:05,344 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:05,344 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:12:05,344 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:05,344 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:05,345 INFO L85 PathProgramCache]: Analyzing trace with hash 845444465, now seen corresponding path program 1 times [2022-02-20 18:12:05,345 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:05,345 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [850268956] [2022-02-20 18:12:05,345 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:05,345 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:05,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,461 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:05,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {2701#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2701#true} is VALID [2022-02-20 18:12:05,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {2701#true} assume true; {2701#true} is VALID [2022-02-20 18:12:05,481 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2701#true} {2703#(= ~pumpRunning~0 0)} #233#return; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:12:05,482 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {2701#true} assume true; {2701#true} is VALID [2022-02-20 18:12:05,485 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {2701#true} {2702#false} #237#return; {2702#false} is VALID [2022-02-20 18:12:05,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 34 [2022-02-20 18:12:05,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,492 INFO L290 TraceCheckUtils]: 0: Hoare triple {2701#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2701#true} is VALID [2022-02-20 18:12:05,493 INFO L290 TraceCheckUtils]: 1: Hoare triple {2701#true} assume true; {2701#true} is VALID [2022-02-20 18:12:05,493 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2701#true} {2702#false} #239#return; {2702#false} is VALID [2022-02-20 18:12:05,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {2701#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {2703#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,494 INFO L290 TraceCheckUtils]: 2: Hoare triple {2703#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,495 INFO L290 TraceCheckUtils]: 3: Hoare triple {2703#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,495 INFO L290 TraceCheckUtils]: 4: Hoare triple {2703#(= ~pumpRunning~0 0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,495 INFO L290 TraceCheckUtils]: 5: Hoare triple {2703#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,496 INFO L290 TraceCheckUtils]: 6: Hoare triple {2703#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,496 INFO L290 TraceCheckUtils]: 7: Hoare triple {2703#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,496 INFO L290 TraceCheckUtils]: 8: Hoare triple {2703#(= ~pumpRunning~0 0)} assume !false; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,498 INFO L290 TraceCheckUtils]: 9: Hoare triple {2703#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,499 INFO L290 TraceCheckUtils]: 10: Hoare triple {2703#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,499 INFO L290 TraceCheckUtils]: 11: Hoare triple {2703#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~4#1); {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,499 INFO L290 TraceCheckUtils]: 12: Hoare triple {2703#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,499 INFO L290 TraceCheckUtils]: 13: Hoare triple {2703#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,500 INFO L290 TraceCheckUtils]: 14: Hoare triple {2703#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,500 INFO L290 TraceCheckUtils]: 15: Hoare triple {2703#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,501 INFO L272 TraceCheckUtils]: 16: Hoare triple {2703#(= ~pumpRunning~0 0)} call timeShift(); {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,501 INFO L290 TraceCheckUtils]: 17: Hoare triple {2703#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,501 INFO L272 TraceCheckUtils]: 18: Hoare triple {2703#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {2701#true} is VALID [2022-02-20 18:12:05,501 INFO L290 TraceCheckUtils]: 19: Hoare triple {2701#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2701#true} is VALID [2022-02-20 18:12:05,501 INFO L290 TraceCheckUtils]: 20: Hoare triple {2701#true} assume true; {2701#true} is VALID [2022-02-20 18:12:05,502 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {2701#true} {2703#(= ~pumpRunning~0 0)} #233#return; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,502 INFO L290 TraceCheckUtils]: 22: Hoare triple {2703#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,502 INFO L290 TraceCheckUtils]: 23: Hoare triple {2703#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,502 INFO L290 TraceCheckUtils]: 24: Hoare triple {2703#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,503 INFO L290 TraceCheckUtils]: 25: Hoare triple {2703#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {2703#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,503 INFO L290 TraceCheckUtils]: 26: Hoare triple {2703#(= ~pumpRunning~0 0)} assume !(0 == ~pumpRunning~0); {2702#false} is VALID [2022-02-20 18:12:05,503 INFO L272 TraceCheckUtils]: 27: Hoare triple {2702#false} call processEnvironment__wrappee__base(); {2701#true} is VALID [2022-02-20 18:12:05,503 INFO L290 TraceCheckUtils]: 28: Hoare triple {2701#true} assume true; {2701#true} is VALID [2022-02-20 18:12:05,503 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {2701#true} {2702#false} #237#return; {2702#false} is VALID [2022-02-20 18:12:05,504 INFO L290 TraceCheckUtils]: 30: Hoare triple {2702#false} assume { :end_inline_processEnvironment } true; {2702#false} is VALID [2022-02-20 18:12:05,504 INFO L290 TraceCheckUtils]: 31: Hoare triple {2702#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {2702#false} is VALID [2022-02-20 18:12:05,504 INFO L290 TraceCheckUtils]: 32: Hoare triple {2702#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {2702#false} is VALID [2022-02-20 18:12:05,504 INFO L290 TraceCheckUtils]: 33: Hoare triple {2702#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {2702#false} is VALID [2022-02-20 18:12:05,504 INFO L272 TraceCheckUtils]: 34: Hoare triple {2702#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {2701#true} is VALID [2022-02-20 18:12:05,511 INFO L290 TraceCheckUtils]: 35: Hoare triple {2701#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {2701#true} is VALID [2022-02-20 18:12:05,511 INFO L290 TraceCheckUtils]: 36: Hoare triple {2701#true} assume true; {2701#true} is VALID [2022-02-20 18:12:05,511 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {2701#true} {2702#false} #239#return; {2702#false} is VALID [2022-02-20 18:12:05,511 INFO L290 TraceCheckUtils]: 38: Hoare triple {2702#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {2702#false} is VALID [2022-02-20 18:12:05,511 INFO L290 TraceCheckUtils]: 39: Hoare triple {2702#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {2702#false} is VALID [2022-02-20 18:12:05,511 INFO L290 TraceCheckUtils]: 40: Hoare triple {2702#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {2702#false} is VALID [2022-02-20 18:12:05,511 INFO L290 TraceCheckUtils]: 41: Hoare triple {2702#false} assume !false; {2702#false} is VALID [2022-02-20 18:12:05,512 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:05,512 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:05,512 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [850268956] [2022-02-20 18:12:05,512 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [850268956] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:05,512 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:05,512 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:05,512 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [386454015] [2022-02-20 18:12:05,512 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:05,513 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 42 [2022-02-20 18:12:05,513 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:05,513 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:05,541 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:05,541 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:05,541 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:05,542 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:05,542 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:05,542 INFO L87 Difference]: Start difference. First operand 165 states and 215 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:05,656 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:05,656 INFO L93 Difference]: Finished difference Result 407 states and 539 transitions. [2022-02-20 18:12:05,656 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:05,656 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 42 [2022-02-20 18:12:05,657 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:05,657 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:05,659 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 230 transitions. [2022-02-20 18:12:05,668 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:05,670 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 230 transitions. [2022-02-20 18:12:05,670 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 230 transitions. [2022-02-20 18:12:05,816 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 230 edges. 230 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:05,823 INFO L225 Difference]: With dead ends: 407 [2022-02-20 18:12:05,823 INFO L226 Difference]: Without dead ends: 250 [2022-02-20 18:12:05,827 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:05,835 INFO L933 BasicCegarLoop]: 97 mSDtfsCounter, 57 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 153 SdHoareTripleChecker+Invalid, 14 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:05,836 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [57 Valid, 153 Invalid, 14 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:05,839 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 250 states. [2022-02-20 18:12:05,860 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 250 to 248. [2022-02-20 18:12:05,866 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:05,867 INFO L82 GeneralOperation]: Start isEquivalent. First operand 250 states. Second operand has 248 states, 194 states have (on average 1.3144329896907216) internal successors, (255), 209 states have internal predecessors, (255), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:05,868 INFO L74 IsIncluded]: Start isIncluded. First operand 250 states. Second operand has 248 states, 194 states have (on average 1.3144329896907216) internal successors, (255), 209 states have internal predecessors, (255), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:05,872 INFO L87 Difference]: Start difference. First operand 250 states. Second operand has 248 states, 194 states have (on average 1.3144329896907216) internal successors, (255), 209 states have internal predecessors, (255), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:05,878 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:05,880 INFO L93 Difference]: Finished difference Result 250 states and 320 transitions. [2022-02-20 18:12:05,881 INFO L276 IsEmpty]: Start isEmpty. Operand 250 states and 320 transitions. [2022-02-20 18:12:05,881 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:05,882 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:05,883 INFO L74 IsIncluded]: Start isIncluded. First operand has 248 states, 194 states have (on average 1.3144329896907216) internal successors, (255), 209 states have internal predecessors, (255), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 250 states. [2022-02-20 18:12:05,885 INFO L87 Difference]: Start difference. First operand has 248 states, 194 states have (on average 1.3144329896907216) internal successors, (255), 209 states have internal predecessors, (255), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 250 states. [2022-02-20 18:12:05,891 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:05,892 INFO L93 Difference]: Finished difference Result 250 states and 320 transitions. [2022-02-20 18:12:05,892 INFO L276 IsEmpty]: Start isEmpty. Operand 250 states and 320 transitions. [2022-02-20 18:12:05,892 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:05,892 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:05,893 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:05,893 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:05,894 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 248 states, 194 states have (on average 1.3144329896907216) internal successors, (255), 209 states have internal predecessors, (255), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:05,902 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 248 states to 248 states and 319 transitions. [2022-02-20 18:12:05,902 INFO L78 Accepts]: Start accepts. Automaton has 248 states and 319 transitions. Word has length 42 [2022-02-20 18:12:05,902 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:05,902 INFO L470 AbstractCegarLoop]: Abstraction has 248 states and 319 transitions. [2022-02-20 18:12:05,903 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:05,903 INFO L276 IsEmpty]: Start isEmpty. Operand 248 states and 319 transitions. [2022-02-20 18:12:05,904 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 18:12:05,905 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:05,905 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:05,905 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:12:05,905 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:05,906 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:05,906 INFO L85 PathProgramCache]: Analyzing trace with hash 1493412905, now seen corresponding path program 1 times [2022-02-20 18:12:05,906 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:05,906 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [534059420] [2022-02-20 18:12:05,906 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:05,906 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:05,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-02-20 18:12:05,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {4133#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4133#true} is VALID [2022-02-20 18:12:05,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {4133#true} assume true; {4133#true} is VALID [2022-02-20 18:12:05,958 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4133#true} {4135#(= ~pumpRunning~0 0)} #233#return; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:12:05,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:05,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {4133#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:05,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:05,966 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} {4135#(= ~pumpRunning~0 0)} #239#return; {4142#(= 0 |timeShift___utac_acc__Specification5_spec__3_#t~ret51#1|)} is VALID [2022-02-20 18:12:05,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {4133#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,969 INFO L290 TraceCheckUtils]: 3: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,970 INFO L290 TraceCheckUtils]: 4: Hoare triple {4135#(= ~pumpRunning~0 0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,970 INFO L290 TraceCheckUtils]: 5: Hoare triple {4135#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,970 INFO L290 TraceCheckUtils]: 6: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,971 INFO L290 TraceCheckUtils]: 7: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,971 INFO L290 TraceCheckUtils]: 8: Hoare triple {4135#(= ~pumpRunning~0 0)} assume !false; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,971 INFO L290 TraceCheckUtils]: 9: Hoare triple {4135#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,972 INFO L290 TraceCheckUtils]: 10: Hoare triple {4135#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,972 INFO L290 TraceCheckUtils]: 11: Hoare triple {4135#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~4#1); {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,972 INFO L290 TraceCheckUtils]: 12: Hoare triple {4135#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,973 INFO L290 TraceCheckUtils]: 13: Hoare triple {4135#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,973 INFO L290 TraceCheckUtils]: 14: Hoare triple {4135#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,973 INFO L290 TraceCheckUtils]: 15: Hoare triple {4135#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet31#1 && test_#t~nondet31#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet31#1;havoc test_#t~nondet31#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,974 INFO L290 TraceCheckUtils]: 16: Hoare triple {4135#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,974 INFO L290 TraceCheckUtils]: 17: Hoare triple {4135#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,974 INFO L290 TraceCheckUtils]: 18: Hoare triple {4135#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,975 INFO L290 TraceCheckUtils]: 19: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,975 INFO L272 TraceCheckUtils]: 20: Hoare triple {4135#(= ~pumpRunning~0 0)} call timeShift(); {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,975 INFO L290 TraceCheckUtils]: 21: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,976 INFO L272 TraceCheckUtils]: 22: Hoare triple {4135#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {4133#true} is VALID [2022-02-20 18:12:05,976 INFO L290 TraceCheckUtils]: 23: Hoare triple {4133#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4133#true} is VALID [2022-02-20 18:12:05,976 INFO L290 TraceCheckUtils]: 24: Hoare triple {4133#true} assume true; {4133#true} is VALID [2022-02-20 18:12:05,976 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {4133#true} {4135#(= ~pumpRunning~0 0)} #233#return; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,977 INFO L290 TraceCheckUtils]: 26: Hoare triple {4135#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,977 INFO L290 TraceCheckUtils]: 27: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,977 INFO L290 TraceCheckUtils]: 28: Hoare triple {4135#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,978 INFO L290 TraceCheckUtils]: 29: Hoare triple {4135#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,978 INFO L290 TraceCheckUtils]: 30: Hoare triple {4135#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,978 INFO L290 TraceCheckUtils]: 31: Hoare triple {4135#(= ~pumpRunning~0 0)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,979 INFO L290 TraceCheckUtils]: 32: Hoare triple {4135#(= ~pumpRunning~0 0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {4135#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:05,979 INFO L272 TraceCheckUtils]: 33: Hoare triple {4135#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {4133#true} is VALID [2022-02-20 18:12:05,979 INFO L290 TraceCheckUtils]: 34: Hoare triple {4133#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:05,979 INFO L290 TraceCheckUtils]: 35: Hoare triple {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:05,980 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4144#(= ~pumpRunning~0 |isPumpRunning_#res|)} {4135#(= ~pumpRunning~0 0)} #239#return; {4142#(= 0 |timeShift___utac_acc__Specification5_spec__3_#t~ret51#1|)} is VALID [2022-02-20 18:12:05,980 INFO L290 TraceCheckUtils]: 37: Hoare triple {4142#(= 0 |timeShift___utac_acc__Specification5_spec__3_#t~ret51#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {4143#(= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:12:05,981 INFO L290 TraceCheckUtils]: 38: Hoare triple {4143#(= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {4134#false} is VALID [2022-02-20 18:12:05,981 INFO L290 TraceCheckUtils]: 39: Hoare triple {4134#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {4134#false} is VALID [2022-02-20 18:12:05,981 INFO L290 TraceCheckUtils]: 40: Hoare triple {4134#false} assume !false; {4134#false} is VALID [2022-02-20 18:12:05,981 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-02-20 18:12:05,982 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:05,982 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [534059420] [2022-02-20 18:12:05,982 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [534059420] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:05,982 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:05,982 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:12:05,982 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2072224624] [2022-02-20 18:12:05,982 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:05,983 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-02-20 18:12:05,983 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:05,983 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:06,006 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:06,007 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:12:06,007 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:06,007 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:12:06,007 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:12:06,007 INFO L87 Difference]: Start difference. First operand 248 states and 319 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:06,248 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:06,249 INFO L93 Difference]: Finished difference Result 500 states and 651 transitions. [2022-02-20 18:12:06,249 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:12:06,249 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-02-20 18:12:06,249 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:06,250 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:06,252 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 232 transitions. [2022-02-20 18:12:06,253 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:06,255 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 232 transitions. [2022-02-20 18:12:06,255 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 232 transitions. [2022-02-20 18:12:06,427 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 232 edges. 232 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:06,435 INFO L225 Difference]: With dead ends: 500 [2022-02-20 18:12:06,435 INFO L226 Difference]: Without dead ends: 260 [2022-02-20 18:12:06,435 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:12:06,436 INFO L933 BasicCegarLoop]: 99 mSDtfsCounter, 46 mSDsluCounter, 320 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 47 SdHoareTripleChecker+Valid, 419 SdHoareTripleChecker+Invalid, 61 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:06,436 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [47 Valid, 419 Invalid, 61 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 55 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:06,437 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 260 states. [2022-02-20 18:12:06,462 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 260 to 245. [2022-02-20 18:12:06,463 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:06,463 INFO L82 GeneralOperation]: Start isEquivalent. First operand 260 states. Second operand has 245 states, 191 states have (on average 1.287958115183246) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,464 INFO L74 IsIncluded]: Start isIncluded. First operand 260 states. Second operand has 245 states, 191 states have (on average 1.287958115183246) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,464 INFO L87 Difference]: Start difference. First operand 260 states. Second operand has 245 states, 191 states have (on average 1.287958115183246) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,480 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:06,480 INFO L93 Difference]: Finished difference Result 260 states and 331 transitions. [2022-02-20 18:12:06,480 INFO L276 IsEmpty]: Start isEmpty. Operand 260 states and 331 transitions. [2022-02-20 18:12:06,481 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:06,482 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:06,483 INFO L74 IsIncluded]: Start isIncluded. First operand has 245 states, 191 states have (on average 1.287958115183246) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 260 states. [2022-02-20 18:12:06,484 INFO L87 Difference]: Start difference. First operand has 245 states, 191 states have (on average 1.287958115183246) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 260 states. [2022-02-20 18:12:06,491 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:06,496 INFO L93 Difference]: Finished difference Result 260 states and 331 transitions. [2022-02-20 18:12:06,496 INFO L276 IsEmpty]: Start isEmpty. Operand 260 states and 331 transitions. [2022-02-20 18:12:06,497 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:06,497 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:06,497 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:06,497 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:06,498 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 245 states, 191 states have (on average 1.287958115183246) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,515 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 245 states to 245 states and 310 transitions. [2022-02-20 18:12:06,516 INFO L78 Accepts]: Start accepts. Automaton has 245 states and 310 transitions. Word has length 41 [2022-02-20 18:12:06,516 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:06,516 INFO L470 AbstractCegarLoop]: Abstraction has 245 states and 310 transitions. [2022-02-20 18:12:06,516 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:06,516 INFO L276 IsEmpty]: Start isEmpty. Operand 245 states and 310 transitions. [2022-02-20 18:12:06,517 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:12:06,517 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:06,517 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:06,517 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:12:06,517 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:06,518 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:06,518 INFO L85 PathProgramCache]: Analyzing trace with hash -1271259535, now seen corresponding path program 1 times [2022-02-20 18:12:06,518 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:06,518 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [867315087] [2022-02-20 18:12:06,518 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:06,518 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:06,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:06,606 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:06,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:06,609 INFO L290 TraceCheckUtils]: 0: Hoare triple {5718#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5718#true} is VALID [2022-02-20 18:12:06,609 INFO L290 TraceCheckUtils]: 1: Hoare triple {5718#true} assume true; {5718#true} is VALID [2022-02-20 18:12:06,610 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5718#true} {5718#true} #233#return; {5718#true} is VALID [2022-02-20 18:12:06,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 18:12:06,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:06,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {5718#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5718#true} is VALID [2022-02-20 18:12:06,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {5718#true} assume true; {5718#true} is VALID [2022-02-20 18:12:06,612 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5718#true} {5719#false} #239#return; {5719#false} is VALID [2022-02-20 18:12:06,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {5718#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {5718#true} is VALID [2022-02-20 18:12:06,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {5718#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 2: Hoare triple {5718#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 3: Hoare triple {5718#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 4: Hoare triple {5718#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 5: Hoare triple {5718#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 6: Hoare triple {5718#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 7: Hoare triple {5718#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 8: Hoare triple {5718#true} assume !false; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 9: Hoare triple {5718#true} assume test_~splverifierCounter~0#1 < 4; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 10: Hoare triple {5718#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 11: Hoare triple {5718#true} assume !(0 != test_~tmp~4#1); {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 12: Hoare triple {5718#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {5718#true} is VALID [2022-02-20 18:12:06,613 INFO L290 TraceCheckUtils]: 13: Hoare triple {5718#true} assume !(0 != test_~tmp___0~0#1); {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 14: Hoare triple {5718#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 15: Hoare triple {5718#true} assume 0 != test_~tmp___2~0#1; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L272 TraceCheckUtils]: 16: Hoare triple {5718#true} call timeShift(); {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 17: Hoare triple {5718#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L272 TraceCheckUtils]: 18: Hoare triple {5718#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 19: Hoare triple {5718#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 20: Hoare triple {5718#true} assume true; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {5718#true} {5718#true} #233#return; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 22: Hoare triple {5718#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 23: Hoare triple {5718#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 24: Hoare triple {5718#true} assume !(0 != ~pumpRunning~0); {5718#true} is VALID [2022-02-20 18:12:06,614 INFO L290 TraceCheckUtils]: 25: Hoare triple {5718#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {5718#true} is VALID [2022-02-20 18:12:06,615 INFO L290 TraceCheckUtils]: 26: Hoare triple {5718#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {5718#true} is VALID [2022-02-20 18:12:06,615 INFO L290 TraceCheckUtils]: 27: Hoare triple {5718#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~9#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {5718#true} is VALID [2022-02-20 18:12:06,615 INFO L290 TraceCheckUtils]: 28: Hoare triple {5718#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {5718#true} is VALID [2022-02-20 18:12:06,615 INFO L290 TraceCheckUtils]: 29: Hoare triple {5718#true} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0; {5723#(= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0)} is VALID [2022-02-20 18:12:06,616 INFO L290 TraceCheckUtils]: 30: Hoare triple {5723#(= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0)} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {5724#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:12:06,616 INFO L290 TraceCheckUtils]: 31: Hoare triple {5724#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {5725#(= |timeShift_processEnvironment_~tmp~5#1| 0)} is VALID [2022-02-20 18:12:06,616 INFO L290 TraceCheckUtils]: 32: Hoare triple {5725#(= |timeShift_processEnvironment_~tmp~5#1| 0)} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 33: Hoare triple {5719#false} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 34: Hoare triple {5719#false} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 35: Hoare triple {5719#false} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 36: Hoare triple {5719#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 37: Hoare triple {5719#false} assume { :end_inline_activatePump } true; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 38: Hoare triple {5719#false} assume { :end_inline_processEnvironment } true; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 39: Hoare triple {5719#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 40: Hoare triple {5719#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 41: Hoare triple {5719#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {5719#false} is VALID [2022-02-20 18:12:06,617 INFO L272 TraceCheckUtils]: 42: Hoare triple {5719#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {5718#true} is VALID [2022-02-20 18:12:06,617 INFO L290 TraceCheckUtils]: 43: Hoare triple {5718#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {5718#true} is VALID [2022-02-20 18:12:06,618 INFO L290 TraceCheckUtils]: 44: Hoare triple {5718#true} assume true; {5718#true} is VALID [2022-02-20 18:12:06,618 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {5718#true} {5719#false} #239#return; {5719#false} is VALID [2022-02-20 18:12:06,618 INFO L290 TraceCheckUtils]: 46: Hoare triple {5719#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {5719#false} is VALID [2022-02-20 18:12:06,618 INFO L290 TraceCheckUtils]: 47: Hoare triple {5719#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {5719#false} is VALID [2022-02-20 18:12:06,618 INFO L290 TraceCheckUtils]: 48: Hoare triple {5719#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {5719#false} is VALID [2022-02-20 18:12:06,618 INFO L290 TraceCheckUtils]: 49: Hoare triple {5719#false} assume !false; {5719#false} is VALID [2022-02-20 18:12:06,618 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:06,618 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:06,618 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [867315087] [2022-02-20 18:12:06,618 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [867315087] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:06,619 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:06,619 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:12:06,619 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1453770117] [2022-02-20 18:12:06,619 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:06,619 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:06,619 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:06,619 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:06,651 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:06,651 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:12:06,651 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:06,652 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:12:06,652 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:12:06,652 INFO L87 Difference]: Start difference. First operand 245 states and 310 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:06,837 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:06,837 INFO L93 Difference]: Finished difference Result 530 states and 688 transitions. [2022-02-20 18:12:06,837 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:12:06,837 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:06,837 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:06,837 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:06,839 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 201 transitions. [2022-02-20 18:12:06,839 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:06,840 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 201 transitions. [2022-02-20 18:12:06,841 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 201 transitions. [2022-02-20 18:12:06,949 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 201 edges. 201 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:06,955 INFO L225 Difference]: With dead ends: 530 [2022-02-20 18:12:06,955 INFO L226 Difference]: Without dead ends: 293 [2022-02-20 18:12:06,955 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:12:06,956 INFO L933 BasicCegarLoop]: 110 mSDtfsCounter, 33 mSDsluCounter, 284 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 35 SdHoareTripleChecker+Valid, 394 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:06,956 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [35 Valid, 394 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:06,957 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 293 states. [2022-02-20 18:12:06,966 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 293 to 251. [2022-02-20 18:12:06,966 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:06,966 INFO L82 GeneralOperation]: Start isEquivalent. First operand 293 states. Second operand has 251 states, 197 states have (on average 1.2791878172588833) internal successors, (252), 212 states have internal predecessors, (252), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,967 INFO L74 IsIncluded]: Start isIncluded. First operand 293 states. Second operand has 251 states, 197 states have (on average 1.2791878172588833) internal successors, (252), 212 states have internal predecessors, (252), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,967 INFO L87 Difference]: Start difference. First operand 293 states. Second operand has 251 states, 197 states have (on average 1.2791878172588833) internal successors, (252), 212 states have internal predecessors, (252), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:06,973 INFO L93 Difference]: Finished difference Result 293 states and 374 transitions. [2022-02-20 18:12:06,973 INFO L276 IsEmpty]: Start isEmpty. Operand 293 states and 374 transitions. [2022-02-20 18:12:06,974 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:06,974 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:06,975 INFO L74 IsIncluded]: Start isIncluded. First operand has 251 states, 197 states have (on average 1.2791878172588833) internal successors, (252), 212 states have internal predecessors, (252), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 293 states. [2022-02-20 18:12:06,975 INFO L87 Difference]: Start difference. First operand has 251 states, 197 states have (on average 1.2791878172588833) internal successors, (252), 212 states have internal predecessors, (252), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 293 states. [2022-02-20 18:12:06,981 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:06,981 INFO L93 Difference]: Finished difference Result 293 states and 374 transitions. [2022-02-20 18:12:06,981 INFO L276 IsEmpty]: Start isEmpty. Operand 293 states and 374 transitions. [2022-02-20 18:12:06,982 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:06,982 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:06,982 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:06,982 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:06,982 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 251 states, 197 states have (on average 1.2791878172588833) internal successors, (252), 212 states have internal predecessors, (252), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:06,988 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 251 states to 251 states and 316 transitions. [2022-02-20 18:12:06,988 INFO L78 Accepts]: Start accepts. Automaton has 251 states and 316 transitions. Word has length 50 [2022-02-20 18:12:06,988 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:06,988 INFO L470 AbstractCegarLoop]: Abstraction has 251 states and 316 transitions. [2022-02-20 18:12:06,988 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:06,988 INFO L276 IsEmpty]: Start isEmpty. Operand 251 states and 316 transitions. [2022-02-20 18:12:06,989 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:12:06,989 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:06,989 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:06,989 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:12:06,989 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:06,989 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:06,989 INFO L85 PathProgramCache]: Analyzing trace with hash -848557709, now seen corresponding path program 1 times [2022-02-20 18:12:06,989 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:06,989 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1023831217] [2022-02-20 18:12:06,990 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:06,990 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:07,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:07,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {7419#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7419#true} is VALID [2022-02-20 18:12:07,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {7419#true} assume true; {7419#true} is VALID [2022-02-20 18:12:07,041 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7419#true} {7419#true} #233#return; {7419#true} is VALID [2022-02-20 18:12:07,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 18:12:07,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {7419#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7419#true} is VALID [2022-02-20 18:12:07,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {7419#true} assume true; {7419#true} is VALID [2022-02-20 18:12:07,043 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7419#true} {7420#false} #239#return; {7420#false} is VALID [2022-02-20 18:12:07,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {7419#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {7419#true} is VALID [2022-02-20 18:12:07,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {7419#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {7419#true} is VALID [2022-02-20 18:12:07,044 INFO L290 TraceCheckUtils]: 2: Hoare triple {7419#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7419#true} is VALID [2022-02-20 18:12:07,044 INFO L290 TraceCheckUtils]: 3: Hoare triple {7419#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {7421#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:12:07,044 INFO L290 TraceCheckUtils]: 4: Hoare triple {7421#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {7422#(= |ULTIMATE.start_main_~tmp~3#1| 1)} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 5: Hoare triple {7422#(= |ULTIMATE.start_main_~tmp~3#1| 1)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 6: Hoare triple {7419#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 7: Hoare triple {7419#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 8: Hoare triple {7419#true} assume !false; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 9: Hoare triple {7419#true} assume test_~splverifierCounter~0#1 < 4; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 10: Hoare triple {7419#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 11: Hoare triple {7419#true} assume !(0 != test_~tmp~4#1); {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 12: Hoare triple {7419#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 13: Hoare triple {7419#true} assume !(0 != test_~tmp___0~0#1); {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 14: Hoare triple {7419#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L290 TraceCheckUtils]: 15: Hoare triple {7419#true} assume 0 != test_~tmp___2~0#1; {7419#true} is VALID [2022-02-20 18:12:07,045 INFO L272 TraceCheckUtils]: 16: Hoare triple {7419#true} call timeShift(); {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 17: Hoare triple {7419#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L272 TraceCheckUtils]: 18: Hoare triple {7419#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 19: Hoare triple {7419#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 20: Hoare triple {7419#true} assume true; {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {7419#true} {7419#true} #233#return; {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 22: Hoare triple {7419#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 23: Hoare triple {7419#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 24: Hoare triple {7419#true} assume !(0 != ~pumpRunning~0); {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 25: Hoare triple {7419#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {7419#true} is VALID [2022-02-20 18:12:07,046 INFO L290 TraceCheckUtils]: 26: Hoare triple {7419#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {7419#true} is VALID [2022-02-20 18:12:07,048 INFO L290 TraceCheckUtils]: 27: Hoare triple {7419#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~9#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {7426#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:12:07,048 INFO L290 TraceCheckUtils]: 28: Hoare triple {7426#(not (= |timeShift_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {7427#(not (= |timeShift_isHighWaterLevel_~tmp~7#1| 0))} is VALID [2022-02-20 18:12:07,048 INFO L290 TraceCheckUtils]: 29: Hoare triple {7427#(not (= |timeShift_isHighWaterLevel_~tmp~7#1| 0))} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {7420#false} is VALID [2022-02-20 18:12:07,048 INFO L290 TraceCheckUtils]: 30: Hoare triple {7420#false} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {7420#false} is VALID [2022-02-20 18:12:07,048 INFO L290 TraceCheckUtils]: 31: Hoare triple {7420#false} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 32: Hoare triple {7420#false} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 33: Hoare triple {7420#false} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 34: Hoare triple {7420#false} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 35: Hoare triple {7420#false} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 36: Hoare triple {7420#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 37: Hoare triple {7420#false} assume { :end_inline_activatePump } true; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 38: Hoare triple {7420#false} assume { :end_inline_processEnvironment } true; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 39: Hoare triple {7420#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 40: Hoare triple {7420#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L290 TraceCheckUtils]: 41: Hoare triple {7420#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {7420#false} is VALID [2022-02-20 18:12:07,049 INFO L272 TraceCheckUtils]: 42: Hoare triple {7420#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {7419#true} is VALID [2022-02-20 18:12:07,050 INFO L290 TraceCheckUtils]: 43: Hoare triple {7419#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {7419#true} is VALID [2022-02-20 18:12:07,050 INFO L290 TraceCheckUtils]: 44: Hoare triple {7419#true} assume true; {7419#true} is VALID [2022-02-20 18:12:07,050 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {7419#true} {7420#false} #239#return; {7420#false} is VALID [2022-02-20 18:12:07,050 INFO L290 TraceCheckUtils]: 46: Hoare triple {7420#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {7420#false} is VALID [2022-02-20 18:12:07,050 INFO L290 TraceCheckUtils]: 47: Hoare triple {7420#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {7420#false} is VALID [2022-02-20 18:12:07,050 INFO L290 TraceCheckUtils]: 48: Hoare triple {7420#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {7420#false} is VALID [2022-02-20 18:12:07,050 INFO L290 TraceCheckUtils]: 49: Hoare triple {7420#false} assume !false; {7420#false} is VALID [2022-02-20 18:12:07,050 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:07,050 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:07,050 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1023831217] [2022-02-20 18:12:07,051 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1023831217] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:07,051 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:07,051 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:12:07,051 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1149525081] [2022-02-20 18:12:07,051 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:07,051 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:07,051 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:07,051 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,078 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:07,078 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:12:07,078 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:07,078 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:12:07,078 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:12:07,079 INFO L87 Difference]: Start difference. First operand 251 states and 316 transitions. Second operand has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,307 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,307 INFO L93 Difference]: Finished difference Result 548 states and 708 transitions. [2022-02-20 18:12:07,308 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:12:07,308 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:07,308 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:07,308 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,310 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 208 transitions. [2022-02-20 18:12:07,310 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,311 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 208 transitions. [2022-02-20 18:12:07,312 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 208 transitions. [2022-02-20 18:12:07,436 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 208 edges. 208 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:07,442 INFO L225 Difference]: With dead ends: 548 [2022-02-20 18:12:07,442 INFO L226 Difference]: Without dead ends: 305 [2022-02-20 18:12:07,443 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=39, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:12:07,444 INFO L933 BasicCegarLoop]: 108 mSDtfsCounter, 75 mSDsluCounter, 348 mSDsCounter, 0 mSdLazyCounter, 19 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 77 SdHoareTripleChecker+Valid, 456 SdHoareTripleChecker+Invalid, 30 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 19 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:07,444 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [77 Valid, 456 Invalid, 30 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 19 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:07,444 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 305 states. [2022-02-20 18:12:07,459 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 305 to 255. [2022-02-20 18:12:07,460 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:07,460 INFO L82 GeneralOperation]: Start isEquivalent. First operand 305 states. Second operand has 255 states, 201 states have (on average 1.2736318407960199) internal successors, (256), 216 states have internal predecessors, (256), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:07,461 INFO L74 IsIncluded]: Start isIncluded. First operand 305 states. Second operand has 255 states, 201 states have (on average 1.2736318407960199) internal successors, (256), 216 states have internal predecessors, (256), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:07,461 INFO L87 Difference]: Start difference. First operand 305 states. Second operand has 255 states, 201 states have (on average 1.2736318407960199) internal successors, (256), 216 states have internal predecessors, (256), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:07,468 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,468 INFO L93 Difference]: Finished difference Result 305 states and 388 transitions. [2022-02-20 18:12:07,468 INFO L276 IsEmpty]: Start isEmpty. Operand 305 states and 388 transitions. [2022-02-20 18:12:07,469 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:07,469 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:07,469 INFO L74 IsIncluded]: Start isIncluded. First operand has 255 states, 201 states have (on average 1.2736318407960199) internal successors, (256), 216 states have internal predecessors, (256), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 305 states. [2022-02-20 18:12:07,470 INFO L87 Difference]: Start difference. First operand has 255 states, 201 states have (on average 1.2736318407960199) internal successors, (256), 216 states have internal predecessors, (256), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) Second operand 305 states. [2022-02-20 18:12:07,476 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,476 INFO L93 Difference]: Finished difference Result 305 states and 388 transitions. [2022-02-20 18:12:07,476 INFO L276 IsEmpty]: Start isEmpty. Operand 305 states and 388 transitions. [2022-02-20 18:12:07,477 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:07,477 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:07,477 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:07,477 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:07,477 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 255 states, 201 states have (on average 1.2736318407960199) internal successors, (256), 216 states have internal predecessors, (256), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-02-20 18:12:07,483 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 255 states to 255 states and 320 transitions. [2022-02-20 18:12:07,483 INFO L78 Accepts]: Start accepts. Automaton has 255 states and 320 transitions. Word has length 50 [2022-02-20 18:12:07,483 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:07,483 INFO L470 AbstractCegarLoop]: Abstraction has 255 states and 320 transitions. [2022-02-20 18:12:07,483 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,484 INFO L276 IsEmpty]: Start isEmpty. Operand 255 states and 320 transitions. [2022-02-20 18:12:07,484 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:12:07,484 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:07,484 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:07,484 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:12:07,484 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:07,485 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:07,485 INFO L85 PathProgramCache]: Analyzing trace with hash 1640971253, now seen corresponding path program 1 times [2022-02-20 18:12:07,485 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:07,485 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [531111092] [2022-02-20 18:12:07,485 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:07,485 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:07,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,529 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:12:07,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,533 INFO L290 TraceCheckUtils]: 0: Hoare triple {9178#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {9178#true} is VALID [2022-02-20 18:12:07,533 INFO L290 TraceCheckUtils]: 1: Hoare triple {9178#true} assume true; {9178#true} is VALID [2022-02-20 18:12:07,533 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9178#true} {9180#(= ~waterLevel~0 1)} #233#return; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 18:12:07,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {9178#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {9178#true} is VALID [2022-02-20 18:12:07,535 INFO L290 TraceCheckUtils]: 1: Hoare triple {9178#true} assume true; {9178#true} is VALID [2022-02-20 18:12:07,536 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9178#true} {9179#false} #239#return; {9179#false} is VALID [2022-02-20 18:12:07,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {9178#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {9180#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {9180#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,537 INFO L290 TraceCheckUtils]: 3: Hoare triple {9180#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,537 INFO L290 TraceCheckUtils]: 4: Hoare triple {9180#(= ~waterLevel~0 1)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,537 INFO L290 TraceCheckUtils]: 5: Hoare triple {9180#(= ~waterLevel~0 1)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,538 INFO L290 TraceCheckUtils]: 6: Hoare triple {9180#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,538 INFO L290 TraceCheckUtils]: 7: Hoare triple {9180#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,538 INFO L290 TraceCheckUtils]: 8: Hoare triple {9180#(= ~waterLevel~0 1)} assume !false; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,539 INFO L290 TraceCheckUtils]: 9: Hoare triple {9180#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,539 INFO L290 TraceCheckUtils]: 10: Hoare triple {9180#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,539 INFO L290 TraceCheckUtils]: 11: Hoare triple {9180#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~4#1); {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,539 INFO L290 TraceCheckUtils]: 12: Hoare triple {9180#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,540 INFO L290 TraceCheckUtils]: 13: Hoare triple {9180#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~0#1); {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,540 INFO L290 TraceCheckUtils]: 14: Hoare triple {9180#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,540 INFO L290 TraceCheckUtils]: 15: Hoare triple {9180#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,541 INFO L272 TraceCheckUtils]: 16: Hoare triple {9180#(= ~waterLevel~0 1)} call timeShift(); {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,541 INFO L290 TraceCheckUtils]: 17: Hoare triple {9180#(= ~waterLevel~0 1)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,541 INFO L272 TraceCheckUtils]: 18: Hoare triple {9180#(= ~waterLevel~0 1)} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {9178#true} is VALID [2022-02-20 18:12:07,541 INFO L290 TraceCheckUtils]: 19: Hoare triple {9178#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {9178#true} is VALID [2022-02-20 18:12:07,541 INFO L290 TraceCheckUtils]: 20: Hoare triple {9178#true} assume true; {9178#true} is VALID [2022-02-20 18:12:07,542 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {9178#true} {9180#(= ~waterLevel~0 1)} #233#return; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,542 INFO L290 TraceCheckUtils]: 22: Hoare triple {9180#(= ~waterLevel~0 1)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,542 INFO L290 TraceCheckUtils]: 23: Hoare triple {9180#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,543 INFO L290 TraceCheckUtils]: 24: Hoare triple {9180#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,543 INFO L290 TraceCheckUtils]: 25: Hoare triple {9180#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,543 INFO L290 TraceCheckUtils]: 26: Hoare triple {9180#(= ~waterLevel~0 1)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {9180#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 27: Hoare triple {9180#(= ~waterLevel~0 1)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 28: Hoare triple {9179#false} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 29: Hoare triple {9179#false} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 30: Hoare triple {9179#false} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 31: Hoare triple {9179#false} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 32: Hoare triple {9179#false} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 33: Hoare triple {9179#false} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 34: Hoare triple {9179#false} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 35: Hoare triple {9179#false} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9179#false} is VALID [2022-02-20 18:12:07,544 INFO L290 TraceCheckUtils]: 36: Hoare triple {9179#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9179#false} is VALID [2022-02-20 18:12:07,545 INFO L290 TraceCheckUtils]: 37: Hoare triple {9179#false} assume { :end_inline_activatePump } true; {9179#false} is VALID [2022-02-20 18:12:07,545 INFO L290 TraceCheckUtils]: 38: Hoare triple {9179#false} assume { :end_inline_processEnvironment } true; {9179#false} is VALID [2022-02-20 18:12:07,545 INFO L290 TraceCheckUtils]: 39: Hoare triple {9179#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {9179#false} is VALID [2022-02-20 18:12:07,545 INFO L290 TraceCheckUtils]: 40: Hoare triple {9179#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {9179#false} is VALID [2022-02-20 18:12:07,545 INFO L290 TraceCheckUtils]: 41: Hoare triple {9179#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {9179#false} is VALID [2022-02-20 18:12:07,546 INFO L272 TraceCheckUtils]: 42: Hoare triple {9179#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {9178#true} is VALID [2022-02-20 18:12:07,546 INFO L290 TraceCheckUtils]: 43: Hoare triple {9178#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {9178#true} is VALID [2022-02-20 18:12:07,546 INFO L290 TraceCheckUtils]: 44: Hoare triple {9178#true} assume true; {9178#true} is VALID [2022-02-20 18:12:07,546 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {9178#true} {9179#false} #239#return; {9179#false} is VALID [2022-02-20 18:12:07,546 INFO L290 TraceCheckUtils]: 46: Hoare triple {9179#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {9179#false} is VALID [2022-02-20 18:12:07,546 INFO L290 TraceCheckUtils]: 47: Hoare triple {9179#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {9179#false} is VALID [2022-02-20 18:12:07,546 INFO L290 TraceCheckUtils]: 48: Hoare triple {9179#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {9179#false} is VALID [2022-02-20 18:12:07,546 INFO L290 TraceCheckUtils]: 49: Hoare triple {9179#false} assume !false; {9179#false} is VALID [2022-02-20 18:12:07,546 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:07,546 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:07,547 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [531111092] [2022-02-20 18:12:07,547 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [531111092] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:07,547 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:07,547 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:07,547 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [382416451] [2022-02-20 18:12:07,547 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:07,547 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:07,547 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:07,548 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,575 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:07,575 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:07,575 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:07,575 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:07,576 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:07,576 INFO L87 Difference]: Start difference. First operand 255 states and 320 transitions. Second operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,676 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,676 INFO L93 Difference]: Finished difference Result 629 states and 799 transitions. [2022-02-20 18:12:07,676 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:07,676 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-02-20 18:12:07,676 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:07,676 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,678 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 231 transitions. [2022-02-20 18:12:07,678 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,679 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 231 transitions. [2022-02-20 18:12:07,679 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 231 transitions. [2022-02-20 18:12:07,799 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 231 edges. 231 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:07,808 INFO L225 Difference]: With dead ends: 629 [2022-02-20 18:12:07,808 INFO L226 Difference]: Without dead ends: 382 [2022-02-20 18:12:07,809 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 6 SyntacticMatches, 1 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:07,809 INFO L933 BasicCegarLoop]: 92 mSDtfsCounter, 39 mSDsluCounter, 75 mSDsCounter, 0 mSdLazyCounter, 10 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 167 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 10 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:07,809 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [39 Valid, 167 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 10 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:07,810 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 382 states. [2022-02-20 18:12:07,823 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 382 to 382. [2022-02-20 18:12:07,823 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:07,824 INFO L82 GeneralOperation]: Start isEquivalent. First operand 382 states. Second operand has 382 states, 300 states have (on average 1.2466666666666666) internal successors, (374), 318 states have internal predecessors, (374), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) [2022-02-20 18:12:07,825 INFO L74 IsIncluded]: Start isIncluded. First operand 382 states. Second operand has 382 states, 300 states have (on average 1.2466666666666666) internal successors, (374), 318 states have internal predecessors, (374), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) [2022-02-20 18:12:07,825 INFO L87 Difference]: Start difference. First operand 382 states. Second operand has 382 states, 300 states have (on average 1.2466666666666666) internal successors, (374), 318 states have internal predecessors, (374), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) [2022-02-20 18:12:07,833 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,833 INFO L93 Difference]: Finished difference Result 382 states and 473 transitions. [2022-02-20 18:12:07,833 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 473 transitions. [2022-02-20 18:12:07,834 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:07,834 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:07,835 INFO L74 IsIncluded]: Start isIncluded. First operand has 382 states, 300 states have (on average 1.2466666666666666) internal successors, (374), 318 states have internal predecessors, (374), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) Second operand 382 states. [2022-02-20 18:12:07,836 INFO L87 Difference]: Start difference. First operand has 382 states, 300 states have (on average 1.2466666666666666) internal successors, (374), 318 states have internal predecessors, (374), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) Second operand 382 states. [2022-02-20 18:12:07,844 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:07,844 INFO L93 Difference]: Finished difference Result 382 states and 473 transitions. [2022-02-20 18:12:07,844 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 473 transitions. [2022-02-20 18:12:07,845 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:07,845 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:07,845 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:07,845 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:07,846 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 382 states, 300 states have (on average 1.2466666666666666) internal successors, (374), 318 states have internal predecessors, (374), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) [2022-02-20 18:12:07,855 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 382 states to 382 states and 473 transitions. [2022-02-20 18:12:07,855 INFO L78 Accepts]: Start accepts. Automaton has 382 states and 473 transitions. Word has length 50 [2022-02-20 18:12:07,855 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:07,855 INFO L470 AbstractCegarLoop]: Abstraction has 382 states and 473 transitions. [2022-02-20 18:12:07,855 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:07,855 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 473 transitions. [2022-02-20 18:12:07,856 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2022-02-20 18:12:07,856 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:07,856 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:07,856 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:12:07,856 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:07,857 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:07,857 INFO L85 PathProgramCache]: Analyzing trace with hash 832166863, now seen corresponding path program 1 times [2022-02-20 18:12:07,857 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:07,857 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1762326948] [2022-02-20 18:12:07,857 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:07,857 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:07,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:12:07,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {11386#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,956 INFO L290 TraceCheckUtils]: 1: Hoare triple {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} assume true; {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,956 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} {11373#(= ~waterLevel~0 1)} #245#return; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,956 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-02-20 18:12:07,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,961 INFO L290 TraceCheckUtils]: 0: Hoare triple {11371#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {11371#true} is VALID [2022-02-20 18:12:07,961 INFO L290 TraceCheckUtils]: 1: Hoare triple {11371#true} assume true; {11371#true} is VALID [2022-02-20 18:12:07,962 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11371#true} {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} #233#return; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2022-02-20 18:12:07,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:07,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {11371#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {11371#true} is VALID [2022-02-20 18:12:07,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {11371#true} assume true; {11371#true} is VALID [2022-02-20 18:12:07,965 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11371#true} {11372#false} #239#return; {11372#false} is VALID [2022-02-20 18:12:07,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {11371#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {11373#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {11373#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,966 INFO L290 TraceCheckUtils]: 3: Hoare triple {11373#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,966 INFO L290 TraceCheckUtils]: 4: Hoare triple {11373#(= ~waterLevel~0 1)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,967 INFO L290 TraceCheckUtils]: 5: Hoare triple {11373#(= ~waterLevel~0 1)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,967 INFO L290 TraceCheckUtils]: 6: Hoare triple {11373#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,968 INFO L290 TraceCheckUtils]: 7: Hoare triple {11373#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,968 INFO L290 TraceCheckUtils]: 8: Hoare triple {11373#(= ~waterLevel~0 1)} assume !false; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,968 INFO L290 TraceCheckUtils]: 9: Hoare triple {11373#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,969 INFO L290 TraceCheckUtils]: 10: Hoare triple {11373#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,969 INFO L290 TraceCheckUtils]: 11: Hoare triple {11373#(= ~waterLevel~0 1)} assume 0 != test_~tmp~4#1; {11373#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:12:07,969 INFO L272 TraceCheckUtils]: 12: Hoare triple {11373#(= ~waterLevel~0 1)} call waterRise(); {11386#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:12:07,970 INFO L290 TraceCheckUtils]: 13: Hoare triple {11386#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,970 INFO L290 TraceCheckUtils]: 14: Hoare triple {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} assume true; {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,971 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {11387#(and (<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0) (<= ~waterLevel~0 2))} {11373#(= ~waterLevel~0 1)} #245#return; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,972 INFO L290 TraceCheckUtils]: 16: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,972 INFO L290 TraceCheckUtils]: 17: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != test_~tmp___0~0#1); {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,972 INFO L290 TraceCheckUtils]: 18: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,973 INFO L290 TraceCheckUtils]: 19: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 != test_~tmp___2~0#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,973 INFO L272 TraceCheckUtils]: 20: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} call timeShift(); {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,974 INFO L290 TraceCheckUtils]: 21: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,974 INFO L272 TraceCheckUtils]: 22: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {11371#true} is VALID [2022-02-20 18:12:07,974 INFO L290 TraceCheckUtils]: 23: Hoare triple {11371#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {11371#true} is VALID [2022-02-20 18:12:07,974 INFO L290 TraceCheckUtils]: 24: Hoare triple {11371#true} assume true; {11371#true} is VALID [2022-02-20 18:12:07,975 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {11371#true} {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} #233#return; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,975 INFO L290 TraceCheckUtils]: 26: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,976 INFO L290 TraceCheckUtils]: 27: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,976 INFO L290 TraceCheckUtils]: 28: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != ~pumpRunning~0); {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,977 INFO L290 TraceCheckUtils]: 29: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,977 INFO L290 TraceCheckUtils]: 30: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,977 INFO L290 TraceCheckUtils]: 31: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,978 INFO L290 TraceCheckUtils]: 32: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,979 INFO L290 TraceCheckUtils]: 33: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,979 INFO L290 TraceCheckUtils]: 34: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,980 INFO L290 TraceCheckUtils]: 35: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,980 INFO L290 TraceCheckUtils]: 36: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,981 INFO L290 TraceCheckUtils]: 37: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,981 INFO L290 TraceCheckUtils]: 38: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,982 INFO L290 TraceCheckUtils]: 39: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,982 INFO L290 TraceCheckUtils]: 40: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,982 INFO L290 TraceCheckUtils]: 41: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline_activatePump } true; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,983 INFO L290 TraceCheckUtils]: 42: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline_processEnvironment } true; {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:12:07,983 INFO L290 TraceCheckUtils]: 43: Hoare triple {11377#(and (< 1 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {11381#(= 2 |timeShift_getWaterLevel_#res#1|)} is VALID [2022-02-20 18:12:07,984 INFO L290 TraceCheckUtils]: 44: Hoare triple {11381#(= 2 |timeShift_getWaterLevel_#res#1|)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {11382#(= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| 2)} is VALID [2022-02-20 18:12:07,984 INFO L290 TraceCheckUtils]: 45: Hoare triple {11382#(= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| 2)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {11372#false} is VALID [2022-02-20 18:12:07,984 INFO L272 TraceCheckUtils]: 46: Hoare triple {11372#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {11371#true} is VALID [2022-02-20 18:12:07,984 INFO L290 TraceCheckUtils]: 47: Hoare triple {11371#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {11371#true} is VALID [2022-02-20 18:12:07,984 INFO L290 TraceCheckUtils]: 48: Hoare triple {11371#true} assume true; {11371#true} is VALID [2022-02-20 18:12:07,984 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {11371#true} {11372#false} #239#return; {11372#false} is VALID [2022-02-20 18:12:07,985 INFO L290 TraceCheckUtils]: 50: Hoare triple {11372#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {11372#false} is VALID [2022-02-20 18:12:07,985 INFO L290 TraceCheckUtils]: 51: Hoare triple {11372#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {11372#false} is VALID [2022-02-20 18:12:07,985 INFO L290 TraceCheckUtils]: 52: Hoare triple {11372#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {11372#false} is VALID [2022-02-20 18:12:07,985 INFO L290 TraceCheckUtils]: 53: Hoare triple {11372#false} assume !false; {11372#false} is VALID [2022-02-20 18:12:07,985 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:07,985 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:07,985 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1762326948] [2022-02-20 18:12:07,985 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1762326948] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:07,986 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:07,986 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:12:07,986 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [974585726] [2022-02-20 18:12:07,986 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:07,986 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 54 [2022-02-20 18:12:07,986 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:07,986 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:08,017 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 52 edges. 52 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:08,018 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:12:08,018 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:08,018 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:12:08,018 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:12:08,018 INFO L87 Difference]: Start difference. First operand 382 states and 473 transitions. Second operand has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:09,037 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:09,038 INFO L93 Difference]: Finished difference Result 1255 states and 1604 transitions. [2022-02-20 18:12:09,038 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-02-20 18:12:09,038 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 54 [2022-02-20 18:12:09,038 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:09,038 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:09,041 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 394 transitions. [2022-02-20 18:12:09,041 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:09,060 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 394 transitions. [2022-02-20 18:12:09,060 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states and 394 transitions. [2022-02-20 18:12:09,384 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 394 edges. 394 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:09,453 INFO L225 Difference]: With dead ends: 1255 [2022-02-20 18:12:09,453 INFO L226 Difference]: Without dead ends: 1008 [2022-02-20 18:12:09,454 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 7 SyntacticMatches, 1 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=56, Invalid=184, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:12:09,455 INFO L933 BasicCegarLoop]: 136 mSDtfsCounter, 241 mSDsluCounter, 547 mSDsCounter, 0 mSdLazyCounter, 287 mSolverCounterSat, 50 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 250 SdHoareTripleChecker+Valid, 683 SdHoareTripleChecker+Invalid, 337 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 50 IncrementalHoareTripleChecker+Valid, 287 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:09,455 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [250 Valid, 683 Invalid, 337 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [50 Valid, 287 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:12:09,456 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1008 states. [2022-02-20 18:12:09,600 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1008 to 931. [2022-02-20 18:12:09,601 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:09,602 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1008 states. Second operand has 931 states, 737 states have (on average 1.2293080054274084) internal successors, (906), 787 states have internal predecessors, (906), 106 states have call successors, (106), 81 states have call predecessors, (106), 87 states have return successors, (132), 101 states have call predecessors, (132), 106 states have call successors, (132) [2022-02-20 18:12:09,604 INFO L74 IsIncluded]: Start isIncluded. First operand 1008 states. Second operand has 931 states, 737 states have (on average 1.2293080054274084) internal successors, (906), 787 states have internal predecessors, (906), 106 states have call successors, (106), 81 states have call predecessors, (106), 87 states have return successors, (132), 101 states have call predecessors, (132), 106 states have call successors, (132) [2022-02-20 18:12:09,606 INFO L87 Difference]: Start difference. First operand 1008 states. Second operand has 931 states, 737 states have (on average 1.2293080054274084) internal successors, (906), 787 states have internal predecessors, (906), 106 states have call successors, (106), 81 states have call predecessors, (106), 87 states have return successors, (132), 101 states have call predecessors, (132), 106 states have call successors, (132) [2022-02-20 18:12:09,663 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:09,664 INFO L93 Difference]: Finished difference Result 1008 states and 1236 transitions. [2022-02-20 18:12:09,664 INFO L276 IsEmpty]: Start isEmpty. Operand 1008 states and 1236 transitions. [2022-02-20 18:12:09,667 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:09,667 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:09,670 INFO L74 IsIncluded]: Start isIncluded. First operand has 931 states, 737 states have (on average 1.2293080054274084) internal successors, (906), 787 states have internal predecessors, (906), 106 states have call successors, (106), 81 states have call predecessors, (106), 87 states have return successors, (132), 101 states have call predecessors, (132), 106 states have call successors, (132) Second operand 1008 states. [2022-02-20 18:12:09,671 INFO L87 Difference]: Start difference. First operand has 931 states, 737 states have (on average 1.2293080054274084) internal successors, (906), 787 states have internal predecessors, (906), 106 states have call successors, (106), 81 states have call predecessors, (106), 87 states have return successors, (132), 101 states have call predecessors, (132), 106 states have call successors, (132) Second operand 1008 states. [2022-02-20 18:12:09,730 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:09,730 INFO L93 Difference]: Finished difference Result 1008 states and 1236 transitions. [2022-02-20 18:12:09,730 INFO L276 IsEmpty]: Start isEmpty. Operand 1008 states and 1236 transitions. [2022-02-20 18:12:09,733 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:09,734 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:09,734 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:09,734 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:09,736 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 931 states, 737 states have (on average 1.2293080054274084) internal successors, (906), 787 states have internal predecessors, (906), 106 states have call successors, (106), 81 states have call predecessors, (106), 87 states have return successors, (132), 101 states have call predecessors, (132), 106 states have call successors, (132) [2022-02-20 18:12:09,804 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 931 states to 931 states and 1144 transitions. [2022-02-20 18:12:09,804 INFO L78 Accepts]: Start accepts. Automaton has 931 states and 1144 transitions. Word has length 54 [2022-02-20 18:12:09,805 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:09,805 INFO L470 AbstractCegarLoop]: Abstraction has 931 states and 1144 transitions. [2022-02-20 18:12:09,805 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:12:09,805 INFO L276 IsEmpty]: Start isEmpty. Operand 931 states and 1144 transitions. [2022-02-20 18:12:09,806 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-02-20 18:12:09,806 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:09,807 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:09,807 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:12:09,807 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:09,807 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:09,808 INFO L85 PathProgramCache]: Analyzing trace with hash -1448493659, now seen corresponding path program 1 times [2022-02-20 18:12:09,808 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:09,808 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1247837056] [2022-02-20 18:12:09,808 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:09,808 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:09,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:09,909 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:12:09,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:09,913 INFO L290 TraceCheckUtils]: 0: Hoare triple {16526#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {16480#true} is VALID [2022-02-20 18:12:09,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:09,914 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16480#true} {16480#true} #245#return; {16480#true} is VALID [2022-02-20 18:12:09,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:12:09,930 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:09,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:12:09,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:09,950 INFO L290 TraceCheckUtils]: 0: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:09,951 INFO L290 TraceCheckUtils]: 1: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:09,951 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16480#true} {16480#true} #233#return; {16480#true} is VALID [2022-02-20 18:12:09,951 INFO L290 TraceCheckUtils]: 0: Hoare triple {16527#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:09,951 INFO L272 TraceCheckUtils]: 1: Hoare triple {16480#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:09,951 INFO L290 TraceCheckUtils]: 2: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:09,951 INFO L290 TraceCheckUtils]: 3: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16480#true} {16480#true} #233#return; {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L290 TraceCheckUtils]: 5: Hoare triple {16480#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L290 TraceCheckUtils]: 6: Hoare triple {16480#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L290 TraceCheckUtils]: 7: Hoare triple {16480#true} assume !(0 != ~pumpRunning~0); {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L290 TraceCheckUtils]: 8: Hoare triple {16480#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L290 TraceCheckUtils]: 9: Hoare triple {16480#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L290 TraceCheckUtils]: 10: Hoare triple {16480#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:09,952 INFO L290 TraceCheckUtils]: 11: Hoare triple {16480#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {16480#true} is VALID [2022-02-20 18:12:09,953 INFO L290 TraceCheckUtils]: 12: Hoare triple {16480#true} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {16480#true} is VALID [2022-02-20 18:12:09,953 INFO L290 TraceCheckUtils]: 13: Hoare triple {16480#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {16480#true} is VALID [2022-02-20 18:12:09,953 INFO L290 TraceCheckUtils]: 14: Hoare triple {16480#true} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {16480#true} is VALID [2022-02-20 18:12:09,953 INFO L290 TraceCheckUtils]: 15: Hoare triple {16480#true} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {16480#true} is VALID [2022-02-20 18:12:09,953 INFO L290 TraceCheckUtils]: 16: Hoare triple {16480#true} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {16480#true} is VALID [2022-02-20 18:12:09,953 INFO L290 TraceCheckUtils]: 17: Hoare triple {16480#true} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {16480#true} is VALID [2022-02-20 18:12:09,954 INFO L290 TraceCheckUtils]: 18: Hoare triple {16480#true} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,954 INFO L290 TraceCheckUtils]: 19: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,954 INFO L290 TraceCheckUtils]: 20: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,955 INFO L290 TraceCheckUtils]: 21: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,955 INFO L290 TraceCheckUtils]: 22: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,956 INFO L290 TraceCheckUtils]: 23: Hoare triple {16531#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,956 INFO L290 TraceCheckUtils]: 24: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,956 INFO L290 TraceCheckUtils]: 25: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,957 INFO L290 TraceCheckUtils]: 26: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,957 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {16531#(<= 1 ~pumpRunning~0)} {16480#true} #249#return; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:12:09,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:09,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:09,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:09,971 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} {16515#(not (= ~pumpRunning~0 0))} #233#return; {16519#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret49#1| 0))} is VALID [2022-02-20 18:12:09,971 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:12:09,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:09,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:09,980 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {16480#true} {16520#(not (= ~switchedOnBeforeTS~0 0))} #237#return; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:09,980 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:12:09,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:09,984 INFO L290 TraceCheckUtils]: 0: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:09,984 INFO L290 TraceCheckUtils]: 1: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:09,984 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16480#true} {16520#(not (= ~switchedOnBeforeTS~0 0))} #239#return; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:09,984 INFO L290 TraceCheckUtils]: 0: Hoare triple {16480#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {16480#true} is VALID [2022-02-20 18:12:09,985 INFO L290 TraceCheckUtils]: 1: Hoare triple {16480#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {16480#true} is VALID [2022-02-20 18:12:09,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {16480#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16480#true} is VALID [2022-02-20 18:12:09,985 INFO L290 TraceCheckUtils]: 3: Hoare triple {16480#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {16482#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 4: Hoare triple {16482#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {16483#(= |ULTIMATE.start_main_~tmp~3#1| 1)} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 5: Hoare triple {16483#(= |ULTIMATE.start_main_~tmp~3#1| 1)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {16480#true} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 6: Hoare triple {16480#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {16480#true} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 7: Hoare triple {16480#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {16480#true} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 8: Hoare triple {16480#true} assume !false; {16480#true} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 9: Hoare triple {16480#true} assume test_~splverifierCounter~0#1 < 4; {16480#true} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 10: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {16480#true} is VALID [2022-02-20 18:12:09,986 INFO L290 TraceCheckUtils]: 11: Hoare triple {16480#true} assume 0 != test_~tmp~4#1; {16480#true} is VALID [2022-02-20 18:12:09,990 INFO L272 TraceCheckUtils]: 12: Hoare triple {16480#true} call waterRise(); {16526#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:12:09,990 INFO L290 TraceCheckUtils]: 13: Hoare triple {16526#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {16480#true} is VALID [2022-02-20 18:12:09,990 INFO L290 TraceCheckUtils]: 14: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:09,990 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {16480#true} {16480#true} #245#return; {16480#true} is VALID [2022-02-20 18:12:09,990 INFO L290 TraceCheckUtils]: 16: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {16480#true} is VALID [2022-02-20 18:12:09,990 INFO L290 TraceCheckUtils]: 17: Hoare triple {16480#true} assume !(0 != test_~tmp___0~0#1); {16480#true} is VALID [2022-02-20 18:12:09,991 INFO L290 TraceCheckUtils]: 18: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {16480#true} is VALID [2022-02-20 18:12:09,991 INFO L290 TraceCheckUtils]: 19: Hoare triple {16480#true} assume 0 != test_~tmp___2~0#1; {16480#true} is VALID [2022-02-20 18:12:09,991 INFO L272 TraceCheckUtils]: 20: Hoare triple {16480#true} call timeShift(); {16527#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:12:09,991 INFO L290 TraceCheckUtils]: 21: Hoare triple {16527#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:09,991 INFO L272 TraceCheckUtils]: 22: Hoare triple {16480#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 23: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 24: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {16480#true} {16480#true} #233#return; {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 26: Hoare triple {16480#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 27: Hoare triple {16480#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 28: Hoare triple {16480#true} assume !(0 != ~pumpRunning~0); {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 29: Hoare triple {16480#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 30: Hoare triple {16480#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:09,992 INFO L290 TraceCheckUtils]: 31: Hoare triple {16480#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:09,993 INFO L290 TraceCheckUtils]: 32: Hoare triple {16480#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {16480#true} is VALID [2022-02-20 18:12:09,993 INFO L290 TraceCheckUtils]: 33: Hoare triple {16480#true} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {16480#true} is VALID [2022-02-20 18:12:09,993 INFO L290 TraceCheckUtils]: 34: Hoare triple {16480#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {16480#true} is VALID [2022-02-20 18:12:09,993 INFO L290 TraceCheckUtils]: 35: Hoare triple {16480#true} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {16480#true} is VALID [2022-02-20 18:12:09,993 INFO L290 TraceCheckUtils]: 36: Hoare triple {16480#true} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {16480#true} is VALID [2022-02-20 18:12:09,993 INFO L290 TraceCheckUtils]: 37: Hoare triple {16480#true} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {16480#true} is VALID [2022-02-20 18:12:09,993 INFO L290 TraceCheckUtils]: 38: Hoare triple {16480#true} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {16480#true} is VALID [2022-02-20 18:12:09,994 INFO L290 TraceCheckUtils]: 39: Hoare triple {16480#true} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,994 INFO L290 TraceCheckUtils]: 40: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,994 INFO L290 TraceCheckUtils]: 41: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,995 INFO L290 TraceCheckUtils]: 42: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,995 INFO L290 TraceCheckUtils]: 43: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,995 INFO L290 TraceCheckUtils]: 44: Hoare triple {16531#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,996 INFO L290 TraceCheckUtils]: 45: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,996 INFO L290 TraceCheckUtils]: 46: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,996 INFO L290 TraceCheckUtils]: 47: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:09,997 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {16531#(<= 1 ~pumpRunning~0)} {16480#true} #249#return; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,997 INFO L290 TraceCheckUtils]: 49: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume !false; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,998 INFO L290 TraceCheckUtils]: 50: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume test_~splverifierCounter~0#1 < 4; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,998 INFO L290 TraceCheckUtils]: 51: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,998 INFO L290 TraceCheckUtils]: 52: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp~4#1); {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,999 INFO L290 TraceCheckUtils]: 53: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,999 INFO L290 TraceCheckUtils]: 54: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp___0~0#1); {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:09,999 INFO L290 TraceCheckUtils]: 55: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:10,000 INFO L290 TraceCheckUtils]: 56: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume 0 != test_~tmp___2~0#1; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:10,000 INFO L272 TraceCheckUtils]: 57: Hoare triple {16515#(not (= ~pumpRunning~0 0))} call timeShift(); {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:10,000 INFO L290 TraceCheckUtils]: 58: Hoare triple {16515#(not (= ~pumpRunning~0 0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16515#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:12:10,001 INFO L272 TraceCheckUtils]: 59: Hoare triple {16515#(not (= ~pumpRunning~0 0))} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:10,001 INFO L290 TraceCheckUtils]: 60: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:10,001 INFO L290 TraceCheckUtils]: 61: Hoare triple {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:10,002 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {16532#(= ~pumpRunning~0 |isPumpRunning_#res|)} {16515#(not (= ~pumpRunning~0 0))} #233#return; {16519#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret49#1| 0))} is VALID [2022-02-20 18:12:10,002 INFO L290 TraceCheckUtils]: 63: Hoare triple {16519#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret49#1| 0))} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,003 INFO L290 TraceCheckUtils]: 64: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,003 INFO L290 TraceCheckUtils]: 65: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,004 INFO L290 TraceCheckUtils]: 66: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,004 INFO L290 TraceCheckUtils]: 67: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline_lowerWaterLevel } true; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,004 INFO L290 TraceCheckUtils]: 68: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,005 INFO L290 TraceCheckUtils]: 69: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume !(0 == ~pumpRunning~0); {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,005 INFO L272 TraceCheckUtils]: 70: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} call processEnvironment__wrappee__base(); {16480#true} is VALID [2022-02-20 18:12:10,005 INFO L290 TraceCheckUtils]: 71: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:10,005 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {16480#true} {16520#(not (= ~switchedOnBeforeTS~0 0))} #237#return; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,006 INFO L290 TraceCheckUtils]: 73: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline_processEnvironment } true; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,006 INFO L290 TraceCheckUtils]: 74: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,006 INFO L290 TraceCheckUtils]: 75: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,007 INFO L290 TraceCheckUtils]: 76: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,007 INFO L272 TraceCheckUtils]: 77: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:10,007 INFO L290 TraceCheckUtils]: 78: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:10,007 INFO L290 TraceCheckUtils]: 79: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:10,008 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {16480#true} {16520#(not (= ~switchedOnBeforeTS~0 0))} #239#return; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,008 INFO L290 TraceCheckUtils]: 81: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,008 INFO L290 TraceCheckUtils]: 82: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {16520#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:12:10,009 INFO L290 TraceCheckUtils]: 83: Hoare triple {16520#(not (= ~switchedOnBeforeTS~0 0))} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {16481#false} is VALID [2022-02-20 18:12:10,009 INFO L290 TraceCheckUtils]: 84: Hoare triple {16481#false} assume !false; {16481#false} is VALID [2022-02-20 18:12:10,009 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 17 proven. 7 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:12:10,009 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:10,009 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1247837056] [2022-02-20 18:12:10,010 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1247837056] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:12:10,010 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1795242675] [2022-02-20 18:12:10,010 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:10,010 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:12:10,010 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:12:10,037 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:12:10,084 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:12:10,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:10,190 INFO L263 TraceCheckSpWp]: Trace formula consists of 448 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:12:10,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:10,216 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:12:10,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {16480#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {16480#true} is VALID [2022-02-20 18:12:10,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {16480#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {16480#true} is VALID [2022-02-20 18:12:10,644 INFO L290 TraceCheckUtils]: 2: Hoare triple {16480#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16480#true} is VALID [2022-02-20 18:12:10,644 INFO L290 TraceCheckUtils]: 3: Hoare triple {16480#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {16480#true} is VALID [2022-02-20 18:12:10,644 INFO L290 TraceCheckUtils]: 4: Hoare triple {16480#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 5: Hoare triple {16480#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 6: Hoare triple {16480#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 7: Hoare triple {16480#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 8: Hoare triple {16480#true} assume !false; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 9: Hoare triple {16480#true} assume test_~splverifierCounter~0#1 < 4; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 10: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 11: Hoare triple {16480#true} assume 0 != test_~tmp~4#1; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L272 TraceCheckUtils]: 12: Hoare triple {16480#true} call waterRise(); {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 13: Hoare triple {16480#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {16480#true} is VALID [2022-02-20 18:12:10,645 INFO L290 TraceCheckUtils]: 14: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {16480#true} {16480#true} #245#return; {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L290 TraceCheckUtils]: 16: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L290 TraceCheckUtils]: 17: Hoare triple {16480#true} assume !(0 != test_~tmp___0~0#1); {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L290 TraceCheckUtils]: 18: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L290 TraceCheckUtils]: 19: Hoare triple {16480#true} assume 0 != test_~tmp___2~0#1; {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L272 TraceCheckUtils]: 20: Hoare triple {16480#true} call timeShift(); {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L290 TraceCheckUtils]: 21: Hoare triple {16480#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L272 TraceCheckUtils]: 22: Hoare triple {16480#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L290 TraceCheckUtils]: 23: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:10,646 INFO L290 TraceCheckUtils]: 24: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {16480#true} {16480#true} #233#return; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 26: Hoare triple {16480#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 27: Hoare triple {16480#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 28: Hoare triple {16480#true} assume !(0 != ~pumpRunning~0); {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 29: Hoare triple {16480#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 30: Hoare triple {16480#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 31: Hoare triple {16480#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 32: Hoare triple {16480#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {16480#true} is VALID [2022-02-20 18:12:10,647 INFO L290 TraceCheckUtils]: 33: Hoare triple {16480#true} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {16480#true} is VALID [2022-02-20 18:12:10,648 INFO L290 TraceCheckUtils]: 34: Hoare triple {16480#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {16480#true} is VALID [2022-02-20 18:12:10,648 INFO L290 TraceCheckUtils]: 35: Hoare triple {16480#true} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {16480#true} is VALID [2022-02-20 18:12:10,648 INFO L290 TraceCheckUtils]: 36: Hoare triple {16480#true} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {16480#true} is VALID [2022-02-20 18:12:10,648 INFO L290 TraceCheckUtils]: 37: Hoare triple {16480#true} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {16480#true} is VALID [2022-02-20 18:12:10,648 INFO L290 TraceCheckUtils]: 38: Hoare triple {16480#true} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {16480#true} is VALID [2022-02-20 18:12:10,649 INFO L290 TraceCheckUtils]: 39: Hoare triple {16480#true} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,649 INFO L290 TraceCheckUtils]: 40: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,649 INFO L290 TraceCheckUtils]: 41: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,650 INFO L290 TraceCheckUtils]: 42: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,650 INFO L290 TraceCheckUtils]: 43: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,650 INFO L290 TraceCheckUtils]: 44: Hoare triple {16531#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,651 INFO L290 TraceCheckUtils]: 45: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,651 INFO L290 TraceCheckUtils]: 46: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,651 INFO L290 TraceCheckUtils]: 47: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,652 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {16531#(<= 1 ~pumpRunning~0)} {16480#true} #249#return; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,652 INFO L290 TraceCheckUtils]: 49: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !false; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,653 INFO L290 TraceCheckUtils]: 50: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume test_~splverifierCounter~0#1 < 4; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,653 INFO L290 TraceCheckUtils]: 51: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,655 INFO L290 TraceCheckUtils]: 52: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp~4#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,655 INFO L290 TraceCheckUtils]: 53: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,655 INFO L290 TraceCheckUtils]: 54: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp___0~0#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,662 INFO L290 TraceCheckUtils]: 55: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,662 INFO L290 TraceCheckUtils]: 56: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume 0 != test_~tmp___2~0#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,663 INFO L272 TraceCheckUtils]: 57: Hoare triple {16531#(<= 1 ~pumpRunning~0)} call timeShift(); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,663 INFO L290 TraceCheckUtils]: 58: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,664 INFO L272 TraceCheckUtils]: 59: Hoare triple {16531#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:10,664 INFO L290 TraceCheckUtils]: 60: Hoare triple {16531#(<= 1 ~pumpRunning~0)} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16716#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} is VALID [2022-02-20 18:12:10,665 INFO L290 TraceCheckUtils]: 61: Hoare triple {16716#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} assume true; {16716#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} is VALID [2022-02-20 18:12:10,666 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {16716#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} {16531#(<= 1 ~pumpRunning~0)} #233#return; {16723#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret49#1|)} is VALID [2022-02-20 18:12:10,666 INFO L290 TraceCheckUtils]: 63: Hoare triple {16723#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret49#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,667 INFO L290 TraceCheckUtils]: 64: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,667 INFO L290 TraceCheckUtils]: 65: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,667 INFO L290 TraceCheckUtils]: 66: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,668 INFO L290 TraceCheckUtils]: 67: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_lowerWaterLevel } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,668 INFO L290 TraceCheckUtils]: 68: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,668 INFO L290 TraceCheckUtils]: 69: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume !(0 == ~pumpRunning~0); {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,669 INFO L272 TraceCheckUtils]: 70: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} call processEnvironment__wrappee__base(); {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,669 INFO L290 TraceCheckUtils]: 71: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,670 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {16727#(<= 1 ~switchedOnBeforeTS~0)} {16727#(<= 1 ~switchedOnBeforeTS~0)} #237#return; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,670 INFO L290 TraceCheckUtils]: 73: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_processEnvironment } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,670 INFO L290 TraceCheckUtils]: 74: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,671 INFO L290 TraceCheckUtils]: 75: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,671 INFO L290 TraceCheckUtils]: 76: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,672 INFO L272 TraceCheckUtils]: 77: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,672 INFO L290 TraceCheckUtils]: 78: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,672 INFO L290 TraceCheckUtils]: 79: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,673 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {16727#(<= 1 ~switchedOnBeforeTS~0)} {16727#(<= 1 ~switchedOnBeforeTS~0)} #239#return; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,673 INFO L290 TraceCheckUtils]: 81: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,674 INFO L290 TraceCheckUtils]: 82: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:10,676 INFO L290 TraceCheckUtils]: 83: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {16481#false} is VALID [2022-02-20 18:12:10,676 INFO L290 TraceCheckUtils]: 84: Hoare triple {16481#false} assume !false; {16481#false} is VALID [2022-02-20 18:12:10,677 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 22 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:12:10,677 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:12:11,202 INFO L290 TraceCheckUtils]: 84: Hoare triple {16481#false} assume !false; {16481#false} is VALID [2022-02-20 18:12:11,203 INFO L290 TraceCheckUtils]: 83: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {16481#false} is VALID [2022-02-20 18:12:11,203 INFO L290 TraceCheckUtils]: 82: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,204 INFO L290 TraceCheckUtils]: 81: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,204 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {16480#true} {16727#(<= 1 ~switchedOnBeforeTS~0)} #239#return; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,204 INFO L290 TraceCheckUtils]: 79: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:11,204 INFO L290 TraceCheckUtils]: 78: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:11,205 INFO L272 TraceCheckUtils]: 77: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:11,205 INFO L290 TraceCheckUtils]: 76: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,205 INFO L290 TraceCheckUtils]: 75: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,205 INFO L290 TraceCheckUtils]: 74: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,206 INFO L290 TraceCheckUtils]: 73: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_processEnvironment } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,206 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {16480#true} {16727#(<= 1 ~switchedOnBeforeTS~0)} #237#return; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,206 INFO L290 TraceCheckUtils]: 71: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:11,206 INFO L272 TraceCheckUtils]: 70: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} call processEnvironment__wrappee__base(); {16480#true} is VALID [2022-02-20 18:12:11,207 INFO L290 TraceCheckUtils]: 69: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume !(0 == ~pumpRunning~0); {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,207 INFO L290 TraceCheckUtils]: 68: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,207 INFO L290 TraceCheckUtils]: 67: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_lowerWaterLevel } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,208 INFO L290 TraceCheckUtils]: 66: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,208 INFO L290 TraceCheckUtils]: 65: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,208 INFO L290 TraceCheckUtils]: 64: Hoare triple {16727#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,209 INFO L290 TraceCheckUtils]: 63: Hoare triple {16723#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret49#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16727#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:12:11,209 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {16860#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} {16531#(<= 1 ~pumpRunning~0)} #233#return; {16723#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret49#1|)} is VALID [2022-02-20 18:12:11,209 INFO L290 TraceCheckUtils]: 61: Hoare triple {16860#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} assume true; {16860#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} is VALID [2022-02-20 18:12:11,210 INFO L290 TraceCheckUtils]: 60: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16860#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} is VALID [2022-02-20 18:12:11,210 INFO L272 TraceCheckUtils]: 59: Hoare triple {16531#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:11,210 INFO L290 TraceCheckUtils]: 58: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,211 INFO L272 TraceCheckUtils]: 57: Hoare triple {16531#(<= 1 ~pumpRunning~0)} call timeShift(); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,211 INFO L290 TraceCheckUtils]: 56: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume 0 != test_~tmp___2~0#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,211 INFO L290 TraceCheckUtils]: 55: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,211 INFO L290 TraceCheckUtils]: 54: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp___0~0#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,212 INFO L290 TraceCheckUtils]: 53: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,212 INFO L290 TraceCheckUtils]: 52: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp~4#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,212 INFO L290 TraceCheckUtils]: 51: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,213 INFO L290 TraceCheckUtils]: 50: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume test_~splverifierCounter~0#1 < 4; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,213 INFO L290 TraceCheckUtils]: 49: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !false; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,213 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {16531#(<= 1 ~pumpRunning~0)} {16480#true} #249#return; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,213 INFO L290 TraceCheckUtils]: 47: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,214 INFO L290 TraceCheckUtils]: 46: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,214 INFO L290 TraceCheckUtils]: 45: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,214 INFO L290 TraceCheckUtils]: 44: Hoare triple {16531#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,215 INFO L290 TraceCheckUtils]: 43: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,215 INFO L290 TraceCheckUtils]: 42: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,215 INFO L290 TraceCheckUtils]: 41: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,215 INFO L290 TraceCheckUtils]: 40: Hoare triple {16531#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,216 INFO L290 TraceCheckUtils]: 39: Hoare triple {16480#true} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {16531#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:12:11,216 INFO L290 TraceCheckUtils]: 38: Hoare triple {16480#true} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {16480#true} is VALID [2022-02-20 18:12:11,216 INFO L290 TraceCheckUtils]: 37: Hoare triple {16480#true} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {16480#true} is VALID [2022-02-20 18:12:11,216 INFO L290 TraceCheckUtils]: 36: Hoare triple {16480#true} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {16480#true} is VALID [2022-02-20 18:12:11,216 INFO L290 TraceCheckUtils]: 35: Hoare triple {16480#true} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {16480#true} is VALID [2022-02-20 18:12:11,216 INFO L290 TraceCheckUtils]: 34: Hoare triple {16480#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 33: Hoare triple {16480#true} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 32: Hoare triple {16480#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 31: Hoare triple {16480#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 30: Hoare triple {16480#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 29: Hoare triple {16480#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 28: Hoare triple {16480#true} assume !(0 != ~pumpRunning~0); {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 27: Hoare triple {16480#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16480#true} is VALID [2022-02-20 18:12:11,217 INFO L290 TraceCheckUtils]: 26: Hoare triple {16480#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {16480#true} {16480#true} #233#return; {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L290 TraceCheckUtils]: 24: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L290 TraceCheckUtils]: 23: Hoare triple {16480#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L272 TraceCheckUtils]: 22: Hoare triple {16480#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L290 TraceCheckUtils]: 21: Hoare triple {16480#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L272 TraceCheckUtils]: 20: Hoare triple {16480#true} call timeShift(); {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L290 TraceCheckUtils]: 19: Hoare triple {16480#true} assume 0 != test_~tmp___2~0#1; {16480#true} is VALID [2022-02-20 18:12:11,218 INFO L290 TraceCheckUtils]: 18: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {16480#true} is VALID [2022-02-20 18:12:11,219 INFO L290 TraceCheckUtils]: 17: Hoare triple {16480#true} assume !(0 != test_~tmp___0~0#1); {16480#true} is VALID [2022-02-20 18:12:11,219 INFO L290 TraceCheckUtils]: 16: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {16480#true} is VALID [2022-02-20 18:12:11,219 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {16480#true} {16480#true} #245#return; {16480#true} is VALID [2022-02-20 18:12:11,219 INFO L290 TraceCheckUtils]: 14: Hoare triple {16480#true} assume true; {16480#true} is VALID [2022-02-20 18:12:11,219 INFO L290 TraceCheckUtils]: 13: Hoare triple {16480#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {16480#true} is VALID [2022-02-20 18:12:11,219 INFO L272 TraceCheckUtils]: 12: Hoare triple {16480#true} call waterRise(); {16480#true} is VALID [2022-02-20 18:12:11,219 INFO L290 TraceCheckUtils]: 11: Hoare triple {16480#true} assume 0 != test_~tmp~4#1; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 10: Hoare triple {16480#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 9: Hoare triple {16480#true} assume test_~splverifierCounter~0#1 < 4; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 8: Hoare triple {16480#true} assume !false; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 7: Hoare triple {16480#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 6: Hoare triple {16480#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 5: Hoare triple {16480#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 4: Hoare triple {16480#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {16480#true} is VALID [2022-02-20 18:12:11,220 INFO L290 TraceCheckUtils]: 3: Hoare triple {16480#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {16480#true} is VALID [2022-02-20 18:12:11,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {16480#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16480#true} is VALID [2022-02-20 18:12:11,221 INFO L290 TraceCheckUtils]: 1: Hoare triple {16480#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {16480#true} is VALID [2022-02-20 18:12:11,221 INFO L290 TraceCheckUtils]: 0: Hoare triple {16480#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {16480#true} is VALID [2022-02-20 18:12:11,221 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 18 proven. 6 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-02-20 18:12:11,221 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1795242675] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:12:11,222 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:12:11,222 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-02-20 18:12:11,222 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [956421349] [2022-02-20 18:12:11,222 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:12:11,223 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) Word has length 85 [2022-02-20 18:12:11,224 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:11,224 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-02-20 18:12:11,295 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 134 edges. 134 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:11,296 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:12:11,296 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:11,296 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:12:11,296 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=35, Invalid=175, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:12:11,297 INFO L87 Difference]: Start difference. First operand 931 states and 1144 transitions. Second operand has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-02-20 18:12:14,085 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:14,086 INFO L93 Difference]: Finished difference Result 1715 states and 2172 transitions. [2022-02-20 18:12:14,086 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-02-20 18:12:14,086 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) Word has length 85 [2022-02-20 18:12:14,087 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:14,087 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-02-20 18:12:14,095 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 385 transitions. [2022-02-20 18:12:14,096 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-02-20 18:12:14,101 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 385 transitions. [2022-02-20 18:12:14,101 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 34 states and 385 transitions. [2022-02-20 18:12:14,352 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 385 edges. 385 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:14,396 INFO L225 Difference]: With dead ends: 1715 [2022-02-20 18:12:14,396 INFO L226 Difference]: Without dead ends: 913 [2022-02-20 18:12:14,398 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 229 GetRequests, 187 SyntacticMatches, 1 SemanticMatches, 41 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 430 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=326, Invalid=1480, Unknown=0, NotChecked=0, Total=1806 [2022-02-20 18:12:14,399 INFO L933 BasicCegarLoop]: 180 mSDtfsCounter, 296 mSDsluCounter, 1123 mSDsCounter, 0 mSdLazyCounter, 727 mSolverCounterSat, 152 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 297 SdHoareTripleChecker+Valid, 1303 SdHoareTripleChecker+Invalid, 879 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 152 IncrementalHoareTripleChecker+Valid, 727 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:14,400 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [297 Valid, 1303 Invalid, 879 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [152 Valid, 727 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 18:12:14,401 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 913 states. [2022-02-20 18:12:14,673 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 913 to 818. [2022-02-20 18:12:14,673 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:14,682 INFO L82 GeneralOperation]: Start isEquivalent. First operand 913 states. Second operand has 818 states, 633 states have (on average 1.2116903633491312) internal successors, (767), 677 states have internal predecessors, (767), 100 states have call successors, (100), 84 states have call predecessors, (100), 84 states have return successors, (119), 89 states have call predecessors, (119), 100 states have call successors, (119) [2022-02-20 18:12:14,685 INFO L74 IsIncluded]: Start isIncluded. First operand 913 states. Second operand has 818 states, 633 states have (on average 1.2116903633491312) internal successors, (767), 677 states have internal predecessors, (767), 100 states have call successors, (100), 84 states have call predecessors, (100), 84 states have return successors, (119), 89 states have call predecessors, (119), 100 states have call successors, (119) [2022-02-20 18:12:14,686 INFO L87 Difference]: Start difference. First operand 913 states. Second operand has 818 states, 633 states have (on average 1.2116903633491312) internal successors, (767), 677 states have internal predecessors, (767), 100 states have call successors, (100), 84 states have call predecessors, (100), 84 states have return successors, (119), 89 states have call predecessors, (119), 100 states have call successors, (119) [2022-02-20 18:12:14,738 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:14,739 INFO L93 Difference]: Finished difference Result 913 states and 1122 transitions. [2022-02-20 18:12:14,739 INFO L276 IsEmpty]: Start isEmpty. Operand 913 states and 1122 transitions. [2022-02-20 18:12:14,741 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:14,741 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:14,743 INFO L74 IsIncluded]: Start isIncluded. First operand has 818 states, 633 states have (on average 1.2116903633491312) internal successors, (767), 677 states have internal predecessors, (767), 100 states have call successors, (100), 84 states have call predecessors, (100), 84 states have return successors, (119), 89 states have call predecessors, (119), 100 states have call successors, (119) Second operand 913 states. [2022-02-20 18:12:14,744 INFO L87 Difference]: Start difference. First operand has 818 states, 633 states have (on average 1.2116903633491312) internal successors, (767), 677 states have internal predecessors, (767), 100 states have call successors, (100), 84 states have call predecessors, (100), 84 states have return successors, (119), 89 states have call predecessors, (119), 100 states have call successors, (119) Second operand 913 states. [2022-02-20 18:12:14,798 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:14,799 INFO L93 Difference]: Finished difference Result 913 states and 1122 transitions. [2022-02-20 18:12:14,799 INFO L276 IsEmpty]: Start isEmpty. Operand 913 states and 1122 transitions. [2022-02-20 18:12:14,801 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:14,801 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:14,802 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:14,802 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:14,803 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 818 states, 633 states have (on average 1.2116903633491312) internal successors, (767), 677 states have internal predecessors, (767), 100 states have call successors, (100), 84 states have call predecessors, (100), 84 states have return successors, (119), 89 states have call predecessors, (119), 100 states have call successors, (119) [2022-02-20 18:12:14,841 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 818 states to 818 states and 986 transitions. [2022-02-20 18:12:14,842 INFO L78 Accepts]: Start accepts. Automaton has 818 states and 986 transitions. Word has length 85 [2022-02-20 18:12:14,842 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:14,842 INFO L470 AbstractCegarLoop]: Abstraction has 818 states and 986 transitions. [2022-02-20 18:12:14,843 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-02-20 18:12:14,843 INFO L276 IsEmpty]: Start isEmpty. Operand 818 states and 986 transitions. [2022-02-20 18:12:14,847 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 159 [2022-02-20 18:12:14,848 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:14,848 INFO L514 BasicCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:14,866 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:12:15,063 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-02-20 18:12:15,063 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:15,064 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:15,064 INFO L85 PathProgramCache]: Analyzing trace with hash -366703378, now seen corresponding path program 1 times [2022-02-20 18:12:15,064 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:15,064 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [685882098] [2022-02-20 18:12:15,064 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:15,064 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:15,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,144 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:12:15,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,147 INFO L290 TraceCheckUtils]: 0: Hoare triple {22559#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {22475#true} is VALID [2022-02-20 18:12:15,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,147 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {22475#true} {22475#true} #245#return; {22475#true} is VALID [2022-02-20 18:12:15,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:12:15,157 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,161 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:12:15,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,164 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L272 TraceCheckUtils]: 1: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L290 TraceCheckUtils]: 2: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L290 TraceCheckUtils]: 3: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L290 TraceCheckUtils]: 5: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L290 TraceCheckUtils]: 6: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L290 TraceCheckUtils]: 7: Hoare triple {22475#true} assume !(0 != ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,165 INFO L290 TraceCheckUtils]: 8: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 9: Hoare triple {22475#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 10: Hoare triple {22475#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 11: Hoare triple {22475#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 12: Hoare triple {22475#true} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 13: Hoare triple {22475#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 14: Hoare triple {22475#true} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 15: Hoare triple {22475#true} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {22475#true} is VALID [2022-02-20 18:12:15,166 INFO L290 TraceCheckUtils]: 16: Hoare triple {22475#true} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {22475#true} is VALID [2022-02-20 18:12:15,167 INFO L290 TraceCheckUtils]: 17: Hoare triple {22475#true} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {22475#true} is VALID [2022-02-20 18:12:15,167 INFO L290 TraceCheckUtils]: 18: Hoare triple {22475#true} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {22475#true} is VALID [2022-02-20 18:12:15,167 INFO L290 TraceCheckUtils]: 19: Hoare triple {22475#true} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {22475#true} is VALID [2022-02-20 18:12:15,167 INFO L290 TraceCheckUtils]: 20: Hoare triple {22475#true} assume { :end_inline_activatePump } true; {22475#true} is VALID [2022-02-20 18:12:15,167 INFO L290 TraceCheckUtils]: 21: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,167 INFO L290 TraceCheckUtils]: 22: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,167 INFO L290 TraceCheckUtils]: 23: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,168 INFO L290 TraceCheckUtils]: 24: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,168 INFO L290 TraceCheckUtils]: 25: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,168 INFO L290 TraceCheckUtils]: 26: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,168 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:12:15,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,175 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:12:15,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,177 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,177 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,177 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:12:15,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,180 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L272 TraceCheckUtils]: 1: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L290 TraceCheckUtils]: 3: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L290 TraceCheckUtils]: 5: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L290 TraceCheckUtils]: 6: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,181 INFO L290 TraceCheckUtils]: 7: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,182 INFO L290 TraceCheckUtils]: 8: Hoare triple {22475#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {22475#true} is VALID [2022-02-20 18:12:15,182 INFO L290 TraceCheckUtils]: 9: Hoare triple {22475#true} assume { :end_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,182 INFO L290 TraceCheckUtils]: 10: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,182 INFO L290 TraceCheckUtils]: 11: Hoare triple {22475#true} assume !(0 == ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,182 INFO L272 TraceCheckUtils]: 12: Hoare triple {22475#true} call processEnvironment__wrappee__base(); {22475#true} is VALID [2022-02-20 18:12:15,182 INFO L290 TraceCheckUtils]: 13: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,182 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,188 INFO L290 TraceCheckUtils]: 15: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,189 INFO L290 TraceCheckUtils]: 16: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,189 INFO L290 TraceCheckUtils]: 17: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,189 INFO L290 TraceCheckUtils]: 18: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,189 INFO L290 TraceCheckUtils]: 19: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,189 INFO L290 TraceCheckUtils]: 20: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,189 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,190 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:12:15,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:12:15,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,199 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,200 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:12:15,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,202 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,202 INFO L272 TraceCheckUtils]: 1: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,202 INFO L290 TraceCheckUtils]: 2: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,202 INFO L290 TraceCheckUtils]: 3: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,203 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,203 INFO L290 TraceCheckUtils]: 5: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,203 INFO L290 TraceCheckUtils]: 6: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,203 INFO L290 TraceCheckUtils]: 7: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,203 INFO L290 TraceCheckUtils]: 8: Hoare triple {22475#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {22475#true} is VALID [2022-02-20 18:12:15,203 INFO L290 TraceCheckUtils]: 9: Hoare triple {22475#true} assume { :end_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,203 INFO L290 TraceCheckUtils]: 10: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L290 TraceCheckUtils]: 11: Hoare triple {22475#true} assume !(0 == ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L272 TraceCheckUtils]: 12: Hoare triple {22475#true} call processEnvironment__wrappee__base(); {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L290 TraceCheckUtils]: 13: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L290 TraceCheckUtils]: 15: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L290 TraceCheckUtils]: 16: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L290 TraceCheckUtils]: 17: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,204 INFO L290 TraceCheckUtils]: 18: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,205 INFO L290 TraceCheckUtils]: 19: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,205 INFO L290 TraceCheckUtils]: 20: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,205 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:12:15,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,209 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {22475#true} {22552#(= 0 ~systemActive~0)} #233#return; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 18:12:15,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,212 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {22475#true} {22476#false} #239#return; {22476#false} is VALID [2022-02-20 18:12:15,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {22475#true} is VALID [2022-02-20 18:12:15,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {22475#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 3: Hoare triple {22475#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 4: Hoare triple {22475#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 5: Hoare triple {22475#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 6: Hoare triple {22475#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 7: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 8: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,213 INFO L290 TraceCheckUtils]: 9: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,214 INFO L290 TraceCheckUtils]: 10: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,214 INFO L290 TraceCheckUtils]: 11: Hoare triple {22475#true} assume 0 != test_~tmp~4#1; {22475#true} is VALID [2022-02-20 18:12:15,214 INFO L272 TraceCheckUtils]: 12: Hoare triple {22475#true} call waterRise(); {22559#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:12:15,214 INFO L290 TraceCheckUtils]: 13: Hoare triple {22559#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {22475#true} is VALID [2022-02-20 18:12:15,214 INFO L290 TraceCheckUtils]: 14: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,215 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {22475#true} {22475#true} #245#return; {22475#true} is VALID [2022-02-20 18:12:15,215 INFO L290 TraceCheckUtils]: 16: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,215 INFO L290 TraceCheckUtils]: 17: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,215 INFO L290 TraceCheckUtils]: 18: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,215 INFO L290 TraceCheckUtils]: 19: Hoare triple {22475#true} assume 0 != test_~tmp___2~0#1; {22475#true} is VALID [2022-02-20 18:12:15,216 INFO L272 TraceCheckUtils]: 20: Hoare triple {22475#true} call timeShift(); {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:12:15,216 INFO L290 TraceCheckUtils]: 21: Hoare triple {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,216 INFO L272 TraceCheckUtils]: 22: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,216 INFO L290 TraceCheckUtils]: 23: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,216 INFO L290 TraceCheckUtils]: 24: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,216 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,216 INFO L290 TraceCheckUtils]: 26: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,216 INFO L290 TraceCheckUtils]: 27: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 28: Hoare triple {22475#true} assume !(0 != ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 29: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 30: Hoare triple {22475#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 31: Hoare triple {22475#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 32: Hoare triple {22475#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 33: Hoare triple {22475#true} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 34: Hoare triple {22475#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {22475#true} is VALID [2022-02-20 18:12:15,217 INFO L290 TraceCheckUtils]: 35: Hoare triple {22475#true} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 36: Hoare triple {22475#true} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 37: Hoare triple {22475#true} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 38: Hoare triple {22475#true} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 39: Hoare triple {22475#true} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 40: Hoare triple {22475#true} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 41: Hoare triple {22475#true} assume { :end_inline_activatePump } true; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 42: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,218 INFO L290 TraceCheckUtils]: 43: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,219 INFO L290 TraceCheckUtils]: 44: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,219 INFO L290 TraceCheckUtils]: 45: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,219 INFO L290 TraceCheckUtils]: 46: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,219 INFO L290 TraceCheckUtils]: 47: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,219 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,219 INFO L290 TraceCheckUtils]: 49: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,219 INFO L290 TraceCheckUtils]: 50: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,220 INFO L290 TraceCheckUtils]: 51: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,220 INFO L290 TraceCheckUtils]: 52: Hoare triple {22475#true} assume !(0 != test_~tmp~4#1); {22475#true} is VALID [2022-02-20 18:12:15,220 INFO L290 TraceCheckUtils]: 53: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,220 INFO L290 TraceCheckUtils]: 54: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,220 INFO L290 TraceCheckUtils]: 55: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,220 INFO L290 TraceCheckUtils]: 56: Hoare triple {22475#true} assume 0 != test_~tmp___2~0#1; {22475#true} is VALID [2022-02-20 18:12:15,221 INFO L272 TraceCheckUtils]: 57: Hoare triple {22475#true} call timeShift(); {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:12:15,221 INFO L290 TraceCheckUtils]: 58: Hoare triple {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,221 INFO L272 TraceCheckUtils]: 59: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,221 INFO L290 TraceCheckUtils]: 60: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,221 INFO L290 TraceCheckUtils]: 61: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,221 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,221 INFO L290 TraceCheckUtils]: 63: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L290 TraceCheckUtils]: 64: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L290 TraceCheckUtils]: 65: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L290 TraceCheckUtils]: 66: Hoare triple {22475#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L290 TraceCheckUtils]: 67: Hoare triple {22475#true} assume { :end_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L290 TraceCheckUtils]: 68: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L290 TraceCheckUtils]: 69: Hoare triple {22475#true} assume !(0 == ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L272 TraceCheckUtils]: 70: Hoare triple {22475#true} call processEnvironment__wrappee__base(); {22475#true} is VALID [2022-02-20 18:12:15,222 INFO L290 TraceCheckUtils]: 71: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L290 TraceCheckUtils]: 73: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L290 TraceCheckUtils]: 74: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L290 TraceCheckUtils]: 75: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L290 TraceCheckUtils]: 76: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L290 TraceCheckUtils]: 77: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L290 TraceCheckUtils]: 78: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,223 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 80: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 81: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 82: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 83: Hoare triple {22475#true} assume !(0 != test_~tmp~4#1); {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 84: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 85: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 86: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,224 INFO L290 TraceCheckUtils]: 87: Hoare triple {22475#true} assume 0 != test_~tmp___2~0#1; {22475#true} is VALID [2022-02-20 18:12:15,225 INFO L272 TraceCheckUtils]: 88: Hoare triple {22475#true} call timeShift(); {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:12:15,225 INFO L290 TraceCheckUtils]: 89: Hoare triple {22560#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,225 INFO L272 TraceCheckUtils]: 90: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,225 INFO L290 TraceCheckUtils]: 91: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 92: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 94: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 95: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 96: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 97: Hoare triple {22475#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 98: Hoare triple {22475#true} assume { :end_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 99: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,226 INFO L290 TraceCheckUtils]: 100: Hoare triple {22475#true} assume !(0 == ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,227 INFO L272 TraceCheckUtils]: 101: Hoare triple {22475#true} call processEnvironment__wrappee__base(); {22475#true} is VALID [2022-02-20 18:12:15,227 INFO L290 TraceCheckUtils]: 102: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,227 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,227 INFO L290 TraceCheckUtils]: 104: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,227 INFO L290 TraceCheckUtils]: 105: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,227 INFO L290 TraceCheckUtils]: 106: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,227 INFO L290 TraceCheckUtils]: 107: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L290 TraceCheckUtils]: 108: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L290 TraceCheckUtils]: 109: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L290 TraceCheckUtils]: 111: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L290 TraceCheckUtils]: 112: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L290 TraceCheckUtils]: 113: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L290 TraceCheckUtils]: 114: Hoare triple {22475#true} assume !(0 != test_~tmp~4#1); {22475#true} is VALID [2022-02-20 18:12:15,228 INFO L290 TraceCheckUtils]: 115: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,229 INFO L290 TraceCheckUtils]: 116: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,229 INFO L290 TraceCheckUtils]: 117: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,229 INFO L290 TraceCheckUtils]: 118: Hoare triple {22475#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet31#1 && test_#t~nondet31#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet31#1;havoc test_#t~nondet31#1; {22475#true} is VALID [2022-02-20 18:12:15,229 INFO L290 TraceCheckUtils]: 119: Hoare triple {22475#true} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {22475#true} is VALID [2022-02-20 18:12:15,229 INFO L290 TraceCheckUtils]: 120: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_deactivatePump } true;~pumpRunning~0 := 0; {22475#true} is VALID [2022-02-20 18:12:15,229 INFO L290 TraceCheckUtils]: 121: Hoare triple {22475#true} assume { :end_inline_deactivatePump } true; {22475#true} is VALID [2022-02-20 18:12:15,230 INFO L290 TraceCheckUtils]: 122: Hoare triple {22475#true} ~systemActive~0 := 0; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,230 INFO L290 TraceCheckUtils]: 123: Hoare triple {22552#(= 0 ~systemActive~0)} assume { :end_inline_stopSystem } true; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,230 INFO L272 TraceCheckUtils]: 124: Hoare triple {22552#(= 0 ~systemActive~0)} call timeShift(); {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,231 INFO L290 TraceCheckUtils]: 125: Hoare triple {22552#(= 0 ~systemActive~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,231 INFO L272 TraceCheckUtils]: 126: Hoare triple {22552#(= 0 ~systemActive~0)} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,231 INFO L290 TraceCheckUtils]: 127: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,231 INFO L290 TraceCheckUtils]: 128: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,232 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {22475#true} {22552#(= 0 ~systemActive~0)} #233#return; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,232 INFO L290 TraceCheckUtils]: 130: Hoare triple {22552#(= 0 ~systemActive~0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,232 INFO L290 TraceCheckUtils]: 131: Hoare triple {22552#(= 0 ~systemActive~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,233 INFO L290 TraceCheckUtils]: 132: Hoare triple {22552#(= 0 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,233 INFO L290 TraceCheckUtils]: 133: Hoare triple {22552#(= 0 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22476#false} is VALID [2022-02-20 18:12:15,233 INFO L290 TraceCheckUtils]: 134: Hoare triple {22476#false} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {22476#false} is VALID [2022-02-20 18:12:15,233 INFO L290 TraceCheckUtils]: 135: Hoare triple {22476#false} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {22476#false} is VALID [2022-02-20 18:12:15,233 INFO L290 TraceCheckUtils]: 136: Hoare triple {22476#false} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {22476#false} is VALID [2022-02-20 18:12:15,233 INFO L290 TraceCheckUtils]: 137: Hoare triple {22476#false} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 138: Hoare triple {22476#false} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 139: Hoare triple {22476#false} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 140: Hoare triple {22476#false} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 141: Hoare triple {22476#false} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 142: Hoare triple {22476#false} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 143: Hoare triple {22476#false} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 144: Hoare triple {22476#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {22476#false} is VALID [2022-02-20 18:12:15,234 INFO L290 TraceCheckUtils]: 145: Hoare triple {22476#false} assume { :end_inline_activatePump } true; {22476#false} is VALID [2022-02-20 18:12:15,235 INFO L290 TraceCheckUtils]: 146: Hoare triple {22476#false} assume { :end_inline_processEnvironment } true; {22476#false} is VALID [2022-02-20 18:12:15,235 INFO L290 TraceCheckUtils]: 147: Hoare triple {22476#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22476#false} is VALID [2022-02-20 18:12:15,235 INFO L290 TraceCheckUtils]: 148: Hoare triple {22476#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22476#false} is VALID [2022-02-20 18:12:15,235 INFO L290 TraceCheckUtils]: 149: Hoare triple {22476#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {22476#false} is VALID [2022-02-20 18:12:15,235 INFO L272 TraceCheckUtils]: 150: Hoare triple {22476#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,235 INFO L290 TraceCheckUtils]: 151: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,235 INFO L290 TraceCheckUtils]: 152: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,235 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {22475#true} {22476#false} #239#return; {22476#false} is VALID [2022-02-20 18:12:15,236 INFO L290 TraceCheckUtils]: 154: Hoare triple {22476#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {22476#false} is VALID [2022-02-20 18:12:15,236 INFO L290 TraceCheckUtils]: 155: Hoare triple {22476#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {22476#false} is VALID [2022-02-20 18:12:15,236 INFO L290 TraceCheckUtils]: 156: Hoare triple {22476#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {22476#false} is VALID [2022-02-20 18:12:15,236 INFO L290 TraceCheckUtils]: 157: Hoare triple {22476#false} assume !false; {22476#false} is VALID [2022-02-20 18:12:15,236 INFO L134 CoverageAnalysis]: Checked inductivity of 175 backedges. 44 proven. 3 refuted. 0 times theorem prover too weak. 128 trivial. 0 not checked. [2022-02-20 18:12:15,237 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:15,237 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [685882098] [2022-02-20 18:12:15,237 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [685882098] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:12:15,237 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [877289804] [2022-02-20 18:12:15,237 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:15,237 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:12:15,237 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:12:15,238 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:12:15,240 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:12:15,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,359 INFO L263 TraceCheckSpWp]: Trace formula consists of 644 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:12:15,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:15,398 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:12:15,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {22475#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~switchedOnBeforeTS~0 := 0; {22475#true} is VALID [2022-02-20 18:12:15,651 INFO L290 TraceCheckUtils]: 1: Hoare triple {22475#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {22475#true} is VALID [2022-02-20 18:12:15,651 INFO L290 TraceCheckUtils]: 2: Hoare triple {22475#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22475#true} is VALID [2022-02-20 18:12:15,651 INFO L290 TraceCheckUtils]: 3: Hoare triple {22475#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {22475#true} is VALID [2022-02-20 18:12:15,651 INFO L290 TraceCheckUtils]: 4: Hoare triple {22475#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {22475#true} is VALID [2022-02-20 18:12:15,651 INFO L290 TraceCheckUtils]: 5: Hoare triple {22475#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {22475#true} is VALID [2022-02-20 18:12:15,651 INFO L290 TraceCheckUtils]: 6: Hoare triple {22475#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {22475#true} is VALID [2022-02-20 18:12:15,651 INFO L290 TraceCheckUtils]: 7: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~4#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~4#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {22475#true} is VALID [2022-02-20 18:12:15,652 INFO L290 TraceCheckUtils]: 8: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,652 INFO L290 TraceCheckUtils]: 9: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,652 INFO L290 TraceCheckUtils]: 10: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,652 INFO L290 TraceCheckUtils]: 11: Hoare triple {22475#true} assume 0 != test_~tmp~4#1; {22475#true} is VALID [2022-02-20 18:12:15,653 INFO L272 TraceCheckUtils]: 12: Hoare triple {22475#true} call waterRise(); {22475#true} is VALID [2022-02-20 18:12:15,655 INFO L290 TraceCheckUtils]: 13: Hoare triple {22475#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {22475#true} is VALID [2022-02-20 18:12:15,656 INFO L290 TraceCheckUtils]: 14: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,656 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {22475#true} {22475#true} #245#return; {22475#true} is VALID [2022-02-20 18:12:15,656 INFO L290 TraceCheckUtils]: 16: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,656 INFO L290 TraceCheckUtils]: 17: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,656 INFO L290 TraceCheckUtils]: 18: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,656 INFO L290 TraceCheckUtils]: 19: Hoare triple {22475#true} assume 0 != test_~tmp___2~0#1; {22475#true} is VALID [2022-02-20 18:12:15,656 INFO L272 TraceCheckUtils]: 20: Hoare triple {22475#true} call timeShift(); {22475#true} is VALID [2022-02-20 18:12:15,657 INFO L290 TraceCheckUtils]: 21: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,657 INFO L272 TraceCheckUtils]: 22: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,657 INFO L290 TraceCheckUtils]: 23: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,657 INFO L290 TraceCheckUtils]: 24: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,659 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,659 INFO L290 TraceCheckUtils]: 26: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,660 INFO L290 TraceCheckUtils]: 27: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,660 INFO L290 TraceCheckUtils]: 28: Hoare triple {22475#true} assume !(0 != ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,660 INFO L290 TraceCheckUtils]: 29: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,660 INFO L290 TraceCheckUtils]: 30: Hoare triple {22475#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {22475#true} is VALID [2022-02-20 18:12:15,662 INFO L290 TraceCheckUtils]: 31: Hoare triple {22475#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {22475#true} is VALID [2022-02-20 18:12:15,662 INFO L290 TraceCheckUtils]: 32: Hoare triple {22475#true} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {22475#true} is VALID [2022-02-20 18:12:15,662 INFO L290 TraceCheckUtils]: 33: Hoare triple {22475#true} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {22475#true} is VALID [2022-02-20 18:12:15,663 INFO L290 TraceCheckUtils]: 34: Hoare triple {22475#true} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {22475#true} is VALID [2022-02-20 18:12:15,663 INFO L290 TraceCheckUtils]: 35: Hoare triple {22475#true} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {22475#true} is VALID [2022-02-20 18:12:15,664 INFO L290 TraceCheckUtils]: 36: Hoare triple {22475#true} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {22475#true} is VALID [2022-02-20 18:12:15,664 INFO L290 TraceCheckUtils]: 37: Hoare triple {22475#true} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {22475#true} is VALID [2022-02-20 18:12:15,664 INFO L290 TraceCheckUtils]: 38: Hoare triple {22475#true} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {22475#true} is VALID [2022-02-20 18:12:15,665 INFO L290 TraceCheckUtils]: 39: Hoare triple {22475#true} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {22475#true} is VALID [2022-02-20 18:12:15,668 INFO L290 TraceCheckUtils]: 40: Hoare triple {22475#true} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {22475#true} is VALID [2022-02-20 18:12:15,668 INFO L290 TraceCheckUtils]: 41: Hoare triple {22475#true} assume { :end_inline_activatePump } true; {22475#true} is VALID [2022-02-20 18:12:15,668 INFO L290 TraceCheckUtils]: 42: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,668 INFO L290 TraceCheckUtils]: 43: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,668 INFO L290 TraceCheckUtils]: 44: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,668 INFO L290 TraceCheckUtils]: 45: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,668 INFO L290 TraceCheckUtils]: 46: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L290 TraceCheckUtils]: 47: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L290 TraceCheckUtils]: 49: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L290 TraceCheckUtils]: 50: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L290 TraceCheckUtils]: 51: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L290 TraceCheckUtils]: 52: Hoare triple {22475#true} assume !(0 != test_~tmp~4#1); {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L290 TraceCheckUtils]: 53: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,669 INFO L290 TraceCheckUtils]: 54: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L290 TraceCheckUtils]: 55: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L290 TraceCheckUtils]: 56: Hoare triple {22475#true} assume 0 != test_~tmp___2~0#1; {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L272 TraceCheckUtils]: 57: Hoare triple {22475#true} call timeShift(); {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L290 TraceCheckUtils]: 58: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L272 TraceCheckUtils]: 59: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L290 TraceCheckUtils]: 60: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L290 TraceCheckUtils]: 61: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,670 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 63: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 64: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 65: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 66: Hoare triple {22475#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 67: Hoare triple {22475#true} assume { :end_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 68: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 69: Hoare triple {22475#true} assume !(0 == ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L272 TraceCheckUtils]: 70: Hoare triple {22475#true} call processEnvironment__wrappee__base(); {22475#true} is VALID [2022-02-20 18:12:15,671 INFO L290 TraceCheckUtils]: 71: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L290 TraceCheckUtils]: 73: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L290 TraceCheckUtils]: 74: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L290 TraceCheckUtils]: 75: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L290 TraceCheckUtils]: 76: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L290 TraceCheckUtils]: 77: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L290 TraceCheckUtils]: 78: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,672 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 80: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 81: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 82: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 83: Hoare triple {22475#true} assume !(0 != test_~tmp~4#1); {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 84: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 85: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 86: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,673 INFO L290 TraceCheckUtils]: 87: Hoare triple {22475#true} assume 0 != test_~tmp___2~0#1; {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L272 TraceCheckUtils]: 88: Hoare triple {22475#true} call timeShift(); {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L290 TraceCheckUtils]: 89: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L272 TraceCheckUtils]: 90: Hoare triple {22475#true} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L290 TraceCheckUtils]: 91: Hoare triple {22475#true} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L290 TraceCheckUtils]: 92: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {22475#true} {22475#true} #233#return; {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L290 TraceCheckUtils]: 94: Hoare triple {22475#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22475#true} is VALID [2022-02-20 18:12:15,674 INFO L290 TraceCheckUtils]: 95: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L290 TraceCheckUtils]: 96: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L290 TraceCheckUtils]: 97: Hoare triple {22475#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L290 TraceCheckUtils]: 98: Hoare triple {22475#true} assume { :end_inline_lowerWaterLevel } true; {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L290 TraceCheckUtils]: 99: Hoare triple {22475#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L290 TraceCheckUtils]: 100: Hoare triple {22475#true} assume !(0 == ~pumpRunning~0); {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L272 TraceCheckUtils]: 101: Hoare triple {22475#true} call processEnvironment__wrappee__base(); {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L290 TraceCheckUtils]: 102: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,675 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {22475#true} {22475#true} #237#return; {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L290 TraceCheckUtils]: 104: Hoare triple {22475#true} assume { :end_inline_processEnvironment } true; {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L290 TraceCheckUtils]: 105: Hoare triple {22475#true} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L290 TraceCheckUtils]: 106: Hoare triple {22475#true} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L290 TraceCheckUtils]: 107: Hoare triple {22475#true} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~8#1); {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L290 TraceCheckUtils]: 108: Hoare triple {22475#true} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L290 TraceCheckUtils]: 109: Hoare triple {22475#true} assume true; {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {22475#true} {22475#true} #249#return; {22475#true} is VALID [2022-02-20 18:12:15,676 INFO L290 TraceCheckUtils]: 111: Hoare triple {22475#true} assume !false; {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 112: Hoare triple {22475#true} assume test_~splverifierCounter~0#1 < 4; {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 113: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~4#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 114: Hoare triple {22475#true} assume !(0 != test_~tmp~4#1); {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 115: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 116: Hoare triple {22475#true} assume !(0 != test_~tmp___0~0#1); {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 117: Hoare triple {22475#true} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 118: Hoare triple {22475#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet31#1 && test_#t~nondet31#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet31#1;havoc test_#t~nondet31#1; {22475#true} is VALID [2022-02-20 18:12:15,677 INFO L290 TraceCheckUtils]: 119: Hoare triple {22475#true} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {22475#true} is VALID [2022-02-20 18:12:15,678 INFO L290 TraceCheckUtils]: 120: Hoare triple {22475#true} assume 0 != ~pumpRunning~0;assume { :begin_inline_deactivatePump } true;~pumpRunning~0 := 0; {22475#true} is VALID [2022-02-20 18:12:15,678 INFO L290 TraceCheckUtils]: 121: Hoare triple {22475#true} assume { :end_inline_deactivatePump } true; {22475#true} is VALID [2022-02-20 18:12:15,678 INFO L290 TraceCheckUtils]: 122: Hoare triple {22475#true} ~systemActive~0 := 0; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,678 INFO L290 TraceCheckUtils]: 123: Hoare triple {22552#(= 0 ~systemActive~0)} assume { :end_inline_stopSystem } true; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,679 INFO L272 TraceCheckUtils]: 124: Hoare triple {22552#(= 0 ~systemActive~0)} call timeShift(); {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,679 INFO L290 TraceCheckUtils]: 125: Hoare triple {22552#(= 0 ~systemActive~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,679 INFO L272 TraceCheckUtils]: 126: Hoare triple {22552#(= 0 ~systemActive~0)} call __utac_acc__Specification5_spec__2_#t~ret49#1 := isPumpRunning(); {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,680 INFO L290 TraceCheckUtils]: 127: Hoare triple {22552#(= 0 ~systemActive~0)} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,680 INFO L290 TraceCheckUtils]: 128: Hoare triple {22552#(= 0 ~systemActive~0)} assume true; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,681 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {22552#(= 0 ~systemActive~0)} {22552#(= 0 ~systemActive~0)} #233#return; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,681 INFO L290 TraceCheckUtils]: 130: Hoare triple {22552#(= 0 ~systemActive~0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret49#1 && __utac_acc__Specification5_spec__2_#t~ret49#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret49#1;havoc __utac_acc__Specification5_spec__2_#t~ret49#1; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,681 INFO L290 TraceCheckUtils]: 131: Hoare triple {22552#(= 0 ~systemActive~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,682 INFO L290 TraceCheckUtils]: 132: Hoare triple {22552#(= 0 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {22552#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:12:15,682 INFO L290 TraceCheckUtils]: 133: Hoare triple {22552#(= 0 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {22476#false} is VALID [2022-02-20 18:12:15,682 INFO L290 TraceCheckUtils]: 134: Hoare triple {22476#false} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret43#1, isHighWaterLevel_~retValue_acc~6#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~6#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~9#1;havoc isHighWaterSensorDry_~retValue_acc~9#1; {22476#false} is VALID [2022-02-20 18:12:15,682 INFO L290 TraceCheckUtils]: 135: Hoare triple {22476#false} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~9#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~9#1; {22476#false} is VALID [2022-02-20 18:12:15,682 INFO L290 TraceCheckUtils]: 136: Hoare triple {22476#false} isHighWaterLevel_#t~ret43#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret43#1 && isHighWaterLevel_#t~ret43#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret43#1;havoc isHighWaterLevel_#t~ret43#1; {22476#false} is VALID [2022-02-20 18:12:15,682 INFO L290 TraceCheckUtils]: 137: Hoare triple {22476#false} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {22476#false} is VALID [2022-02-20 18:12:15,682 INFO L290 TraceCheckUtils]: 138: Hoare triple {22476#false} isHighWaterLevel_~retValue_acc~6#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~6#1; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 139: Hoare triple {22476#false} processEnvironment_#t~ret32#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret32#1 && processEnvironment_#t~ret32#1 <= 2147483647;processEnvironment_~tmp~5#1 := processEnvironment_#t~ret32#1;havoc processEnvironment_#t~ret32#1; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 140: Hoare triple {22476#false} assume 0 != processEnvironment_~tmp~5#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret33#1, activatePump_~tmp~6#1;havoc activatePump_~tmp~6#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret34#1, isMethaneAlarm_~retValue_acc~4#1;havoc isMethaneAlarm_~retValue_acc~4#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;havoc isMethaneLevelCritical_~retValue_acc~7#1;isMethaneLevelCritical_~retValue_acc~7#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~7#1; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 141: Hoare triple {22476#false} isMethaneAlarm_#t~ret34#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret34#1 && isMethaneAlarm_#t~ret34#1 <= 2147483647;isMethaneAlarm_~retValue_acc~4#1 := isMethaneAlarm_#t~ret34#1;havoc isMethaneAlarm_#t~ret34#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~4#1; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 142: Hoare triple {22476#false} activatePump_#t~ret33#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret33#1 && activatePump_#t~ret33#1 <= 2147483647;activatePump_~tmp~6#1 := activatePump_#t~ret33#1;havoc activatePump_#t~ret33#1; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 143: Hoare triple {22476#false} assume !(0 != activatePump_~tmp~6#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 144: Hoare triple {22476#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 145: Hoare triple {22476#false} assume { :end_inline_activatePump } true; {22476#false} is VALID [2022-02-20 18:12:15,683 INFO L290 TraceCheckUtils]: 146: Hoare triple {22476#false} assume { :end_inline_processEnvironment } true; {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L290 TraceCheckUtils]: 147: Hoare triple {22476#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret50#1, __utac_acc__Specification5_spec__3_#t~ret51#1, __utac_acc__Specification5_spec__3_~tmp~8#1, __utac_acc__Specification5_spec__3_~tmp___0~2#1;havoc __utac_acc__Specification5_spec__3_~tmp~8#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L290 TraceCheckUtils]: 148: Hoare triple {22476#false} __utac_acc__Specification5_spec__3_#t~ret50#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret50#1 && __utac_acc__Specification5_spec__3_#t~ret50#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~8#1 := __utac_acc__Specification5_spec__3_#t~ret50#1;havoc __utac_acc__Specification5_spec__3_#t~ret50#1; {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L290 TraceCheckUtils]: 149: Hoare triple {22476#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~8#1; {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L272 TraceCheckUtils]: 150: Hoare triple {22476#false} call __utac_acc__Specification5_spec__3_#t~ret51#1 := isPumpRunning(); {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L290 TraceCheckUtils]: 151: Hoare triple {22476#false} havoc ~retValue_acc~5;~retValue_acc~5 := ~pumpRunning~0;#res := ~retValue_acc~5; {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L290 TraceCheckUtils]: 152: Hoare triple {22476#false} assume true; {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {22476#false} {22476#false} #239#return; {22476#false} is VALID [2022-02-20 18:12:15,684 INFO L290 TraceCheckUtils]: 154: Hoare triple {22476#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret51#1 && __utac_acc__Specification5_spec__3_#t~ret51#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~2#1 := __utac_acc__Specification5_spec__3_#t~ret51#1;havoc __utac_acc__Specification5_spec__3_#t~ret51#1; {22476#false} is VALID [2022-02-20 18:12:15,685 INFO L290 TraceCheckUtils]: 155: Hoare triple {22476#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~2#1; {22476#false} is VALID [2022-02-20 18:12:15,685 INFO L290 TraceCheckUtils]: 156: Hoare triple {22476#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {22476#false} is VALID [2022-02-20 18:12:15,685 INFO L290 TraceCheckUtils]: 157: Hoare triple {22476#false} assume !false; {22476#false} is VALID [2022-02-20 18:12:15,685 INFO L134 CoverageAnalysis]: Checked inductivity of 175 backedges. 68 proven. 0 refuted. 0 times theorem prover too weak. 107 trivial. 0 not checked. [2022-02-20 18:12:15,685 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:12:15,685 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [877289804] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:15,686 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:12:15,686 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 5 [2022-02-20 18:12:15,686 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1108474061] [2022-02-20 18:12:15,686 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:15,687 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) Word has length 158 [2022-02-20 18:12:15,687 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:15,688 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) [2022-02-20 18:12:15,759 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:15,759 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:15,759 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:15,760 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:15,760 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:12:15,760 INFO L87 Difference]: Start difference. First operand 818 states and 986 transitions. Second operand has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) [2022-02-20 18:12:16,028 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:16,029 INFO L93 Difference]: Finished difference Result 993 states and 1205 transitions. [2022-02-20 18:12:16,029 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:16,029 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) Word has length 158 [2022-02-20 18:12:16,030 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:16,030 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) [2022-02-20 18:12:16,031 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 215 transitions. [2022-02-20 18:12:16,032 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) [2022-02-20 18:12:16,033 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 215 transitions. [2022-02-20 18:12:16,033 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 215 transitions. [2022-02-20 18:12:16,148 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 215 edges. 215 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:16,148 INFO L225 Difference]: With dead ends: 993 [2022-02-20 18:12:16,148 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:12:16,150 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 182 GetRequests, 179 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:12:16,151 INFO L933 BasicCegarLoop]: 123 mSDtfsCounter, 36 mSDsluCounter, 82 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 36 SdHoareTripleChecker+Valid, 205 SdHoareTripleChecker+Invalid, 3 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:16,151 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [36 Valid, 205 Invalid, 3 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:16,151 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:12:16,152 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:12:16,152 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:16,152 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:16,152 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:16,152 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:16,152 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:16,152 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:12:16,152 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:12:16,153 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:16,153 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:16,153 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:12:16,153 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:12:16,153 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:16,153 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:12:16,153 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:12:16,153 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:16,153 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:16,154 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:16,154 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:16,154 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:12:16,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:12:16,154 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 158 [2022-02-20 18:12:16,154 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:16,154 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:12:16,155 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) [2022-02-20 18:12:16,155 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:12:16,155 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:16,157 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:12:16,179 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:12:16,374 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2022-02-20 18:12:16,376 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:12:19,247 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 629 635) no Hoare annotation was computed. [2022-02-20 18:12:19,247 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 629 635) the Hoare annotation is: true [2022-02-20 18:12:19,248 INFO L858 garLoopResultBuilder]: For program point L818-1(lines 814 825) no Hoare annotation was computed. [2022-02-20 18:12:19,248 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 814 825) the Hoare annotation is: true [2022-02-20 18:12:19,249 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 814 825) no Hoare annotation was computed. [2022-02-20 18:12:19,249 INFO L858 garLoopResultBuilder]: For program point L609(lines 609 615) no Hoare annotation was computed. [2022-02-20 18:12:19,249 INFO L858 garLoopResultBuilder]: For program point L609-2(lines 605 627) no Hoare annotation was computed. [2022-02-20 18:12:19,249 INFO L854 garLoopResultBuilder]: At program point L667(lines 662 669) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse0 .cse3 (and (<= 1 ~pumpRunning~0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,249 INFO L858 garLoopResultBuilder]: For program point L915(lines 915 921) no Hoare annotation was computed. [2022-02-20 18:12:19,249 INFO L854 garLoopResultBuilder]: At program point L651(line 651) the Hoare annotation is: (let ((.cse5 (= 1 ~systemActive~0))) (let ((.cse3 (= ~pumpRunning~0 0)) (.cse4 (= |timeShift_processEnvironment_~tmp~5#1| 0)) (.cse0 (not .cse5)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0 (and .cse3 .cse4 .cse5 (= ~waterLevel~0 1))) (or .cse2 (and .cse3 .cse4 .cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse6 .cse7) (or .cse2 (not (= 0 ~systemActive~0)))))) [2022-02-20 18:12:19,250 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 602 628) no Hoare annotation was computed. [2022-02-20 18:12:19,250 INFO L854 garLoopResultBuilder]: At program point L899(lines 892 901) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 0)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (and .cse3 .cse8)) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (and (<= 1 ~pumpRunning~0) .cse8 (<= 1 ~switchedOnBeforeTS~0)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 (and .cse3 (= ~waterLevel~0 1))) (or .cse2 .cse4 .cse5 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse5 .cse7) (or .cse2 .cse4 .cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-02-20 18:12:19,250 INFO L854 garLoopResultBuilder]: At program point L767(lines 752 770) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (= ~pumpRunning~0 0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and .cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse4 .cse5) (or .cse0 .cse1 .cse4 .cse5) (or .cse2 (and .cse3 (not (= |timeShift_isHighWaterLevel_~tmp~7#1| 0)) (= |timeShift_isHighWaterLevel_#res#1| 0) (= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0) (= ~waterLevel~0 1)) (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,250 INFO L854 garLoopResultBuilder]: At program point L656(line 656) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse1 .cse4 .cse2 .cse3 (and .cse5 (= ~waterLevel~0 1) .cse6)) (or .cse0 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,250 INFO L854 garLoopResultBuilder]: At program point L912(line 912) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= 0 ~systemActive~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (<= 1 ~pumpRunning~0)) (.cse6 (= ~waterLevel~0 1)) (.cse9 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 (and .cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse5) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse4 .cse6)) (or .cse0 .cse2 .cse3 .cse5) (or .cse1 .cse7 (and .cse8 .cse9) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse7 .cse2 .cse3 (and .cse8 .cse6 .cse9)))) [2022-02-20 18:12:19,250 INFO L854 garLoopResultBuilder]: At program point L656-1(lines 637 661) the Hoare annotation is: (let ((.cse1 (= 1 ~systemActive~0))) (let ((.cse0 (= ~pumpRunning~0 0)) (.cse4 (not .cse1)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (<= 1 ~pumpRunning~0)) (.cse8 (= ~waterLevel~0 1)) (.cse10 (<= 1 ~switchedOnBeforeTS~0)) (.cse3 (not (= |old(~pumpRunning~0)| 0)))) (and (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (or (and .cse0 .cse1 .cse2) .cse3 .cse4 .cse5 (and .cse6 .cse2) .cse7)) (or .cse3 (and .cse0 .cse1 .cse8) (not (= |old(~waterLevel~0)| 1)) .cse4) (or .cse4 .cse9 (and .cse6 .cse10) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 .cse9 .cse5 .cse7 (and .cse6 .cse8 .cse10)) (or .cse3 (not (= 0 ~systemActive~0)))))) [2022-02-20 18:12:19,250 INFO L858 garLoopResultBuilder]: For program point L912-1(line 912) no Hoare annotation was computed. [2022-02-20 18:12:19,251 INFO L858 garLoopResultBuilder]: For program point L871(lines 871 877) no Hoare annotation was computed. [2022-02-20 18:12:19,251 INFO L854 garLoopResultBuilder]: At program point L863(lines 858 866) the Hoare annotation is: (let ((.cse8 (= 1 ~systemActive~0))) (let ((.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse7 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse9 (not (= 0 ~systemActive~0))) (.cse1 (not .cse8)) (.cse11 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (<= 1 ~pumpRunning~0)) (.cse10 (= ~waterLevel~0 1)) (.cse12 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6 (and .cse7 .cse4 .cse8 .cse5)) (or .cse0 (and .cse7 .cse5) .cse9) (or .cse0 (and .cse7 .cse8 .cse10) (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse0 .cse4 .cse2 .cse6 .cse9) (or .cse1 .cse11 (and .cse3 .cse12) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse11 .cse2 .cse6 (and .cse3 .cse10 .cse12))))) [2022-02-20 18:12:19,251 INFO L854 garLoopResultBuilder]: At program point L876(lines 867 880) the Hoare annotation is: (let ((.cse2 (= ~pumpRunning~0 0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 (not (= |timeShift_isHighWaterSensorDry_#res#1| 0)) (= ~waterLevel~0 1))) (or .cse1 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (and .cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1 .cse4 .cse5) (or .cse1 .cse3 .cse4 .cse5) (or .cse0 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,251 INFO L858 garLoopResultBuilder]: For program point L971(line 971) no Hoare annotation was computed. [2022-02-20 18:12:19,251 INFO L858 garLoopResultBuilder]: For program point L616-1(lines 616 622) no Hoare annotation was computed. [2022-02-20 18:12:19,251 INFO L858 garLoopResultBuilder]: For program point L678(lines 678 684) no Hoare annotation was computed. [2022-02-20 18:12:19,251 INFO L858 garLoopResultBuilder]: For program point L645(lines 645 653) no Hoare annotation was computed. [2022-02-20 18:12:19,251 INFO L854 garLoopResultBuilder]: At program point L678-2(lines 671 687) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse2 .cse3) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0) (let ((.cse5 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse4 (and (= ~pumpRunning~0 0) .cse5) .cse0 .cse2 (and (<= 1 ~pumpRunning~0) .cse5) .cse3)) (or .cse4 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,252 INFO L854 garLoopResultBuilder]: At program point L897(line 897) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse4 (and .cse0 .cse1 .cse9)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse9))) (and (or (and .cse0 .cse1 (= ~waterLevel~0 1)) .cse2 (not (= |old(~waterLevel~0)| 1)) .cse3) (or .cse4 .cse2 .cse3 .cse5 .cse6) (or .cse4 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse7 .cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse7 .cse5 .cse6 .cse8)))) [2022-02-20 18:12:19,252 INFO L858 garLoopResultBuilder]: For program point L641(lines 641 658) no Hoare annotation was computed. [2022-02-20 18:12:19,252 INFO L858 garLoopResultBuilder]: For program point L897-1(line 897) no Hoare annotation was computed. [2022-02-20 18:12:19,252 INFO L854 garLoopResultBuilder]: At program point L831(lines 826 834) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,252 INFO L854 garLoopResultBuilder]: At program point L703(lines 696 706) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,252 INFO L858 garLoopResultBuilder]: For program point L794(lines 794 798) no Hoare annotation was computed. [2022-02-20 18:12:19,252 INFO L858 garLoopResultBuilder]: For program point L761(lines 761 765) no Hoare annotation was computed. [2022-02-20 18:12:19,253 INFO L854 garLoopResultBuilder]: At program point L794-2(lines 790 801) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse1 .cse4 .cse2 .cse3 (and .cse5 (= ~waterLevel~0 1) .cse6)) (or .cse0 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,253 INFO L858 garLoopResultBuilder]: For program point L761-2(lines 761 765) no Hoare annotation was computed. [2022-02-20 18:12:19,253 INFO L858 garLoopResultBuilder]: For program point L914(lines 914 924) no Hoare annotation was computed. [2022-02-20 18:12:19,253 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 602 628) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse4 (and .cse0 .cse1 .cse9)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse9))) (and (or (and .cse0 .cse1 (= ~waterLevel~0 1)) .cse2 (not (= |old(~waterLevel~0)| 1)) .cse3) (or .cse4 .cse2 .cse3 .cse5 .cse6) (or .cse4 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse7 .cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse7 .cse5 .cse6 .cse8)))) [2022-02-20 18:12:19,253 INFO L858 garLoopResultBuilder]: For program point L910(lines 910 927) no Hoare annotation was computed. [2022-02-20 18:12:19,253 INFO L854 garLoopResultBuilder]: At program point L910-1(lines 902 930) the Hoare annotation is: (let ((.cse1 (= 1 ~systemActive~0))) (let ((.cse0 (= ~pumpRunning~0 0)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| 2)) (.cse6 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse10 (not (= 0 ~systemActive~0))) (.cse4 (not .cse1)) (.cse11 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (< 1 |old(~waterLevel~0)|))) (.cse9 (not (<= |old(~waterLevel~0)| 2))) (.cse7 (<= 1 ~pumpRunning~0)) (.cse12 (<= 1 ~switchedOnBeforeTS~0))) (and (or (and .cse0 .cse1 .cse2) .cse3 (not (= |old(~waterLevel~0)| 1)) .cse4) (or (and .cse0 .cse5 .cse6 .cse1 .cse2) .cse3 .cse4 (and .cse7 .cse5 .cse6 .cse2) .cse8 .cse9) (or .cse3 (and .cse0 .cse2) .cse10) (or .cse4 .cse11 (and .cse7 .cse12) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 (and .cse5 .cse6) .cse8 .cse9 .cse10) (or .cse4 .cse11 .cse8 .cse9 (and .cse7 (= ~waterLevel~0 1) .cse12))))) [2022-02-20 18:12:19,253 INFO L854 garLoopResultBuilder]: At program point L972(lines 967 974) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-02-20 18:12:19,254 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 602 628) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 971) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 418 447) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 418 447) the Hoare annotation is: true [2022-02-20 18:12:19,255 INFO L861 garLoopResultBuilder]: At program point L443(lines 418 447) the Hoare annotation is: true [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point L439(line 439) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point L432(lines 432 436) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L861 garLoopResultBuilder]: At program point L432-1(lines 432 436) the Hoare annotation is: true [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point L429(line 429) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L861 garLoopResultBuilder]: At program point L428-2(lines 428 442) the Hoare annotation is: true [2022-02-20 18:12:19,255 INFO L861 garLoopResultBuilder]: At program point L424(line 424) the Hoare annotation is: true [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point L424-1(line 424) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point L543(lines 543 549) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point L543-1(lines 543 549) no Hoare annotation was computed. [2022-02-20 18:12:19,255 INFO L858 garLoopResultBuilder]: For program point L535(lines 535 539) no Hoare annotation was computed. [2022-02-20 18:12:19,264 INFO L854 garLoopResultBuilder]: At program point L783(lines 771 785) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= |ULTIMATE.start_main_~tmp~3#1| 1) (= 0 ~systemActive~0)) [2022-02-20 18:12:19,265 INFO L858 garLoopResultBuilder]: For program point L775(lines 775 781) no Hoare annotation was computed. [2022-02-20 18:12:19,265 INFO L858 garLoopResultBuilder]: For program point L775-2(lines 775 781) no Hoare annotation was computed. [2022-02-20 18:12:19,265 INFO L854 garLoopResultBuilder]: At program point L581(lines 532 582) the Hoare annotation is: false [2022-02-20 18:12:19,265 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:12:19,265 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:12:19,265 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:12:19,265 INFO L858 garLoopResultBuilder]: For program point L569(lines 569 575) no Hoare annotation was computed. [2022-02-20 18:12:19,265 INFO L854 garLoopResultBuilder]: At program point L569-2(lines 563 576) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-02-20 18:12:19,271 INFO L854 garLoopResultBuilder]: At program point L693(lines 688 695) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 (< 1 ~waterLevel~0) .cse2 (<= ~waterLevel~0 2) .cse3) (and (not (= ~switchedOnBeforeTS~0 0)) .cse0 .cse1 .cse2 .cse3))) [2022-02-20 18:12:19,272 INFO L858 garLoopResultBuilder]: For program point L553(lines 553 559) no Hoare annotation was computed. [2022-02-20 18:12:19,272 INFO L858 garLoopResultBuilder]: For program point L553-1(lines 553 559) no Hoare annotation was computed. [2022-02-20 18:12:19,272 INFO L854 garLoopResultBuilder]: At program point L962(lines 957 965) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:19,272 INFO L854 garLoopResultBuilder]: At program point L578(lines 533 580) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-02-20 18:12:19,272 INFO L854 garLoopResultBuilder]: At program point L545(line 545) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-02-20 18:12:19,273 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:12:19,273 INFO L854 garLoopResultBuilder]: At program point L479(lines 475 481) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_main_~tmp~3#1| 1) (= ~waterLevel~0 1)) [2022-02-20 18:12:19,273 INFO L858 garLoopResultBuilder]: For program point L508(lines 508 515) no Hoare annotation was computed. [2022-02-20 18:12:19,273 INFO L854 garLoopResultBuilder]: At program point L954(lines 950 956) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:19,275 INFO L858 garLoopResultBuilder]: For program point L508-2(lines 508 515) no Hoare annotation was computed. [2022-02-20 18:12:19,275 INFO L861 garLoopResultBuilder]: At program point L492(lines 484 494) the Hoare annotation is: true [2022-02-20 18:12:19,275 INFO L861 garLoopResultBuilder]: At program point L517(lines 498 520) the Hoare annotation is: true [2022-02-20 18:12:19,275 INFO L854 garLoopResultBuilder]: At program point L889(lines 884 891) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_main_~tmp~3#1| 1) (= ~waterLevel~0 1)) [2022-02-20 18:12:19,275 INFO L858 garLoopResultBuilder]: For program point L534(lines 533 580) no Hoare annotation was computed. [2022-02-20 18:12:19,275 INFO L854 garLoopResultBuilder]: At program point L947(lines 943 949) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:12:19,275 INFO L858 garLoopResultBuilder]: For program point L563(lines 563 576) no Hoare annotation was computed. [2022-02-20 18:12:19,276 INFO L854 garLoopResultBuilder]: At program point L555(line 555) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-02-20 18:12:19,276 INFO L861 garLoopResultBuilder]: At program point L584(lines 523 588) the Hoare annotation is: true [2022-02-20 18:12:19,276 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 802 813) no Hoare annotation was computed. [2022-02-20 18:12:19,276 INFO L858 garLoopResultBuilder]: For program point L806-1(lines 802 813) no Hoare annotation was computed. [2022-02-20 18:12:19,276 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 802 813) the Hoare annotation is: (let ((.cse3 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 (= ~waterLevel~0 1)) (or .cse2 .cse3 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse2 .cse4 .cse3 .cse1 .cse5) (or .cse0 .cse2 .cse4 .cse1 .cse5))) [2022-02-20 18:12:19,276 INFO L858 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 707 715) no Hoare annotation was computed. [2022-02-20 18:12:19,276 INFO L861 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 707 715) the Hoare annotation is: true [2022-02-20 18:12:19,276 INFO L858 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 707 715) no Hoare annotation was computed. [2022-02-20 18:12:19,296 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:19,297 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:12:19,301 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:12:19,302 WARN L170 areAnnotationChecker]: L818-1 has no Hoare annotation [2022-02-20 18:12:19,302 WARN L170 areAnnotationChecker]: L818-1 has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: L806-1 has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: L806-1 has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: isPumpRunningFINAL has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: L818-1 has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: L897-1 has no Hoare annotation [2022-02-20 18:12:19,304 WARN L170 areAnnotationChecker]: L424-1 has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: L806-1 has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: isPumpRunningFINAL has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: L616-1 has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: L897-1 has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: L424-1 has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: isPumpRunningEXIT has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: isPumpRunningEXIT has no Hoare annotation [2022-02-20 18:12:19,305 WARN L170 areAnnotationChecker]: L616-1 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L553-1 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L609 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L429 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L543-1 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L912-1 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L910 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L563 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L563 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L609 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L609 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L429 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L508 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L553 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L553 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L914 has no Hoare annotation [2022-02-20 18:12:19,306 WARN L170 areAnnotationChecker]: L914 has no Hoare annotation [2022-02-20 18:12:19,307 WARN L170 areAnnotationChecker]: L910 has no Hoare annotation [2022-02-20 18:12:19,307 WARN L170 areAnnotationChecker]: L910 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L569 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L569 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L794 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L794 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L609-2 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L609-2 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L432 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L432 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L508 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L508 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L553-1 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L915 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L915 has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:12:19,308 WARN L170 areAnnotationChecker]: L912-1 has no Hoare annotation [2022-02-20 18:12:19,310 WARN L170 areAnnotationChecker]: L534 has no Hoare annotation [2022-02-20 18:12:19,310 WARN L170 areAnnotationChecker]: L775 has no Hoare annotation [2022-02-20 18:12:19,310 WARN L170 areAnnotationChecker]: L775 has no Hoare annotation [2022-02-20 18:12:19,310 WARN L170 areAnnotationChecker]: L609-2 has no Hoare annotation [2022-02-20 18:12:19,310 WARN L170 areAnnotationChecker]: L641 has no Hoare annotation [2022-02-20 18:12:19,310 WARN L170 areAnnotationChecker]: L641 has no Hoare annotation [2022-02-20 18:12:19,310 WARN L170 areAnnotationChecker]: L439 has no Hoare annotation [2022-02-20 18:12:19,320 WARN L170 areAnnotationChecker]: L508-2 has no Hoare annotation [2022-02-20 18:12:19,320 WARN L170 areAnnotationChecker]: L971 has no Hoare annotation [2022-02-20 18:12:19,320 WARN L170 areAnnotationChecker]: L971 has no Hoare annotation [2022-02-20 18:12:19,320 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L534 has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L534 has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L775-2 has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L775-2 has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L871 has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L871 has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L508-2 has no Hoare annotation [2022-02-20 18:12:19,321 WARN L170 areAnnotationChecker]: L439 has no Hoare annotation [2022-02-20 18:12:19,322 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:12:19,323 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:12:19,323 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:12:19,323 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:12:19,323 WARN L170 areAnnotationChecker]: L535 has no Hoare annotation [2022-02-20 18:12:19,324 WARN L170 areAnnotationChecker]: L761 has no Hoare annotation [2022-02-20 18:12:19,324 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:12:19,324 WARN L170 areAnnotationChecker]: L543 has no Hoare annotation [2022-02-20 18:12:19,324 WARN L170 areAnnotationChecker]: L543 has no Hoare annotation [2022-02-20 18:12:19,324 WARN L170 areAnnotationChecker]: L761 has no Hoare annotation [2022-02-20 18:12:19,324 WARN L170 areAnnotationChecker]: L761 has no Hoare annotation [2022-02-20 18:12:19,324 WARN L170 areAnnotationChecker]: L543-1 has no Hoare annotation [2022-02-20 18:12:19,325 WARN L170 areAnnotationChecker]: L761-2 has no Hoare annotation [2022-02-20 18:12:19,325 WARN L170 areAnnotationChecker]: L645 has no Hoare annotation [2022-02-20 18:12:19,325 WARN L170 areAnnotationChecker]: L645 has no Hoare annotation [2022-02-20 18:12:19,325 WARN L170 areAnnotationChecker]: L645 has no Hoare annotation [2022-02-20 18:12:19,326 WARN L170 areAnnotationChecker]: L678 has no Hoare annotation [2022-02-20 18:12:19,326 WARN L170 areAnnotationChecker]: L678 has no Hoare annotation [2022-02-20 18:12:19,327 WARN L170 areAnnotationChecker]: L678 has no Hoare annotation [2022-02-20 18:12:19,329 INFO L163 areAnnotationChecker]: CFG has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:12:19,398 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:12:19 BoogieIcfgContainer [2022-02-20 18:12:19,398 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:12:19,398 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:12:19,398 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:12:19,399 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:12:19,399 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:12:03" (3/4) ... [2022-02-20 18:12:19,402 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:12:19,406 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:12:19,407 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:12:19,407 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:12:19,407 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:12:19,417 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:12:19,417 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-02-20 18:12:19,425 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 51 nodes and edges [2022-02-20 18:12:19,425 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:12:19,426 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:12:19,426 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:12:19,426 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:12:19,427 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:12:19,427 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:12:19,451 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 [2022-02-20 18:12:19,451 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 [2022-02-20 18:12:19,452 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 [2022-02-20 18:12:19,452 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) || ((((((1 <= pumpRunning && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive)) || ((((((pumpRunning == 0 && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) [2022-02-20 18:12:19,454 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-02-20 18:12:19,454 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,456 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) && (((((((((pumpRunning == 0 && tmp == 2) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (tmp == 2 && 2 == \result)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-02-20 18:12:19,456 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,456 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,456 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive [2022-02-20 18:12:19,456 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0 && \result == 1) && 1 < waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) || ((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \result == 1) && splverifierCounter == 0) && tmp == 1) [2022-02-20 18:12:19,456 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-02-20 18:12:19,457 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,457 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && !(tmp == 0)) && \result == 0) && tmp___0 == 0) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,457 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,457 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,457 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,457 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-02-20 18:12:19,477 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:12:19,478 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:12:19,479 INFO L158 Benchmark]: Toolchain (without parser) took 17339.97ms. Allocated memory was 92.3MB in the beginning and 218.1MB in the end (delta: 125.8MB). Free memory was 57.6MB in the beginning and 162.9MB in the end (delta: -105.3MB). Peak memory consumption was 21.1MB. Max. memory is 16.1GB. [2022-02-20 18:12:19,479 INFO L158 Benchmark]: CDTParser took 0.18ms. Allocated memory is still 75.5MB. Free memory was 54.0MB in the beginning and 54.0MB in the end (delta: 18.4kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:12:19,479 INFO L158 Benchmark]: CACSL2BoogieTranslator took 450.17ms. Allocated memory is still 92.3MB. Free memory was 57.4MB in the beginning and 56.2MB in the end (delta: 1.2MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-20 18:12:19,480 INFO L158 Benchmark]: Boogie Procedure Inliner took 54.92ms. Allocated memory is still 92.3MB. Free memory was 56.2MB in the beginning and 53.4MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:12:19,480 INFO L158 Benchmark]: Boogie Preprocessor took 37.00ms. Allocated memory is still 92.3MB. Free memory was 53.4MB in the beginning and 51.7MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:12:19,480 INFO L158 Benchmark]: RCFGBuilder took 539.86ms. Allocated memory is still 92.3MB. Free memory was 51.7MB in the beginning and 60.5MB in the end (delta: -8.9MB). Peak memory consumption was 16.6MB. Max. memory is 16.1GB. [2022-02-20 18:12:19,481 INFO L158 Benchmark]: TraceAbstraction took 16170.89ms. Allocated memory was 92.3MB in the beginning and 218.1MB in the end (delta: 125.8MB). Free memory was 60.5MB in the beginning and 169.2MB in the end (delta: -108.7MB). Peak memory consumption was 126.4MB. Max. memory is 16.1GB. [2022-02-20 18:12:19,481 INFO L158 Benchmark]: Witness Printer took 79.17ms. Allocated memory is still 218.1MB. Free memory was 169.2MB in the beginning and 162.9MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 18:12:19,482 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.18ms. Allocated memory is still 75.5MB. Free memory was 54.0MB in the beginning and 54.0MB in the end (delta: 18.4kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 450.17ms. Allocated memory is still 92.3MB. Free memory was 57.4MB in the beginning and 56.2MB in the end (delta: 1.2MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 54.92ms. Allocated memory is still 92.3MB. Free memory was 56.2MB in the beginning and 53.4MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 37.00ms. Allocated memory is still 92.3MB. Free memory was 53.4MB in the beginning and 51.7MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 539.86ms. Allocated memory is still 92.3MB. Free memory was 51.7MB in the beginning and 60.5MB in the end (delta: -8.9MB). Peak memory consumption was 16.6MB. Max. memory is 16.1GB. * TraceAbstraction took 16170.89ms. Allocated memory was 92.3MB in the beginning and 218.1MB in the end (delta: 125.8MB). Free memory was 60.5MB in the beginning and 169.2MB in the end (delta: -108.7MB). Peak memory consumption was 126.4MB. Max. memory is 16.1GB. * Witness Printer took 79.17ms. Allocated memory is still 218.1MB. Free memory was 169.2MB in the beginning and 162.9MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 971]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 7 procedures, 88 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 16.0s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 7.9s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 2.9s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1070 SdHoareTripleChecker+Valid, 1.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1052 mSDsluCounter, 4569 SdHoareTripleChecker+Invalid, 1.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3306 mSDsCounter, 245 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1222 IncrementalHoareTripleChecker+Invalid, 1467 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 245 mSolverCounterUnsat, 1263 mSDtfsCounter, 1222 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 513 GetRequests, 425 SyntacticMatches, 3 SemanticMatches, 85 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 458 ImplicationChecksByTransitivity, 0.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=931occurred in iteration=9, InterpolantAutomatonStates: 90, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 1.3s AutomataMinimizationTime, 11 MinimizatonAttempts, 291 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 41 LocationsWithAnnotation, 1748 PreInvPairs, 1859 NumberOfFragments, 2335 HoareAnnotationTreeSize, 1748 FomulaSimplifications, 766 FormulaSimplificationTreeSizeReduction, 0.3s HoareSimplificationTime, 41 FomulaSimplificationsInter, 6356 FormulaSimplificationTreeSizeReductionInter, 2.3s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 2.3s InterpolantComputationTime, 880 NumberOfCodeBlocks, 880 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 951 ConstructedInterpolants, 0 QuantifiedInterpolants, 1757 SizeOfPredicates, 3 NumberOfNonLiveVariables, 1092 ConjunctsInSsa, 11 ConjunctsInUnsatCore, 14 InterpolantComputations, 10 PerfectInterpolantSequences, 441/464 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 884]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 - InvariantResult [Line: 771]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive - InvariantResult [Line: 967]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 418]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 826]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 428]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 533]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) || ((((((1 <= pumpRunning && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive)) || ((((((pumpRunning == 0 && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) - InvariantResult [Line: 867]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 637]: Loop Invariant Derived loop invariant: ((((((((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 943]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 498]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 484]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 688]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0 && \result == 1) && 1 < waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) || ((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \result == 1) && splverifierCounter == 0) && tmp == 1) - InvariantResult [Line: 790]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 523]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 858]: Loop Invariant Derived loop invariant: (((((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 892]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 957]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 - InvariantResult [Line: 902]: Loop Invariant Derived loop invariant: (((((((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) && (((((((((pumpRunning == 0 && tmp == 2) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (tmp == 2 && 2 == \result)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 950]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 752]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && !(tmp == 0)) && \result == 0) && tmp___0 == 0) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 662]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 532]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 671]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 475]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 - InvariantResult [Line: 696]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) RESULT: Ultimate proved your program to be correct! [2022-02-20 18:12:19,556 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE