./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product60.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product60.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash b57a794fa6b429f14911ed2b6a28ecb30bf580e5cb37ae05e7120c2d485c2d18 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:12:52,948 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:12:52,950 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:12:52,972 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:12:52,973 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:12:52,974 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:12:52,975 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:12:52,976 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:12:52,978 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:12:52,979 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:12:52,980 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:12:52,982 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:12:52,983 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:12:52,987 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:12:52,989 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:12:52,990 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:12:52,991 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:12:52,993 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:12:52,995 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:12:53,000 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:12:53,004 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:12:53,005 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:12:53,006 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:12:53,007 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:12:53,011 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:12:53,014 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:12:53,014 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:12:53,015 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:12:53,016 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:12:53,017 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:12:53,017 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:12:53,018 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:12:53,020 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:12:53,021 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:12:53,022 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:12:53,022 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:12:53,023 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:12:53,023 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:12:53,023 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:12:53,024 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:12:53,025 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:12:53,026 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:12:53,056 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:12:53,057 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:12:53,057 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:12:53,057 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:12:53,058 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:12:53,059 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:12:53,059 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:12:53,059 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:12:53,060 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:12:53,060 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:12:53,061 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:12:53,061 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:12:53,061 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:12:53,061 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:12:53,061 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:12:53,062 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:12:53,062 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:12:53,062 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:12:53,062 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:12:53,062 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:12:53,063 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:12:53,063 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:12:53,063 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:12:53,063 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:12:53,063 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:12:53,064 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:12:53,064 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:12:53,064 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:12:53,064 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:12:53,064 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:12:53,065 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:12:53,065 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:12:53,065 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:12:53,065 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> b57a794fa6b429f14911ed2b6a28ecb30bf580e5cb37ae05e7120c2d485c2d18 [2022-02-20 18:12:53,330 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:12:53,353 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:12:53,357 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:12:53,358 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:12:53,358 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:12:53,360 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product60.cil.c [2022-02-20 18:12:53,455 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/350acfe7c/e8fd5f234722458ba4cf5bf44a2d868c/FLAG2c1b8f02e [2022-02-20 18:12:53,972 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:12:53,972 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product60.cil.c [2022-02-20 18:12:53,988 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/350acfe7c/e8fd5f234722458ba4cf5bf44a2d868c/FLAG2c1b8f02e [2022-02-20 18:12:54,287 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/350acfe7c/e8fd5f234722458ba4cf5bf44a2d868c [2022-02-20 18:12:54,289 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:12:54,290 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:12:54,294 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:12:54,294 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:12:54,297 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:12:54,298 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,299 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@d92630e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54, skipping insertion in model container [2022-02-20 18:12:54,299 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,305 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:12:54,336 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:12:54,563 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product60.cil.c[18075,18088] [2022-02-20 18:12:54,571 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:12:54,578 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:12:54,654 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product60.cil.c[18075,18088] [2022-02-20 18:12:54,658 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:12:54,679 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:12:54,679 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54 WrapperNode [2022-02-20 18:12:54,679 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:12:54,681 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:12:54,681 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:12:54,681 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:12:54,687 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,710 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,754 INFO L137 Inliner]: procedures = 60, calls = 162, calls flagged for inlining = 28, calls inlined = 25, statements flattened = 291 [2022-02-20 18:12:54,755 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:12:54,756 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:12:54,756 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:12:54,756 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:12:54,763 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,763 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,770 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,770 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,781 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,790 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,793 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,797 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:12:54,799 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:12:54,799 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:12:54,800 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:12:54,801 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (1/1) ... [2022-02-20 18:12:54,807 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:12:54,817 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:12:54,840 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:12:54,860 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:12:54,890 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:12:54,891 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:12:54,891 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:12:54,891 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:12:54,891 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:12:54,891 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:12:54,891 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:12:54,892 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:12:54,892 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:12:54,892 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:12:54,893 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:12:54,893 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-02-20 18:12:54,893 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-02-20 18:12:54,893 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:12:54,893 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:12:54,893 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:12:54,893 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:12:54,894 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:12:54,894 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:12:54,894 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:12:54,996 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:12:54,998 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:12:55,373 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:12:55,378 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:12:55,379 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:12:55,380 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:12:55 BoogieIcfgContainer [2022-02-20 18:12:55,380 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:12:55,381 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:12:55,381 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:12:55,384 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:12:55,384 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:12:54" (1/3) ... [2022-02-20 18:12:55,385 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7eb413ec and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:12:55, skipping insertion in model container [2022-02-20 18:12:55,385 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:12:54" (2/3) ... [2022-02-20 18:12:55,385 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7eb413ec and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:12:55, skipping insertion in model container [2022-02-20 18:12:55,385 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:12:55" (3/3) ... [2022-02-20 18:12:55,386 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product60.cil.c [2022-02-20 18:12:55,391 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:12:55,392 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:12:55,440 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:12:55,445 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:12:55,445 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:12:55,483 INFO L276 IsEmpty]: Start isEmpty. Operand has 104 states, 80 states have (on average 1.3625) internal successors, (109), 89 states have internal predecessors, (109), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:12:55,489 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:12:55,489 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:55,490 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:55,490 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:55,494 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:55,494 INFO L85 PathProgramCache]: Analyzing trace with hash 1321598299, now seen corresponding path program 1 times [2022-02-20 18:12:55,501 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:55,501 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1770051282] [2022-02-20 18:12:55,501 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:55,502 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:55,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:55,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:12:55,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:55,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {107#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {107#true} is VALID [2022-02-20 18:12:55,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {107#true} assume true; {107#true} is VALID [2022-02-20 18:12:55,748 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {107#true} {108#false} #268#return; {108#false} is VALID [2022-02-20 18:12:55,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:12:55,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:55,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {107#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {107#true} is VALID [2022-02-20 18:12:55,764 INFO L290 TraceCheckUtils]: 1: Hoare triple {107#true} assume true; {107#true} is VALID [2022-02-20 18:12:55,764 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {107#true} {108#false} #276#return; {108#false} is VALID [2022-02-20 18:12:55,768 INFO L290 TraceCheckUtils]: 0: Hoare triple {107#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {107#true} is VALID [2022-02-20 18:12:55,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {107#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {107#true} is VALID [2022-02-20 18:12:55,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {107#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {107#true} is VALID [2022-02-20 18:12:55,769 INFO L290 TraceCheckUtils]: 3: Hoare triple {107#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {107#true} is VALID [2022-02-20 18:12:55,770 INFO L290 TraceCheckUtils]: 4: Hoare triple {107#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {107#true} is VALID [2022-02-20 18:12:55,770 INFO L290 TraceCheckUtils]: 5: Hoare triple {107#true} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {107#true} is VALID [2022-02-20 18:12:55,770 INFO L290 TraceCheckUtils]: 6: Hoare triple {107#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {107#true} is VALID [2022-02-20 18:12:55,770 INFO L290 TraceCheckUtils]: 7: Hoare triple {107#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {107#true} is VALID [2022-02-20 18:12:55,771 INFO L290 TraceCheckUtils]: 8: Hoare triple {107#true} assume !true; {108#false} is VALID [2022-02-20 18:12:55,772 INFO L272 TraceCheckUtils]: 9: Hoare triple {108#false} call cleanup(); {108#false} is VALID [2022-02-20 18:12:55,772 INFO L290 TraceCheckUtils]: 10: Hoare triple {108#false} havoc ~i~0;havoc ~__cil_tmp2~0; {108#false} is VALID [2022-02-20 18:12:55,772 INFO L272 TraceCheckUtils]: 11: Hoare triple {108#false} call timeShift(); {108#false} is VALID [2022-02-20 18:12:55,772 INFO L290 TraceCheckUtils]: 12: Hoare triple {108#false} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {108#false} is VALID [2022-02-20 18:12:55,773 INFO L272 TraceCheckUtils]: 13: Hoare triple {108#false} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {107#true} is VALID [2022-02-20 18:12:55,773 INFO L290 TraceCheckUtils]: 14: Hoare triple {107#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {107#true} is VALID [2022-02-20 18:12:55,774 INFO L290 TraceCheckUtils]: 15: Hoare triple {107#true} assume true; {107#true} is VALID [2022-02-20 18:12:55,774 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {107#true} {108#false} #268#return; {108#false} is VALID [2022-02-20 18:12:55,774 INFO L290 TraceCheckUtils]: 17: Hoare triple {108#false} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {108#false} is VALID [2022-02-20 18:12:55,775 INFO L290 TraceCheckUtils]: 18: Hoare triple {108#false} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {108#false} is VALID [2022-02-20 18:12:55,775 INFO L290 TraceCheckUtils]: 19: Hoare triple {108#false} assume !(0 != ~pumpRunning~0); {108#false} is VALID [2022-02-20 18:12:55,775 INFO L290 TraceCheckUtils]: 20: Hoare triple {108#false} assume !(0 != ~systemActive~0); {108#false} is VALID [2022-02-20 18:12:55,775 INFO L290 TraceCheckUtils]: 21: Hoare triple {108#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {108#false} is VALID [2022-02-20 18:12:55,776 INFO L290 TraceCheckUtils]: 22: Hoare triple {108#false} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {108#false} is VALID [2022-02-20 18:12:55,776 INFO L290 TraceCheckUtils]: 23: Hoare triple {108#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {108#false} is VALID [2022-02-20 18:12:55,776 INFO L272 TraceCheckUtils]: 24: Hoare triple {108#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {107#true} is VALID [2022-02-20 18:12:55,776 INFO L290 TraceCheckUtils]: 25: Hoare triple {107#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {107#true} is VALID [2022-02-20 18:12:55,777 INFO L290 TraceCheckUtils]: 26: Hoare triple {107#true} assume true; {107#true} is VALID [2022-02-20 18:12:55,777 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {107#true} {108#false} #276#return; {108#false} is VALID [2022-02-20 18:12:55,777 INFO L290 TraceCheckUtils]: 28: Hoare triple {108#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {108#false} is VALID [2022-02-20 18:12:55,777 INFO L290 TraceCheckUtils]: 29: Hoare triple {108#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {108#false} is VALID [2022-02-20 18:12:55,778 INFO L290 TraceCheckUtils]: 30: Hoare triple {108#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {108#false} is VALID [2022-02-20 18:12:55,778 INFO L290 TraceCheckUtils]: 31: Hoare triple {108#false} assume !false; {108#false} is VALID [2022-02-20 18:12:55,779 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:55,779 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:55,780 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1770051282] [2022-02-20 18:12:55,780 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1770051282] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:55,780 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:55,781 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:12:55,782 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [712548779] [2022-02-20 18:12:55,783 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:55,788 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-02-20 18:12:55,791 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:55,793 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:55,843 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:55,843 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:12:55,844 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:55,860 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:12:55,862 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:12:55,866 INFO L87 Difference]: Start difference. First operand has 104 states, 80 states have (on average 1.3625) internal successors, (109), 89 states have internal predecessors, (109), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,005 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:56,006 INFO L93 Difference]: Finished difference Result 199 states and 268 transitions. [2022-02-20 18:12:56,006 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:12:56,007 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-02-20 18:12:56,007 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:56,008 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,019 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 268 transitions. [2022-02-20 18:12:56,020 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,030 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 268 transitions. [2022-02-20 18:12:56,030 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 268 transitions. [2022-02-20 18:12:56,246 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 268 edges. 268 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:56,259 INFO L225 Difference]: With dead ends: 199 [2022-02-20 18:12:56,259 INFO L226 Difference]: Without dead ends: 95 [2022-02-20 18:12:56,263 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:12:56,270 INFO L933 BasicCegarLoop]: 131 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 131 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:56,272 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 131 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:56,285 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 95 states. [2022-02-20 18:12:56,297 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 95 to 95. [2022-02-20 18:12:56,297 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:56,298 INFO L82 GeneralOperation]: Start isEquivalent. First operand 95 states. Second operand has 95 states, 73 states have (on average 1.3013698630136987) internal successors, (95), 81 states have internal predecessors, (95), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:12:56,299 INFO L74 IsIncluded]: Start isIncluded. First operand 95 states. Second operand has 95 states, 73 states have (on average 1.3013698630136987) internal successors, (95), 81 states have internal predecessors, (95), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:12:56,301 INFO L87 Difference]: Start difference. First operand 95 states. Second operand has 95 states, 73 states have (on average 1.3013698630136987) internal successors, (95), 81 states have internal predecessors, (95), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:12:56,309 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:56,309 INFO L93 Difference]: Finished difference Result 95 states and 122 transitions. [2022-02-20 18:12:56,310 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 122 transitions. [2022-02-20 18:12:56,311 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:56,311 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:56,312 INFO L74 IsIncluded]: Start isIncluded. First operand has 95 states, 73 states have (on average 1.3013698630136987) internal successors, (95), 81 states have internal predecessors, (95), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) Second operand 95 states. [2022-02-20 18:12:56,312 INFO L87 Difference]: Start difference. First operand has 95 states, 73 states have (on average 1.3013698630136987) internal successors, (95), 81 states have internal predecessors, (95), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) Second operand 95 states. [2022-02-20 18:12:56,319 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:56,319 INFO L93 Difference]: Finished difference Result 95 states and 122 transitions. [2022-02-20 18:12:56,319 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 122 transitions. [2022-02-20 18:12:56,320 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:56,321 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:56,321 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:56,321 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:56,321 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 95 states, 73 states have (on average 1.3013698630136987) internal successors, (95), 81 states have internal predecessors, (95), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:12:56,325 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 95 states to 95 states and 122 transitions. [2022-02-20 18:12:56,326 INFO L78 Accepts]: Start accepts. Automaton has 95 states and 122 transitions. Word has length 32 [2022-02-20 18:12:56,326 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:56,327 INFO L470 AbstractCegarLoop]: Abstraction has 95 states and 122 transitions. [2022-02-20 18:12:56,327 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,327 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 122 transitions. [2022-02-20 18:12:56,329 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-02-20 18:12:56,329 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:56,329 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:56,329 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:12:56,329 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:56,330 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:56,330 INFO L85 PathProgramCache]: Analyzing trace with hash 932141827, now seen corresponding path program 1 times [2022-02-20 18:12:56,330 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:56,330 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1966986982] [2022-02-20 18:12:56,331 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:56,331 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:56,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:56,388 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:12:56,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:56,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {737#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {737#true} is VALID [2022-02-20 18:12:56,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {737#true} assume true; {737#true} is VALID [2022-02-20 18:12:56,394 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {737#true} {738#false} #268#return; {738#false} is VALID [2022-02-20 18:12:56,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:12:56,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:56,408 INFO L290 TraceCheckUtils]: 0: Hoare triple {737#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {737#true} is VALID [2022-02-20 18:12:56,409 INFO L290 TraceCheckUtils]: 1: Hoare triple {737#true} assume true; {737#true} is VALID [2022-02-20 18:12:56,409 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {737#true} {738#false} #276#return; {738#false} is VALID [2022-02-20 18:12:56,409 INFO L290 TraceCheckUtils]: 0: Hoare triple {737#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {737#true} is VALID [2022-02-20 18:12:56,409 INFO L290 TraceCheckUtils]: 1: Hoare triple {737#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {737#true} is VALID [2022-02-20 18:12:56,409 INFO L290 TraceCheckUtils]: 2: Hoare triple {737#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {737#true} is VALID [2022-02-20 18:12:56,410 INFO L290 TraceCheckUtils]: 3: Hoare triple {737#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {737#true} is VALID [2022-02-20 18:12:56,410 INFO L290 TraceCheckUtils]: 4: Hoare triple {737#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {737#true} is VALID [2022-02-20 18:12:56,410 INFO L290 TraceCheckUtils]: 5: Hoare triple {737#true} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {737#true} is VALID [2022-02-20 18:12:56,410 INFO L290 TraceCheckUtils]: 6: Hoare triple {737#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {737#true} is VALID [2022-02-20 18:12:56,412 INFO L290 TraceCheckUtils]: 7: Hoare triple {737#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {739#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:12:56,413 INFO L290 TraceCheckUtils]: 8: Hoare triple {739#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {739#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:12:56,413 INFO L290 TraceCheckUtils]: 9: Hoare triple {739#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {738#false} is VALID [2022-02-20 18:12:56,413 INFO L272 TraceCheckUtils]: 10: Hoare triple {738#false} call cleanup(); {738#false} is VALID [2022-02-20 18:12:56,414 INFO L290 TraceCheckUtils]: 11: Hoare triple {738#false} havoc ~i~0;havoc ~__cil_tmp2~0; {738#false} is VALID [2022-02-20 18:12:56,414 INFO L272 TraceCheckUtils]: 12: Hoare triple {738#false} call timeShift(); {738#false} is VALID [2022-02-20 18:12:56,414 INFO L290 TraceCheckUtils]: 13: Hoare triple {738#false} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {738#false} is VALID [2022-02-20 18:12:56,414 INFO L272 TraceCheckUtils]: 14: Hoare triple {738#false} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {737#true} is VALID [2022-02-20 18:12:56,414 INFO L290 TraceCheckUtils]: 15: Hoare triple {737#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {737#true} is VALID [2022-02-20 18:12:56,414 INFO L290 TraceCheckUtils]: 16: Hoare triple {737#true} assume true; {737#true} is VALID [2022-02-20 18:12:56,415 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {737#true} {738#false} #268#return; {738#false} is VALID [2022-02-20 18:12:56,415 INFO L290 TraceCheckUtils]: 18: Hoare triple {738#false} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {738#false} is VALID [2022-02-20 18:12:56,415 INFO L290 TraceCheckUtils]: 19: Hoare triple {738#false} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {738#false} is VALID [2022-02-20 18:12:56,415 INFO L290 TraceCheckUtils]: 20: Hoare triple {738#false} assume !(0 != ~pumpRunning~0); {738#false} is VALID [2022-02-20 18:12:56,415 INFO L290 TraceCheckUtils]: 21: Hoare triple {738#false} assume !(0 != ~systemActive~0); {738#false} is VALID [2022-02-20 18:12:56,416 INFO L290 TraceCheckUtils]: 22: Hoare triple {738#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {738#false} is VALID [2022-02-20 18:12:56,416 INFO L290 TraceCheckUtils]: 23: Hoare triple {738#false} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {738#false} is VALID [2022-02-20 18:12:56,416 INFO L290 TraceCheckUtils]: 24: Hoare triple {738#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {738#false} is VALID [2022-02-20 18:12:56,416 INFO L272 TraceCheckUtils]: 25: Hoare triple {738#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {737#true} is VALID [2022-02-20 18:12:56,416 INFO L290 TraceCheckUtils]: 26: Hoare triple {737#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {737#true} is VALID [2022-02-20 18:12:56,416 INFO L290 TraceCheckUtils]: 27: Hoare triple {737#true} assume true; {737#true} is VALID [2022-02-20 18:12:56,417 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {737#true} {738#false} #276#return; {738#false} is VALID [2022-02-20 18:12:56,417 INFO L290 TraceCheckUtils]: 29: Hoare triple {738#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {738#false} is VALID [2022-02-20 18:12:56,417 INFO L290 TraceCheckUtils]: 30: Hoare triple {738#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {738#false} is VALID [2022-02-20 18:12:56,417 INFO L290 TraceCheckUtils]: 31: Hoare triple {738#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {738#false} is VALID [2022-02-20 18:12:56,417 INFO L290 TraceCheckUtils]: 32: Hoare triple {738#false} assume !false; {738#false} is VALID [2022-02-20 18:12:56,418 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:56,418 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:56,418 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1966986982] [2022-02-20 18:12:56,418 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1966986982] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:56,418 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:56,418 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:12:56,419 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1165787307] [2022-02-20 18:12:56,419 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:56,420 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-02-20 18:12:56,420 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:56,420 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,443 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:56,443 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:12:56,443 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:56,444 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:12:56,444 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:56,445 INFO L87 Difference]: Start difference. First operand 95 states and 122 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,614 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:56,615 INFO L93 Difference]: Finished difference Result 150 states and 192 transitions. [2022-02-20 18:12:56,615 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:12:56,615 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-02-20 18:12:56,615 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:56,616 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,619 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 192 transitions. [2022-02-20 18:12:56,620 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,623 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 192 transitions. [2022-02-20 18:12:56,623 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 192 transitions. [2022-02-20 18:12:56,776 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 192 edges. 192 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:56,778 INFO L225 Difference]: With dead ends: 150 [2022-02-20 18:12:56,778 INFO L226 Difference]: Without dead ends: 86 [2022-02-20 18:12:56,779 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:12:56,780 INFO L933 BasicCegarLoop]: 109 mSDtfsCounter, 17 mSDsluCounter, 87 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 196 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:56,780 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 196 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:56,781 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 86 states. [2022-02-20 18:12:56,785 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 86 to 86. [2022-02-20 18:12:56,786 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:56,786 INFO L82 GeneralOperation]: Start isEquivalent. First operand 86 states. Second operand has 86 states, 67 states have (on average 1.3134328358208955) internal successors, (88), 75 states have internal predecessors, (88), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:12:56,786 INFO L74 IsIncluded]: Start isIncluded. First operand 86 states. Second operand has 86 states, 67 states have (on average 1.3134328358208955) internal successors, (88), 75 states have internal predecessors, (88), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:12:56,787 INFO L87 Difference]: Start difference. First operand 86 states. Second operand has 86 states, 67 states have (on average 1.3134328358208955) internal successors, (88), 75 states have internal predecessors, (88), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:12:56,790 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:56,790 INFO L93 Difference]: Finished difference Result 86 states and 110 transitions. [2022-02-20 18:12:56,790 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 110 transitions. [2022-02-20 18:12:56,791 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:56,791 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:56,791 INFO L74 IsIncluded]: Start isIncluded. First operand has 86 states, 67 states have (on average 1.3134328358208955) internal successors, (88), 75 states have internal predecessors, (88), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) Second operand 86 states. [2022-02-20 18:12:56,793 INFO L87 Difference]: Start difference. First operand has 86 states, 67 states have (on average 1.3134328358208955) internal successors, (88), 75 states have internal predecessors, (88), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) Second operand 86 states. [2022-02-20 18:12:56,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:56,796 INFO L93 Difference]: Finished difference Result 86 states and 110 transitions. [2022-02-20 18:12:56,796 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 110 transitions. [2022-02-20 18:12:56,796 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:56,796 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:56,796 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:56,797 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:56,797 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 86 states, 67 states have (on average 1.3134328358208955) internal successors, (88), 75 states have internal predecessors, (88), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:12:56,799 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 86 states to 86 states and 110 transitions. [2022-02-20 18:12:56,807 INFO L78 Accepts]: Start accepts. Automaton has 86 states and 110 transitions. Word has length 33 [2022-02-20 18:12:56,807 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:56,807 INFO L470 AbstractCegarLoop]: Abstraction has 86 states and 110 transitions. [2022-02-20 18:12:56,808 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:56,808 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 110 transitions. [2022-02-20 18:12:56,810 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:12:56,810 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:56,810 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:56,811 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:12:56,811 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:56,812 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:56,812 INFO L85 PathProgramCache]: Analyzing trace with hash -509762780, now seen corresponding path program 1 times [2022-02-20 18:12:56,812 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:56,813 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [426330078] [2022-02-20 18:12:56,813 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:56,813 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:56,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:56,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:12:56,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:56,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {1264#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {1264#true} is VALID [2022-02-20 18:12:56,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {1264#true} assume true; {1264#true} is VALID [2022-02-20 18:12:56,894 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1264#true} {1268#(not (= 0 ~systemActive~0))} #268#return; {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,895 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:12:56,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:56,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {1264#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {1264#true} is VALID [2022-02-20 18:12:56,898 INFO L290 TraceCheckUtils]: 1: Hoare triple {1264#true} assume true; {1264#true} is VALID [2022-02-20 18:12:56,898 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1264#true} {1265#false} #276#return; {1265#false} is VALID [2022-02-20 18:12:56,898 INFO L290 TraceCheckUtils]: 0: Hoare triple {1264#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {1264#true} is VALID [2022-02-20 18:12:56,898 INFO L290 TraceCheckUtils]: 1: Hoare triple {1264#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {1264#true} is VALID [2022-02-20 18:12:56,898 INFO L290 TraceCheckUtils]: 2: Hoare triple {1264#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1264#true} is VALID [2022-02-20 18:12:56,899 INFO L290 TraceCheckUtils]: 3: Hoare triple {1264#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {1266#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:12:56,899 INFO L290 TraceCheckUtils]: 4: Hoare triple {1266#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {1267#(= |ULTIMATE.start_main_~tmp~10#1| 1)} is VALID [2022-02-20 18:12:56,900 INFO L290 TraceCheckUtils]: 5: Hoare triple {1267#(= |ULTIMATE.start_main_~tmp~10#1| 1)} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {1264#true} is VALID [2022-02-20 18:12:56,900 INFO L290 TraceCheckUtils]: 6: Hoare triple {1264#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {1264#true} is VALID [2022-02-20 18:12:56,900 INFO L290 TraceCheckUtils]: 7: Hoare triple {1264#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1264#true} is VALID [2022-02-20 18:12:56,900 INFO L290 TraceCheckUtils]: 8: Hoare triple {1264#true} assume !false; {1264#true} is VALID [2022-02-20 18:12:56,900 INFO L290 TraceCheckUtils]: 9: Hoare triple {1264#true} assume test_~splverifierCounter~0#1 < 4; {1264#true} is VALID [2022-02-20 18:12:56,901 INFO L290 TraceCheckUtils]: 10: Hoare triple {1264#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {1264#true} is VALID [2022-02-20 18:12:56,901 INFO L290 TraceCheckUtils]: 11: Hoare triple {1264#true} assume !(0 != test_~tmp~5#1); {1264#true} is VALID [2022-02-20 18:12:56,901 INFO L290 TraceCheckUtils]: 12: Hoare triple {1264#true} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {1264#true} is VALID [2022-02-20 18:12:56,901 INFO L290 TraceCheckUtils]: 13: Hoare triple {1264#true} assume !(0 != test_~tmp___0~2#1); {1264#true} is VALID [2022-02-20 18:12:56,901 INFO L290 TraceCheckUtils]: 14: Hoare triple {1264#true} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {1264#true} is VALID [2022-02-20 18:12:56,902 INFO L290 TraceCheckUtils]: 15: Hoare triple {1264#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,902 INFO L290 TraceCheckUtils]: 16: Hoare triple {1268#(not (= 0 ~systemActive~0))} assume { :end_inline_startSystem } true; {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,903 INFO L272 TraceCheckUtils]: 17: Hoare triple {1268#(not (= 0 ~systemActive~0))} call timeShift(); {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,903 INFO L290 TraceCheckUtils]: 18: Hoare triple {1268#(not (= 0 ~systemActive~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,903 INFO L272 TraceCheckUtils]: 19: Hoare triple {1268#(not (= 0 ~systemActive~0))} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {1264#true} is VALID [2022-02-20 18:12:56,904 INFO L290 TraceCheckUtils]: 20: Hoare triple {1264#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {1264#true} is VALID [2022-02-20 18:12:56,904 INFO L290 TraceCheckUtils]: 21: Hoare triple {1264#true} assume true; {1264#true} is VALID [2022-02-20 18:12:56,904 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1264#true} {1268#(not (= 0 ~systemActive~0))} #268#return; {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,905 INFO L290 TraceCheckUtils]: 23: Hoare triple {1268#(not (= 0 ~systemActive~0))} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,905 INFO L290 TraceCheckUtils]: 24: Hoare triple {1268#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,905 INFO L290 TraceCheckUtils]: 25: Hoare triple {1268#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {1268#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:12:56,906 INFO L290 TraceCheckUtils]: 26: Hoare triple {1268#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {1265#false} is VALID [2022-02-20 18:12:56,906 INFO L290 TraceCheckUtils]: 27: Hoare triple {1265#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {1265#false} is VALID [2022-02-20 18:12:56,906 INFO L290 TraceCheckUtils]: 28: Hoare triple {1265#false} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {1265#false} is VALID [2022-02-20 18:12:56,906 INFO L290 TraceCheckUtils]: 29: Hoare triple {1265#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {1265#false} is VALID [2022-02-20 18:12:56,907 INFO L272 TraceCheckUtils]: 30: Hoare triple {1265#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {1264#true} is VALID [2022-02-20 18:12:56,907 INFO L290 TraceCheckUtils]: 31: Hoare triple {1264#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {1264#true} is VALID [2022-02-20 18:12:56,907 INFO L290 TraceCheckUtils]: 32: Hoare triple {1264#true} assume true; {1264#true} is VALID [2022-02-20 18:12:56,907 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {1264#true} {1265#false} #276#return; {1265#false} is VALID [2022-02-20 18:12:56,907 INFO L290 TraceCheckUtils]: 34: Hoare triple {1265#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {1265#false} is VALID [2022-02-20 18:12:56,907 INFO L290 TraceCheckUtils]: 35: Hoare triple {1265#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {1265#false} is VALID [2022-02-20 18:12:56,908 INFO L290 TraceCheckUtils]: 36: Hoare triple {1265#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {1265#false} is VALID [2022-02-20 18:12:56,908 INFO L290 TraceCheckUtils]: 37: Hoare triple {1265#false} assume !false; {1265#false} is VALID [2022-02-20 18:12:56,908 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:56,908 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:56,908 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [426330078] [2022-02-20 18:12:56,909 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [426330078] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:56,909 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:56,909 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:12:56,909 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [988945278] [2022-02-20 18:12:56,909 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:56,910 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-02-20 18:12:56,910 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:56,910 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:56,933 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:56,934 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:12:56,934 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:56,935 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:12:56,935 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:12:56,936 INFO L87 Difference]: Start difference. First operand 86 states and 110 transitions. Second operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:57,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:57,260 INFO L93 Difference]: Finished difference Result 211 states and 274 transitions. [2022-02-20 18:12:57,260 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:12:57,260 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-02-20 18:12:57,260 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:57,260 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:57,269 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 274 transitions. [2022-02-20 18:12:57,269 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:57,273 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 274 transitions. [2022-02-20 18:12:57,273 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 274 transitions. [2022-02-20 18:12:57,483 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 274 edges. 274 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:57,491 INFO L225 Difference]: With dead ends: 211 [2022-02-20 18:12:57,491 INFO L226 Difference]: Without dead ends: 133 [2022-02-20 18:12:57,494 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:12:57,495 INFO L933 BasicCegarLoop]: 123 mSDtfsCounter, 171 mSDsluCounter, 251 mSDsCounter, 0 mSdLazyCounter, 12 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 171 SdHoareTripleChecker+Valid, 374 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 12 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:57,495 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [171 Valid, 374 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 12 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:12:57,496 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 133 states. [2022-02-20 18:12:57,510 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 133 to 130. [2022-02-20 18:12:57,510 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:57,511 INFO L82 GeneralOperation]: Start isEquivalent. First operand 133 states. Second operand has 130 states, 100 states have (on average 1.33) internal successors, (133), 111 states have internal predecessors, (133), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 13 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:12:57,511 INFO L74 IsIncluded]: Start isIncluded. First operand 133 states. Second operand has 130 states, 100 states have (on average 1.33) internal successors, (133), 111 states have internal predecessors, (133), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 13 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:12:57,512 INFO L87 Difference]: Start difference. First operand 133 states. Second operand has 130 states, 100 states have (on average 1.33) internal successors, (133), 111 states have internal predecessors, (133), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 13 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:12:57,521 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:57,522 INFO L93 Difference]: Finished difference Result 133 states and 170 transitions. [2022-02-20 18:12:57,522 INFO L276 IsEmpty]: Start isEmpty. Operand 133 states and 170 transitions. [2022-02-20 18:12:57,524 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:57,527 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:57,528 INFO L74 IsIncluded]: Start isIncluded. First operand has 130 states, 100 states have (on average 1.33) internal successors, (133), 111 states have internal predecessors, (133), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 13 states have call predecessors, (18), 17 states have call successors, (18) Second operand 133 states. [2022-02-20 18:12:57,529 INFO L87 Difference]: Start difference. First operand has 130 states, 100 states have (on average 1.33) internal successors, (133), 111 states have internal predecessors, (133), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 13 states have call predecessors, (18), 17 states have call successors, (18) Second operand 133 states. [2022-02-20 18:12:57,534 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:57,535 INFO L93 Difference]: Finished difference Result 133 states and 170 transitions. [2022-02-20 18:12:57,535 INFO L276 IsEmpty]: Start isEmpty. Operand 133 states and 170 transitions. [2022-02-20 18:12:57,536 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:57,536 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:57,537 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:57,538 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:57,538 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 130 states, 100 states have (on average 1.33) internal successors, (133), 111 states have internal predecessors, (133), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 13 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:12:57,543 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 130 states to 130 states and 168 transitions. [2022-02-20 18:12:57,544 INFO L78 Accepts]: Start accepts. Automaton has 130 states and 168 transitions. Word has length 38 [2022-02-20 18:12:57,544 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:57,544 INFO L470 AbstractCegarLoop]: Abstraction has 130 states and 168 transitions. [2022-02-20 18:12:57,544 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:12:57,547 INFO L276 IsEmpty]: Start isEmpty. Operand 130 states and 168 transitions. [2022-02-20 18:12:57,549 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 18:12:57,549 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:57,550 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:57,550 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:12:57,550 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:57,551 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:57,551 INFO L85 PathProgramCache]: Analyzing trace with hash -1072402805, now seen corresponding path program 1 times [2022-02-20 18:12:57,551 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:57,551 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1295095400] [2022-02-20 18:12:57,551 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:57,551 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:57,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:57,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-02-20 18:12:57,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:57,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {2036#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {2036#true} is VALID [2022-02-20 18:12:57,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {2036#true} assume true; {2036#true} is VALID [2022-02-20 18:12:57,661 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2036#true} {2038#(= ~pumpRunning~0 0)} #268#return; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:12:57,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:57,676 INFO L290 TraceCheckUtils]: 0: Hoare triple {2036#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:57,677 INFO L290 TraceCheckUtils]: 1: Hoare triple {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:57,677 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} {2038#(= ~pumpRunning~0 0)} #276#return; {2045#(= 0 |timeShift___utac_acc__Specification5_spec__3_#t~ret24#1|)} is VALID [2022-02-20 18:12:57,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {2036#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,679 INFO L290 TraceCheckUtils]: 3: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,680 INFO L290 TraceCheckUtils]: 4: Hoare triple {2038#(= ~pumpRunning~0 0)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,680 INFO L290 TraceCheckUtils]: 5: Hoare triple {2038#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,680 INFO L290 TraceCheckUtils]: 6: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,681 INFO L290 TraceCheckUtils]: 7: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,681 INFO L290 TraceCheckUtils]: 8: Hoare triple {2038#(= ~pumpRunning~0 0)} assume !false; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,681 INFO L290 TraceCheckUtils]: 9: Hoare triple {2038#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,682 INFO L290 TraceCheckUtils]: 10: Hoare triple {2038#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,682 INFO L290 TraceCheckUtils]: 11: Hoare triple {2038#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~5#1); {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,683 INFO L290 TraceCheckUtils]: 12: Hoare triple {2038#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,683 INFO L290 TraceCheckUtils]: 13: Hoare triple {2038#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~2#1); {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,683 INFO L290 TraceCheckUtils]: 14: Hoare triple {2038#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,684 INFO L290 TraceCheckUtils]: 15: Hoare triple {2038#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet21#1 && test_#t~nondet21#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet21#1;havoc test_#t~nondet21#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,684 INFO L290 TraceCheckUtils]: 16: Hoare triple {2038#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,685 INFO L290 TraceCheckUtils]: 17: Hoare triple {2038#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,685 INFO L290 TraceCheckUtils]: 18: Hoare triple {2038#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,686 INFO L290 TraceCheckUtils]: 19: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,686 INFO L272 TraceCheckUtils]: 20: Hoare triple {2038#(= ~pumpRunning~0 0)} call timeShift(); {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,686 INFO L290 TraceCheckUtils]: 21: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,687 INFO L272 TraceCheckUtils]: 22: Hoare triple {2038#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {2036#true} is VALID [2022-02-20 18:12:57,687 INFO L290 TraceCheckUtils]: 23: Hoare triple {2036#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {2036#true} is VALID [2022-02-20 18:12:57,687 INFO L290 TraceCheckUtils]: 24: Hoare triple {2036#true} assume true; {2036#true} is VALID [2022-02-20 18:12:57,687 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {2036#true} {2038#(= ~pumpRunning~0 0)} #268#return; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,688 INFO L290 TraceCheckUtils]: 26: Hoare triple {2038#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,688 INFO L290 TraceCheckUtils]: 27: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,688 INFO L290 TraceCheckUtils]: 28: Hoare triple {2038#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,689 INFO L290 TraceCheckUtils]: 29: Hoare triple {2038#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,689 INFO L290 TraceCheckUtils]: 30: Hoare triple {2038#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,690 INFO L290 TraceCheckUtils]: 31: Hoare triple {2038#(= ~pumpRunning~0 0)} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,690 INFO L290 TraceCheckUtils]: 32: Hoare triple {2038#(= ~pumpRunning~0 0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {2038#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:12:57,690 INFO L272 TraceCheckUtils]: 33: Hoare triple {2038#(= ~pumpRunning~0 0)} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {2036#true} is VALID [2022-02-20 18:12:57,691 INFO L290 TraceCheckUtils]: 34: Hoare triple {2036#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:57,691 INFO L290 TraceCheckUtils]: 35: Hoare triple {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:12:57,692 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {2047#(= ~pumpRunning~0 |isPumpRunning_#res|)} {2038#(= ~pumpRunning~0 0)} #276#return; {2045#(= 0 |timeShift___utac_acc__Specification5_spec__3_#t~ret24#1|)} is VALID [2022-02-20 18:12:57,692 INFO L290 TraceCheckUtils]: 37: Hoare triple {2045#(= 0 |timeShift___utac_acc__Specification5_spec__3_#t~ret24#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {2046#(= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~3#1| 0)} is VALID [2022-02-20 18:12:57,693 INFO L290 TraceCheckUtils]: 38: Hoare triple {2046#(= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~3#1| 0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {2037#false} is VALID [2022-02-20 18:12:57,693 INFO L290 TraceCheckUtils]: 39: Hoare triple {2037#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {2037#false} is VALID [2022-02-20 18:12:57,693 INFO L290 TraceCheckUtils]: 40: Hoare triple {2037#false} assume !false; {2037#false} is VALID [2022-02-20 18:12:57,694 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-02-20 18:12:57,694 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:57,694 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1295095400] [2022-02-20 18:12:57,695 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1295095400] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:57,695 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:57,695 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:12:57,695 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [634515638] [2022-02-20 18:12:57,695 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:57,696 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-02-20 18:12:57,698 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:57,698 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:57,730 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:57,730 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:12:57,730 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:57,731 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:12:57,731 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:12:57,731 INFO L87 Difference]: Start difference. First operand 130 states and 168 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:58,123 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:58,124 INFO L93 Difference]: Finished difference Result 301 states and 400 transitions. [2022-02-20 18:12:58,124 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:12:58,124 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-02-20 18:12:58,125 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:58,125 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:58,129 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 285 transitions. [2022-02-20 18:12:58,130 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:58,134 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 285 transitions. [2022-02-20 18:12:58,135 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 285 transitions. [2022-02-20 18:12:58,361 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 285 edges. 285 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:58,366 INFO L225 Difference]: With dead ends: 301 [2022-02-20 18:12:58,366 INFO L226 Difference]: Without dead ends: 179 [2022-02-20 18:12:58,367 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:12:58,368 INFO L933 BasicCegarLoop]: 120 mSDtfsCounter, 55 mSDsluCounter, 391 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 56 SdHoareTripleChecker+Valid, 511 SdHoareTripleChecker+Invalid, 79 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:58,369 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [56 Valid, 511 Invalid, 79 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:12:58,370 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 179 states. [2022-02-20 18:12:58,381 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 179 to 169. [2022-02-20 18:12:58,381 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:58,382 INFO L82 GeneralOperation]: Start isEquivalent. First operand 179 states. Second operand has 169 states, 130 states have (on average 1.2692307692307692) internal successors, (165), 141 states have internal predecessors, (165), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (27), 20 states have call predecessors, (27), 21 states have call successors, (27) [2022-02-20 18:12:58,383 INFO L74 IsIncluded]: Start isIncluded. First operand 179 states. Second operand has 169 states, 130 states have (on average 1.2692307692307692) internal successors, (165), 141 states have internal predecessors, (165), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (27), 20 states have call predecessors, (27), 21 states have call successors, (27) [2022-02-20 18:12:58,383 INFO L87 Difference]: Start difference. First operand 179 states. Second operand has 169 states, 130 states have (on average 1.2692307692307692) internal successors, (165), 141 states have internal predecessors, (165), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (27), 20 states have call predecessors, (27), 21 states have call successors, (27) [2022-02-20 18:12:58,389 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:58,389 INFO L93 Difference]: Finished difference Result 179 states and 227 transitions. [2022-02-20 18:12:58,390 INFO L276 IsEmpty]: Start isEmpty. Operand 179 states and 227 transitions. [2022-02-20 18:12:58,390 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:58,390 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:58,391 INFO L74 IsIncluded]: Start isIncluded. First operand has 169 states, 130 states have (on average 1.2692307692307692) internal successors, (165), 141 states have internal predecessors, (165), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (27), 20 states have call predecessors, (27), 21 states have call successors, (27) Second operand 179 states. [2022-02-20 18:12:58,392 INFO L87 Difference]: Start difference. First operand has 169 states, 130 states have (on average 1.2692307692307692) internal successors, (165), 141 states have internal predecessors, (165), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (27), 20 states have call predecessors, (27), 21 states have call successors, (27) Second operand 179 states. [2022-02-20 18:12:58,397 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:58,398 INFO L93 Difference]: Finished difference Result 179 states and 227 transitions. [2022-02-20 18:12:58,398 INFO L276 IsEmpty]: Start isEmpty. Operand 179 states and 227 transitions. [2022-02-20 18:12:58,398 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:58,399 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:58,399 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:58,399 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:58,400 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 169 states, 130 states have (on average 1.2692307692307692) internal successors, (165), 141 states have internal predecessors, (165), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (27), 20 states have call predecessors, (27), 21 states have call successors, (27) [2022-02-20 18:12:58,405 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 169 states to 169 states and 213 transitions. [2022-02-20 18:12:58,405 INFO L78 Accepts]: Start accepts. Automaton has 169 states and 213 transitions. Word has length 41 [2022-02-20 18:12:58,405 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:58,406 INFO L470 AbstractCegarLoop]: Abstraction has 169 states and 213 transitions. [2022-02-20 18:12:58,406 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:12:58,406 INFO L276 IsEmpty]: Start isEmpty. Operand 169 states and 213 transitions. [2022-02-20 18:12:58,407 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-02-20 18:12:58,407 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:58,407 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:58,407 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:12:58,408 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:58,408 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:58,408 INFO L85 PathProgramCache]: Analyzing trace with hash -2130728348, now seen corresponding path program 1 times [2022-02-20 18:12:58,408 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:58,409 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [141039378] [2022-02-20 18:12:58,409 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:58,409 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:58,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:58,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:12:58,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:58,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {3077#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {3077#true} is VALID [2022-02-20 18:12:58,465 INFO L290 TraceCheckUtils]: 1: Hoare triple {3077#true} assume true; {3077#true} is VALID [2022-02-20 18:12:58,465 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3077#true} {3077#true} #268#return; {3077#true} is VALID [2022-02-20 18:12:58,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:12:58,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:58,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {3100#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {3077#true} is VALID [2022-02-20 18:12:58,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {3077#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {3077#true} is VALID [2022-02-20 18:12:58,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {3077#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~12#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {3077#true} is VALID [2022-02-20 18:12:58,498 INFO L290 TraceCheckUtils]: 3: Hoare triple {3077#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {3077#true} is VALID [2022-02-20 18:12:58,498 INFO L290 TraceCheckUtils]: 4: Hoare triple {3077#true} assume 0 != isHighWaterLevel_~tmp~3#1;isHighWaterLevel_~tmp___0~0#1 := 0; {3101#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:12:58,499 INFO L290 TraceCheckUtils]: 5: Hoare triple {3101#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {3102#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:12:58,499 INFO L290 TraceCheckUtils]: 6: Hoare triple {3102#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {3103#(= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)} is VALID [2022-02-20 18:12:58,500 INFO L290 TraceCheckUtils]: 7: Hoare triple {3103#(= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {3078#false} is VALID [2022-02-20 18:12:58,500 INFO L290 TraceCheckUtils]: 8: Hoare triple {3078#false} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {3078#false} is VALID [2022-02-20 18:12:58,500 INFO L290 TraceCheckUtils]: 9: Hoare triple {3078#false} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {3078#false} is VALID [2022-02-20 18:12:58,500 INFO L290 TraceCheckUtils]: 10: Hoare triple {3078#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {3078#false} is VALID [2022-02-20 18:12:58,501 INFO L290 TraceCheckUtils]: 11: Hoare triple {3078#false} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {3078#false} is VALID [2022-02-20 18:12:58,501 INFO L290 TraceCheckUtils]: 12: Hoare triple {3078#false} assume { :end_inline_activatePump } true; {3078#false} is VALID [2022-02-20 18:12:58,501 INFO L290 TraceCheckUtils]: 13: Hoare triple {3078#false} assume true; {3078#false} is VALID [2022-02-20 18:12:58,501 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {3078#false} {3077#true} #274#return; {3078#false} is VALID [2022-02-20 18:12:58,502 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:12:58,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:58,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {3077#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {3077#true} is VALID [2022-02-20 18:12:58,506 INFO L290 TraceCheckUtils]: 1: Hoare triple {3077#true} assume true; {3077#true} is VALID [2022-02-20 18:12:58,506 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3077#true} {3078#false} #276#return; {3078#false} is VALID [2022-02-20 18:12:58,506 INFO L290 TraceCheckUtils]: 0: Hoare triple {3077#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {3077#true} is VALID [2022-02-20 18:12:58,506 INFO L290 TraceCheckUtils]: 1: Hoare triple {3077#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {3077#true} is VALID [2022-02-20 18:12:58,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {3077#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3077#true} is VALID [2022-02-20 18:12:58,507 INFO L290 TraceCheckUtils]: 3: Hoare triple {3077#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {3077#true} is VALID [2022-02-20 18:12:58,507 INFO L290 TraceCheckUtils]: 4: Hoare triple {3077#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {3077#true} is VALID [2022-02-20 18:12:58,507 INFO L290 TraceCheckUtils]: 5: Hoare triple {3077#true} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {3077#true} is VALID [2022-02-20 18:12:58,507 INFO L290 TraceCheckUtils]: 6: Hoare triple {3077#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {3077#true} is VALID [2022-02-20 18:12:58,507 INFO L290 TraceCheckUtils]: 7: Hoare triple {3077#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3077#true} is VALID [2022-02-20 18:12:58,508 INFO L290 TraceCheckUtils]: 8: Hoare triple {3077#true} assume !false; {3077#true} is VALID [2022-02-20 18:12:58,508 INFO L290 TraceCheckUtils]: 9: Hoare triple {3077#true} assume test_~splverifierCounter~0#1 < 4; {3077#true} is VALID [2022-02-20 18:12:58,508 INFO L290 TraceCheckUtils]: 10: Hoare triple {3077#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {3077#true} is VALID [2022-02-20 18:12:58,508 INFO L290 TraceCheckUtils]: 11: Hoare triple {3077#true} assume !(0 != test_~tmp~5#1); {3077#true} is VALID [2022-02-20 18:12:58,508 INFO L290 TraceCheckUtils]: 12: Hoare triple {3077#true} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {3077#true} is VALID [2022-02-20 18:12:58,509 INFO L290 TraceCheckUtils]: 13: Hoare triple {3077#true} assume !(0 != test_~tmp___0~2#1); {3077#true} is VALID [2022-02-20 18:12:58,509 INFO L290 TraceCheckUtils]: 14: Hoare triple {3077#true} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {3077#true} is VALID [2022-02-20 18:12:58,509 INFO L290 TraceCheckUtils]: 15: Hoare triple {3077#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {3077#true} is VALID [2022-02-20 18:12:58,509 INFO L290 TraceCheckUtils]: 16: Hoare triple {3077#true} assume { :end_inline_startSystem } true; {3077#true} is VALID [2022-02-20 18:12:58,509 INFO L272 TraceCheckUtils]: 17: Hoare triple {3077#true} call timeShift(); {3077#true} is VALID [2022-02-20 18:12:58,509 INFO L290 TraceCheckUtils]: 18: Hoare triple {3077#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {3077#true} is VALID [2022-02-20 18:12:58,510 INFO L272 TraceCheckUtils]: 19: Hoare triple {3077#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {3077#true} is VALID [2022-02-20 18:12:58,510 INFO L290 TraceCheckUtils]: 20: Hoare triple {3077#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {3077#true} is VALID [2022-02-20 18:12:58,510 INFO L290 TraceCheckUtils]: 21: Hoare triple {3077#true} assume true; {3077#true} is VALID [2022-02-20 18:12:58,510 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3077#true} {3077#true} #268#return; {3077#true} is VALID [2022-02-20 18:12:58,510 INFO L290 TraceCheckUtils]: 23: Hoare triple {3077#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {3077#true} is VALID [2022-02-20 18:12:58,511 INFO L290 TraceCheckUtils]: 24: Hoare triple {3077#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {3077#true} is VALID [2022-02-20 18:12:58,511 INFO L290 TraceCheckUtils]: 25: Hoare triple {3077#true} assume !(0 != ~pumpRunning~0); {3077#true} is VALID [2022-02-20 18:12:58,511 INFO L290 TraceCheckUtils]: 26: Hoare triple {3077#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {3077#true} is VALID [2022-02-20 18:12:58,511 INFO L290 TraceCheckUtils]: 27: Hoare triple {3077#true} assume !(0 != ~pumpRunning~0); {3077#true} is VALID [2022-02-20 18:12:58,512 INFO L272 TraceCheckUtils]: 28: Hoare triple {3077#true} call processEnvironment__wrappee__highWaterSensor(); {3100#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:12:58,512 INFO L290 TraceCheckUtils]: 29: Hoare triple {3100#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {3077#true} is VALID [2022-02-20 18:12:58,513 INFO L290 TraceCheckUtils]: 30: Hoare triple {3077#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {3077#true} is VALID [2022-02-20 18:12:58,513 INFO L290 TraceCheckUtils]: 31: Hoare triple {3077#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~12#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {3077#true} is VALID [2022-02-20 18:12:58,513 INFO L290 TraceCheckUtils]: 32: Hoare triple {3077#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {3077#true} is VALID [2022-02-20 18:12:58,513 INFO L290 TraceCheckUtils]: 33: Hoare triple {3077#true} assume 0 != isHighWaterLevel_~tmp~3#1;isHighWaterLevel_~tmp___0~0#1 := 0; {3101#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:12:58,514 INFO L290 TraceCheckUtils]: 34: Hoare triple {3101#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {3102#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:12:58,514 INFO L290 TraceCheckUtils]: 35: Hoare triple {3102#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {3103#(= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)} is VALID [2022-02-20 18:12:58,515 INFO L290 TraceCheckUtils]: 36: Hoare triple {3103#(= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {3078#false} is VALID [2022-02-20 18:12:58,515 INFO L290 TraceCheckUtils]: 37: Hoare triple {3078#false} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {3078#false} is VALID [2022-02-20 18:12:58,515 INFO L290 TraceCheckUtils]: 38: Hoare triple {3078#false} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {3078#false} is VALID [2022-02-20 18:12:58,515 INFO L290 TraceCheckUtils]: 39: Hoare triple {3078#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {3078#false} is VALID [2022-02-20 18:12:58,516 INFO L290 TraceCheckUtils]: 40: Hoare triple {3078#false} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {3078#false} is VALID [2022-02-20 18:12:58,516 INFO L290 TraceCheckUtils]: 41: Hoare triple {3078#false} assume { :end_inline_activatePump } true; {3078#false} is VALID [2022-02-20 18:12:58,516 INFO L290 TraceCheckUtils]: 42: Hoare triple {3078#false} assume true; {3078#false} is VALID [2022-02-20 18:12:58,516 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {3078#false} {3077#true} #274#return; {3078#false} is VALID [2022-02-20 18:12:58,516 INFO L290 TraceCheckUtils]: 44: Hoare triple {3078#false} assume { :end_inline_processEnvironment } true; {3078#false} is VALID [2022-02-20 18:12:58,517 INFO L290 TraceCheckUtils]: 45: Hoare triple {3078#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {3078#false} is VALID [2022-02-20 18:12:58,517 INFO L290 TraceCheckUtils]: 46: Hoare triple {3078#false} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {3078#false} is VALID [2022-02-20 18:12:58,517 INFO L290 TraceCheckUtils]: 47: Hoare triple {3078#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {3078#false} is VALID [2022-02-20 18:12:58,517 INFO L272 TraceCheckUtils]: 48: Hoare triple {3078#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {3077#true} is VALID [2022-02-20 18:12:58,517 INFO L290 TraceCheckUtils]: 49: Hoare triple {3077#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {3077#true} is VALID [2022-02-20 18:12:58,517 INFO L290 TraceCheckUtils]: 50: Hoare triple {3077#true} assume true; {3077#true} is VALID [2022-02-20 18:12:58,518 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {3077#true} {3078#false} #276#return; {3078#false} is VALID [2022-02-20 18:12:58,518 INFO L290 TraceCheckUtils]: 52: Hoare triple {3078#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {3078#false} is VALID [2022-02-20 18:12:58,518 INFO L290 TraceCheckUtils]: 53: Hoare triple {3078#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {3078#false} is VALID [2022-02-20 18:12:58,518 INFO L290 TraceCheckUtils]: 54: Hoare triple {3078#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {3078#false} is VALID [2022-02-20 18:12:58,518 INFO L290 TraceCheckUtils]: 55: Hoare triple {3078#false} assume !false; {3078#false} is VALID [2022-02-20 18:12:58,519 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:58,519 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:58,519 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [141039378] [2022-02-20 18:12:58,519 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [141039378] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:58,520 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:58,520 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:12:58,520 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1338851271] [2022-02-20 18:12:58,520 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:58,521 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-02-20 18:12:58,521 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:58,521 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:58,556 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 54 edges. 54 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:58,557 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:12:58,557 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:58,558 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:12:58,558 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:12:58,558 INFO L87 Difference]: Start difference. First operand 169 states and 213 transitions. Second operand has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:59,003 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:59,006 INFO L93 Difference]: Finished difference Result 363 states and 470 transitions. [2022-02-20 18:12:59,006 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:12:59,007 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-02-20 18:12:59,007 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:12:59,009 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:59,014 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 247 transitions. [2022-02-20 18:12:59,014 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:59,018 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 247 transitions. [2022-02-20 18:12:59,018 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 247 transitions. [2022-02-20 18:12:59,209 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 247 edges. 247 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:59,214 INFO L225 Difference]: With dead ends: 363 [2022-02-20 18:12:59,214 INFO L226 Difference]: Without dead ends: 202 [2022-02-20 18:12:59,215 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:12:59,216 INFO L933 BasicCegarLoop]: 102 mSDtfsCounter, 71 mSDsluCounter, 310 mSDsCounter, 0 mSdLazyCounter, 116 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 74 SdHoareTripleChecker+Valid, 412 SdHoareTripleChecker+Invalid, 138 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 116 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:12:59,216 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [74 Valid, 412 Invalid, 138 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 116 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:12:59,217 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 202 states. [2022-02-20 18:12:59,227 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 202 to 195. [2022-02-20 18:12:59,228 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:12:59,228 INFO L82 GeneralOperation]: Start isEquivalent. First operand 202 states. Second operand has 195 states, 151 states have (on average 1.2582781456953642) internal successors, (190), 162 states have internal predecessors, (190), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:12:59,229 INFO L74 IsIncluded]: Start isIncluded. First operand 202 states. Second operand has 195 states, 151 states have (on average 1.2582781456953642) internal successors, (190), 162 states have internal predecessors, (190), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:12:59,230 INFO L87 Difference]: Start difference. First operand 202 states. Second operand has 195 states, 151 states have (on average 1.2582781456953642) internal successors, (190), 162 states have internal predecessors, (190), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:12:59,236 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:59,236 INFO L93 Difference]: Finished difference Result 202 states and 254 transitions. [2022-02-20 18:12:59,237 INFO L276 IsEmpty]: Start isEmpty. Operand 202 states and 254 transitions. [2022-02-20 18:12:59,238 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:59,238 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:59,239 INFO L74 IsIncluded]: Start isIncluded. First operand has 195 states, 151 states have (on average 1.2582781456953642) internal successors, (190), 162 states have internal predecessors, (190), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) Second operand 202 states. [2022-02-20 18:12:59,239 INFO L87 Difference]: Start difference. First operand has 195 states, 151 states have (on average 1.2582781456953642) internal successors, (190), 162 states have internal predecessors, (190), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) Second operand 202 states. [2022-02-20 18:12:59,246 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:12:59,246 INFO L93 Difference]: Finished difference Result 202 states and 254 transitions. [2022-02-20 18:12:59,246 INFO L276 IsEmpty]: Start isEmpty. Operand 202 states and 254 transitions. [2022-02-20 18:12:59,247 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:12:59,247 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:12:59,247 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:12:59,248 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:12:59,248 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 195 states, 151 states have (on average 1.2582781456953642) internal successors, (190), 162 states have internal predecessors, (190), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:12:59,254 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 195 states to 195 states and 245 transitions. [2022-02-20 18:12:59,255 INFO L78 Accepts]: Start accepts. Automaton has 195 states and 245 transitions. Word has length 56 [2022-02-20 18:12:59,255 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:12:59,255 INFO L470 AbstractCegarLoop]: Abstraction has 195 states and 245 transitions. [2022-02-20 18:12:59,256 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:59,256 INFO L276 IsEmpty]: Start isEmpty. Operand 195 states and 245 transitions. [2022-02-20 18:12:59,257 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-02-20 18:12:59,257 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:12:59,257 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:12:59,257 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:12:59,257 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:12:59,258 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:12:59,258 INFO L85 PathProgramCache]: Analyzing trace with hash 358800614, now seen corresponding path program 1 times [2022-02-20 18:12:59,258 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:12:59,258 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1678341937] [2022-02-20 18:12:59,259 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:12:59,259 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:12:59,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:59,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:12:59,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:59,305 INFO L290 TraceCheckUtils]: 0: Hoare triple {4300#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {4300#true} is VALID [2022-02-20 18:12:59,305 INFO L290 TraceCheckUtils]: 1: Hoare triple {4300#true} assume true; {4300#true} is VALID [2022-02-20 18:12:59,305 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4300#true} {4300#true} #268#return; {4300#true} is VALID [2022-02-20 18:12:59,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:12:59,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:59,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {4325#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {4300#true} is VALID [2022-02-20 18:12:59,339 INFO L290 TraceCheckUtils]: 1: Hoare triple {4300#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {4300#true} is VALID [2022-02-20 18:12:59,341 INFO L290 TraceCheckUtils]: 2: Hoare triple {4300#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~12#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {4326#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:12:59,341 INFO L290 TraceCheckUtils]: 3: Hoare triple {4326#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {4327#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0))} is VALID [2022-02-20 18:12:59,342 INFO L290 TraceCheckUtils]: 4: Hoare triple {4327#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0))} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {4301#false} is VALID [2022-02-20 18:12:59,342 INFO L290 TraceCheckUtils]: 5: Hoare triple {4301#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {4301#false} is VALID [2022-02-20 18:12:59,342 INFO L290 TraceCheckUtils]: 6: Hoare triple {4301#false} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {4301#false} is VALID [2022-02-20 18:12:59,342 INFO L290 TraceCheckUtils]: 7: Hoare triple {4301#false} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {4301#false} is VALID [2022-02-20 18:12:59,343 INFO L290 TraceCheckUtils]: 8: Hoare triple {4301#false} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {4301#false} is VALID [2022-02-20 18:12:59,343 INFO L290 TraceCheckUtils]: 9: Hoare triple {4301#false} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {4301#false} is VALID [2022-02-20 18:12:59,343 INFO L290 TraceCheckUtils]: 10: Hoare triple {4301#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {4301#false} is VALID [2022-02-20 18:12:59,343 INFO L290 TraceCheckUtils]: 11: Hoare triple {4301#false} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {4301#false} is VALID [2022-02-20 18:12:59,343 INFO L290 TraceCheckUtils]: 12: Hoare triple {4301#false} assume { :end_inline_activatePump } true; {4301#false} is VALID [2022-02-20 18:12:59,343 INFO L290 TraceCheckUtils]: 13: Hoare triple {4301#false} assume true; {4301#false} is VALID [2022-02-20 18:12:59,344 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {4301#false} {4300#true} #274#return; {4301#false} is VALID [2022-02-20 18:12:59,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:12:59,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:12:59,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {4300#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {4300#true} is VALID [2022-02-20 18:12:59,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {4300#true} assume true; {4300#true} is VALID [2022-02-20 18:12:59,348 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4300#true} {4301#false} #276#return; {4301#false} is VALID [2022-02-20 18:12:59,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {4300#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {4300#true} is VALID [2022-02-20 18:12:59,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {4300#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {4300#true} is VALID [2022-02-20 18:12:59,348 INFO L290 TraceCheckUtils]: 2: Hoare triple {4300#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4300#true} is VALID [2022-02-20 18:12:59,349 INFO L290 TraceCheckUtils]: 3: Hoare triple {4300#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {4302#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:12:59,349 INFO L290 TraceCheckUtils]: 4: Hoare triple {4302#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {4303#(= |ULTIMATE.start_main_~tmp~10#1| 1)} is VALID [2022-02-20 18:12:59,349 INFO L290 TraceCheckUtils]: 5: Hoare triple {4303#(= |ULTIMATE.start_main_~tmp~10#1| 1)} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {4300#true} is VALID [2022-02-20 18:12:59,350 INFO L290 TraceCheckUtils]: 6: Hoare triple {4300#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {4300#true} is VALID [2022-02-20 18:12:59,350 INFO L290 TraceCheckUtils]: 7: Hoare triple {4300#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {4300#true} is VALID [2022-02-20 18:12:59,350 INFO L290 TraceCheckUtils]: 8: Hoare triple {4300#true} assume !false; {4300#true} is VALID [2022-02-20 18:12:59,350 INFO L290 TraceCheckUtils]: 9: Hoare triple {4300#true} assume test_~splverifierCounter~0#1 < 4; {4300#true} is VALID [2022-02-20 18:12:59,350 INFO L290 TraceCheckUtils]: 10: Hoare triple {4300#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {4300#true} is VALID [2022-02-20 18:12:59,350 INFO L290 TraceCheckUtils]: 11: Hoare triple {4300#true} assume !(0 != test_~tmp~5#1); {4300#true} is VALID [2022-02-20 18:12:59,351 INFO L290 TraceCheckUtils]: 12: Hoare triple {4300#true} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {4300#true} is VALID [2022-02-20 18:12:59,351 INFO L290 TraceCheckUtils]: 13: Hoare triple {4300#true} assume !(0 != test_~tmp___0~2#1); {4300#true} is VALID [2022-02-20 18:12:59,351 INFO L290 TraceCheckUtils]: 14: Hoare triple {4300#true} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {4300#true} is VALID [2022-02-20 18:12:59,351 INFO L290 TraceCheckUtils]: 15: Hoare triple {4300#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {4300#true} is VALID [2022-02-20 18:12:59,351 INFO L290 TraceCheckUtils]: 16: Hoare triple {4300#true} assume { :end_inline_startSystem } true; {4300#true} is VALID [2022-02-20 18:12:59,351 INFO L272 TraceCheckUtils]: 17: Hoare triple {4300#true} call timeShift(); {4300#true} is VALID [2022-02-20 18:12:59,352 INFO L290 TraceCheckUtils]: 18: Hoare triple {4300#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {4300#true} is VALID [2022-02-20 18:12:59,352 INFO L272 TraceCheckUtils]: 19: Hoare triple {4300#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {4300#true} is VALID [2022-02-20 18:12:59,352 INFO L290 TraceCheckUtils]: 20: Hoare triple {4300#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {4300#true} is VALID [2022-02-20 18:12:59,352 INFO L290 TraceCheckUtils]: 21: Hoare triple {4300#true} assume true; {4300#true} is VALID [2022-02-20 18:12:59,352 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4300#true} {4300#true} #268#return; {4300#true} is VALID [2022-02-20 18:12:59,353 INFO L290 TraceCheckUtils]: 23: Hoare triple {4300#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {4300#true} is VALID [2022-02-20 18:12:59,353 INFO L290 TraceCheckUtils]: 24: Hoare triple {4300#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {4300#true} is VALID [2022-02-20 18:12:59,353 INFO L290 TraceCheckUtils]: 25: Hoare triple {4300#true} assume !(0 != ~pumpRunning~0); {4300#true} is VALID [2022-02-20 18:12:59,353 INFO L290 TraceCheckUtils]: 26: Hoare triple {4300#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {4300#true} is VALID [2022-02-20 18:12:59,353 INFO L290 TraceCheckUtils]: 27: Hoare triple {4300#true} assume !(0 != ~pumpRunning~0); {4300#true} is VALID [2022-02-20 18:12:59,354 INFO L272 TraceCheckUtils]: 28: Hoare triple {4300#true} call processEnvironment__wrappee__highWaterSensor(); {4325#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:12:59,354 INFO L290 TraceCheckUtils]: 29: Hoare triple {4325#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {4300#true} is VALID [2022-02-20 18:12:59,354 INFO L290 TraceCheckUtils]: 30: Hoare triple {4300#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {4300#true} is VALID [2022-02-20 18:12:59,355 INFO L290 TraceCheckUtils]: 31: Hoare triple {4300#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~12#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {4326#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:12:59,355 INFO L290 TraceCheckUtils]: 32: Hoare triple {4326#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {4327#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0))} is VALID [2022-02-20 18:12:59,356 INFO L290 TraceCheckUtils]: 33: Hoare triple {4327#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0))} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {4301#false} is VALID [2022-02-20 18:12:59,356 INFO L290 TraceCheckUtils]: 34: Hoare triple {4301#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {4301#false} is VALID [2022-02-20 18:12:59,356 INFO L290 TraceCheckUtils]: 35: Hoare triple {4301#false} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {4301#false} is VALID [2022-02-20 18:12:59,356 INFO L290 TraceCheckUtils]: 36: Hoare triple {4301#false} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {4301#false} is VALID [2022-02-20 18:12:59,356 INFO L290 TraceCheckUtils]: 37: Hoare triple {4301#false} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {4301#false} is VALID [2022-02-20 18:12:59,356 INFO L290 TraceCheckUtils]: 38: Hoare triple {4301#false} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {4301#false} is VALID [2022-02-20 18:12:59,357 INFO L290 TraceCheckUtils]: 39: Hoare triple {4301#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {4301#false} is VALID [2022-02-20 18:12:59,357 INFO L290 TraceCheckUtils]: 40: Hoare triple {4301#false} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {4301#false} is VALID [2022-02-20 18:12:59,357 INFO L290 TraceCheckUtils]: 41: Hoare triple {4301#false} assume { :end_inline_activatePump } true; {4301#false} is VALID [2022-02-20 18:12:59,357 INFO L290 TraceCheckUtils]: 42: Hoare triple {4301#false} assume true; {4301#false} is VALID [2022-02-20 18:12:59,357 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {4301#false} {4300#true} #274#return; {4301#false} is VALID [2022-02-20 18:12:59,357 INFO L290 TraceCheckUtils]: 44: Hoare triple {4301#false} assume { :end_inline_processEnvironment } true; {4301#false} is VALID [2022-02-20 18:12:59,358 INFO L290 TraceCheckUtils]: 45: Hoare triple {4301#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {4301#false} is VALID [2022-02-20 18:12:59,358 INFO L290 TraceCheckUtils]: 46: Hoare triple {4301#false} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {4301#false} is VALID [2022-02-20 18:12:59,358 INFO L290 TraceCheckUtils]: 47: Hoare triple {4301#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {4301#false} is VALID [2022-02-20 18:12:59,358 INFO L272 TraceCheckUtils]: 48: Hoare triple {4301#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {4300#true} is VALID [2022-02-20 18:12:59,358 INFO L290 TraceCheckUtils]: 49: Hoare triple {4300#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {4300#true} is VALID [2022-02-20 18:12:59,359 INFO L290 TraceCheckUtils]: 50: Hoare triple {4300#true} assume true; {4300#true} is VALID [2022-02-20 18:12:59,359 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {4300#true} {4301#false} #276#return; {4301#false} is VALID [2022-02-20 18:12:59,359 INFO L290 TraceCheckUtils]: 52: Hoare triple {4301#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {4301#false} is VALID [2022-02-20 18:12:59,359 INFO L290 TraceCheckUtils]: 53: Hoare triple {4301#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {4301#false} is VALID [2022-02-20 18:12:59,359 INFO L290 TraceCheckUtils]: 54: Hoare triple {4301#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {4301#false} is VALID [2022-02-20 18:12:59,359 INFO L290 TraceCheckUtils]: 55: Hoare triple {4301#false} assume !false; {4301#false} is VALID [2022-02-20 18:12:59,360 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:12:59,360 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:12:59,360 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1678341937] [2022-02-20 18:12:59,360 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1678341937] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:12:59,360 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:12:59,361 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:12:59,361 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [361963956] [2022-02-20 18:12:59,361 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:12:59,362 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-02-20 18:12:59,362 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:12:59,362 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:12:59,397 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 54 edges. 54 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:12:59,398 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:12:59,398 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:12:59,398 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:12:59,399 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:12:59,399 INFO L87 Difference]: Start difference. First operand 195 states and 245 transitions. Second operand has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,026 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:00,027 INFO L93 Difference]: Finished difference Result 395 states and 509 transitions. [2022-02-20 18:13:00,027 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:13:00,027 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-02-20 18:13:00,028 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:13:00,028 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,032 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 254 transitions. [2022-02-20 18:13:00,032 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,035 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 254 transitions. [2022-02-20 18:13:00,035 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 254 transitions. [2022-02-20 18:13:00,211 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 254 edges. 254 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:00,215 INFO L225 Difference]: With dead ends: 395 [2022-02-20 18:13:00,215 INFO L226 Difference]: Without dead ends: 208 [2022-02-20 18:13:00,216 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=30, Invalid=80, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:13:00,217 INFO L933 BasicCegarLoop]: 101 mSDtfsCounter, 124 mSDsluCounter, 350 mSDsCounter, 0 mSdLazyCounter, 153 mSolverCounterSat, 31 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 128 SdHoareTripleChecker+Valid, 451 SdHoareTripleChecker+Invalid, 184 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 153 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:13:00,217 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [128 Valid, 451 Invalid, 184 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 153 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:13:00,218 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 208 states. [2022-02-20 18:13:00,227 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 208 to 197. [2022-02-20 18:13:00,235 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:13:00,236 INFO L82 GeneralOperation]: Start isEquivalent. First operand 208 states. Second operand has 197 states, 153 states have (on average 1.2549019607843137) internal successors, (192), 164 states have internal predecessors, (192), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:13:00,237 INFO L74 IsIncluded]: Start isIncluded. First operand 208 states. Second operand has 197 states, 153 states have (on average 1.2549019607843137) internal successors, (192), 164 states have internal predecessors, (192), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:13:00,238 INFO L87 Difference]: Start difference. First operand 208 states. Second operand has 197 states, 153 states have (on average 1.2549019607843137) internal successors, (192), 164 states have internal predecessors, (192), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:13:00,246 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:00,247 INFO L93 Difference]: Finished difference Result 208 states and 261 transitions. [2022-02-20 18:13:00,247 INFO L276 IsEmpty]: Start isEmpty. Operand 208 states and 261 transitions. [2022-02-20 18:13:00,249 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:00,249 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:00,250 INFO L74 IsIncluded]: Start isIncluded. First operand has 197 states, 153 states have (on average 1.2549019607843137) internal successors, (192), 164 states have internal predecessors, (192), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) Second operand 208 states. [2022-02-20 18:13:00,251 INFO L87 Difference]: Start difference. First operand has 197 states, 153 states have (on average 1.2549019607843137) internal successors, (192), 164 states have internal predecessors, (192), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) Second operand 208 states. [2022-02-20 18:13:00,257 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:00,257 INFO L93 Difference]: Finished difference Result 208 states and 261 transitions. [2022-02-20 18:13:00,257 INFO L276 IsEmpty]: Start isEmpty. Operand 208 states and 261 transitions. [2022-02-20 18:13:00,258 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:00,258 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:00,258 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:13:00,258 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:13:00,259 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 197 states, 153 states have (on average 1.2549019607843137) internal successors, (192), 164 states have internal predecessors, (192), 23 states have call successors, (23), 17 states have call predecessors, (23), 20 states have return successors, (32), 24 states have call predecessors, (32), 23 states have call successors, (32) [2022-02-20 18:13:00,264 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 197 states to 197 states and 247 transitions. [2022-02-20 18:13:00,265 INFO L78 Accepts]: Start accepts. Automaton has 197 states and 247 transitions. Word has length 56 [2022-02-20 18:13:00,265 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:13:00,265 INFO L470 AbstractCegarLoop]: Abstraction has 197 states and 247 transitions. [2022-02-20 18:13:00,265 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,266 INFO L276 IsEmpty]: Start isEmpty. Operand 197 states and 247 transitions. [2022-02-20 18:13:00,266 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-02-20 18:13:00,266 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:13:00,267 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:13:00,267 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:13:00,267 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:13:00,268 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:13:00,268 INFO L85 PathProgramCache]: Analyzing trace with hash 499349224, now seen corresponding path program 1 times [2022-02-20 18:13:00,268 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:13:00,268 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1232881833] [2022-02-20 18:13:00,268 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:13:00,268 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:13:00,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:00,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:13:00,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:00,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {5584#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {5584#true} is VALID [2022-02-20 18:13:00,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {5584#true} assume true; {5584#true} is VALID [2022-02-20 18:13:00,326 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5584#true} {5586#(= ~waterLevel~0 1)} #268#return; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:13:00,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:00,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {5608#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {5584#true} is VALID [2022-02-20 18:13:00,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {5584#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {5584#true} is VALID [2022-02-20 18:13:00,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {5584#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,349 INFO L290 TraceCheckUtils]: 3: Hoare triple {5609#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,349 INFO L290 TraceCheckUtils]: 4: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,350 INFO L290 TraceCheckUtils]: 5: Hoare triple {5609#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,350 INFO L290 TraceCheckUtils]: 6: Hoare triple {5609#(<= 2 ~waterLevel~0)} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,351 INFO L290 TraceCheckUtils]: 7: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,351 INFO L290 TraceCheckUtils]: 8: Hoare triple {5609#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,351 INFO L290 TraceCheckUtils]: 9: Hoare triple {5609#(<= 2 ~waterLevel~0)} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,352 INFO L290 TraceCheckUtils]: 10: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,352 INFO L290 TraceCheckUtils]: 11: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,355 INFO L290 TraceCheckUtils]: 12: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,355 INFO L290 TraceCheckUtils]: 13: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume true; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,356 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5609#(<= 2 ~waterLevel~0)} {5586#(= ~waterLevel~0 1)} #274#return; {5585#false} is VALID [2022-02-20 18:13:00,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:13:00,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:00,360 INFO L290 TraceCheckUtils]: 0: Hoare triple {5584#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {5584#true} is VALID [2022-02-20 18:13:00,360 INFO L290 TraceCheckUtils]: 1: Hoare triple {5584#true} assume true; {5584#true} is VALID [2022-02-20 18:13:00,360 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5584#true} {5585#false} #276#return; {5585#false} is VALID [2022-02-20 18:13:00,360 INFO L290 TraceCheckUtils]: 0: Hoare triple {5584#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,361 INFO L290 TraceCheckUtils]: 2: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,361 INFO L290 TraceCheckUtils]: 3: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,362 INFO L290 TraceCheckUtils]: 4: Hoare triple {5586#(= ~waterLevel~0 1)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,362 INFO L290 TraceCheckUtils]: 5: Hoare triple {5586#(= ~waterLevel~0 1)} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,362 INFO L290 TraceCheckUtils]: 6: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,363 INFO L290 TraceCheckUtils]: 7: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,363 INFO L290 TraceCheckUtils]: 8: Hoare triple {5586#(= ~waterLevel~0 1)} assume !false; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,363 INFO L290 TraceCheckUtils]: 9: Hoare triple {5586#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,364 INFO L290 TraceCheckUtils]: 10: Hoare triple {5586#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,364 INFO L290 TraceCheckUtils]: 11: Hoare triple {5586#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~5#1); {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,364 INFO L290 TraceCheckUtils]: 12: Hoare triple {5586#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,364 INFO L290 TraceCheckUtils]: 13: Hoare triple {5586#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~2#1); {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,365 INFO L290 TraceCheckUtils]: 14: Hoare triple {5586#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,365 INFO L290 TraceCheckUtils]: 15: Hoare triple {5586#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,365 INFO L290 TraceCheckUtils]: 16: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :end_inline_startSystem } true; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,366 INFO L272 TraceCheckUtils]: 17: Hoare triple {5586#(= ~waterLevel~0 1)} call timeShift(); {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,366 INFO L290 TraceCheckUtils]: 18: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,366 INFO L272 TraceCheckUtils]: 19: Hoare triple {5586#(= ~waterLevel~0 1)} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {5584#true} is VALID [2022-02-20 18:13:00,366 INFO L290 TraceCheckUtils]: 20: Hoare triple {5584#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {5584#true} is VALID [2022-02-20 18:13:00,367 INFO L290 TraceCheckUtils]: 21: Hoare triple {5584#true} assume true; {5584#true} is VALID [2022-02-20 18:13:00,367 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5584#true} {5586#(= ~waterLevel~0 1)} #268#return; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,367 INFO L290 TraceCheckUtils]: 23: Hoare triple {5586#(= ~waterLevel~0 1)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,368 INFO L290 TraceCheckUtils]: 24: Hoare triple {5586#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,368 INFO L290 TraceCheckUtils]: 25: Hoare triple {5586#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,369 INFO L290 TraceCheckUtils]: 26: Hoare triple {5586#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,369 INFO L290 TraceCheckUtils]: 27: Hoare triple {5586#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {5586#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:00,370 INFO L272 TraceCheckUtils]: 28: Hoare triple {5586#(= ~waterLevel~0 1)} call processEnvironment__wrappee__highWaterSensor(); {5608#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:00,370 INFO L290 TraceCheckUtils]: 29: Hoare triple {5608#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {5584#true} is VALID [2022-02-20 18:13:00,370 INFO L290 TraceCheckUtils]: 30: Hoare triple {5584#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {5584#true} is VALID [2022-02-20 18:13:00,374 INFO L290 TraceCheckUtils]: 31: Hoare triple {5584#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,374 INFO L290 TraceCheckUtils]: 32: Hoare triple {5609#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,375 INFO L290 TraceCheckUtils]: 33: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,376 INFO L290 TraceCheckUtils]: 34: Hoare triple {5609#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,376 INFO L290 TraceCheckUtils]: 35: Hoare triple {5609#(<= 2 ~waterLevel~0)} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,377 INFO L290 TraceCheckUtils]: 36: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,377 INFO L290 TraceCheckUtils]: 37: Hoare triple {5609#(<= 2 ~waterLevel~0)} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,377 INFO L290 TraceCheckUtils]: 38: Hoare triple {5609#(<= 2 ~waterLevel~0)} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,378 INFO L290 TraceCheckUtils]: 39: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,378 INFO L290 TraceCheckUtils]: 40: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,378 INFO L290 TraceCheckUtils]: 41: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,378 INFO L290 TraceCheckUtils]: 42: Hoare triple {5609#(<= 2 ~waterLevel~0)} assume true; {5609#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:13:00,379 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {5609#(<= 2 ~waterLevel~0)} {5586#(= ~waterLevel~0 1)} #274#return; {5585#false} is VALID [2022-02-20 18:13:00,379 INFO L290 TraceCheckUtils]: 44: Hoare triple {5585#false} assume { :end_inline_processEnvironment } true; {5585#false} is VALID [2022-02-20 18:13:00,379 INFO L290 TraceCheckUtils]: 45: Hoare triple {5585#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {5585#false} is VALID [2022-02-20 18:13:00,379 INFO L290 TraceCheckUtils]: 46: Hoare triple {5585#false} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {5585#false} is VALID [2022-02-20 18:13:00,379 INFO L290 TraceCheckUtils]: 47: Hoare triple {5585#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {5585#false} is VALID [2022-02-20 18:13:00,380 INFO L272 TraceCheckUtils]: 48: Hoare triple {5585#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {5584#true} is VALID [2022-02-20 18:13:00,380 INFO L290 TraceCheckUtils]: 49: Hoare triple {5584#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {5584#true} is VALID [2022-02-20 18:13:00,380 INFO L290 TraceCheckUtils]: 50: Hoare triple {5584#true} assume true; {5584#true} is VALID [2022-02-20 18:13:00,380 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {5584#true} {5585#false} #276#return; {5585#false} is VALID [2022-02-20 18:13:00,380 INFO L290 TraceCheckUtils]: 52: Hoare triple {5585#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {5585#false} is VALID [2022-02-20 18:13:00,380 INFO L290 TraceCheckUtils]: 53: Hoare triple {5585#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {5585#false} is VALID [2022-02-20 18:13:00,380 INFO L290 TraceCheckUtils]: 54: Hoare triple {5585#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {5585#false} is VALID [2022-02-20 18:13:00,381 INFO L290 TraceCheckUtils]: 55: Hoare triple {5585#false} assume !false; {5585#false} is VALID [2022-02-20 18:13:00,381 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:13:00,381 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:13:00,381 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1232881833] [2022-02-20 18:13:00,381 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1232881833] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:13:00,381 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:13:00,382 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:13:00,382 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [199077093] [2022-02-20 18:13:00,382 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:13:00,382 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-02-20 18:13:00,383 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:13:00,383 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,413 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 54 edges. 54 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:00,414 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:13:00,414 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:13:00,414 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:13:00,414 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:13:00,415 INFO L87 Difference]: Start difference. First operand 197 states and 247 transitions. Second operand has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,971 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:00,972 INFO L93 Difference]: Finished difference Result 599 states and 781 transitions. [2022-02-20 18:13:00,972 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:13:00,972 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-02-20 18:13:00,972 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:13:00,972 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,976 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 397 transitions. [2022-02-20 18:13:00,976 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:00,979 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 397 transitions. [2022-02-20 18:13:00,979 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 397 transitions. [2022-02-20 18:13:01,231 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 397 edges. 397 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:01,241 INFO L225 Difference]: With dead ends: 599 [2022-02-20 18:13:01,242 INFO L226 Difference]: Without dead ends: 410 [2022-02-20 18:13:01,242 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:13:01,243 INFO L933 BasicCegarLoop]: 157 mSDtfsCounter, 230 mSDsluCounter, 197 mSDsCounter, 0 mSdLazyCounter, 150 mSolverCounterSat, 68 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 237 SdHoareTripleChecker+Valid, 354 SdHoareTripleChecker+Invalid, 218 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 68 IncrementalHoareTripleChecker+Valid, 150 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:13:01,243 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [237 Valid, 354 Invalid, 218 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [68 Valid, 150 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:13:01,244 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 410 states. [2022-02-20 18:13:01,284 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 410 to 408. [2022-02-20 18:13:01,284 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:13:01,285 INFO L82 GeneralOperation]: Start isEquivalent. First operand 410 states. Second operand has 408 states, 313 states have (on average 1.2300319488817892) internal successors, (385), 332 states have internal predecessors, (385), 52 states have call successors, (52), 42 states have call predecessors, (52), 42 states have return successors, (78), 51 states have call predecessors, (78), 52 states have call successors, (78) [2022-02-20 18:13:01,286 INFO L74 IsIncluded]: Start isIncluded. First operand 410 states. Second operand has 408 states, 313 states have (on average 1.2300319488817892) internal successors, (385), 332 states have internal predecessors, (385), 52 states have call successors, (52), 42 states have call predecessors, (52), 42 states have return successors, (78), 51 states have call predecessors, (78), 52 states have call successors, (78) [2022-02-20 18:13:01,286 INFO L87 Difference]: Start difference. First operand 410 states. Second operand has 408 states, 313 states have (on average 1.2300319488817892) internal successors, (385), 332 states have internal predecessors, (385), 52 states have call successors, (52), 42 states have call predecessors, (52), 42 states have return successors, (78), 51 states have call predecessors, (78), 52 states have call successors, (78) [2022-02-20 18:13:01,296 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:01,296 INFO L93 Difference]: Finished difference Result 410 states and 516 transitions. [2022-02-20 18:13:01,296 INFO L276 IsEmpty]: Start isEmpty. Operand 410 states and 516 transitions. [2022-02-20 18:13:01,297 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:01,298 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:01,298 INFO L74 IsIncluded]: Start isIncluded. First operand has 408 states, 313 states have (on average 1.2300319488817892) internal successors, (385), 332 states have internal predecessors, (385), 52 states have call successors, (52), 42 states have call predecessors, (52), 42 states have return successors, (78), 51 states have call predecessors, (78), 52 states have call successors, (78) Second operand 410 states. [2022-02-20 18:13:01,299 INFO L87 Difference]: Start difference. First operand has 408 states, 313 states have (on average 1.2300319488817892) internal successors, (385), 332 states have internal predecessors, (385), 52 states have call successors, (52), 42 states have call predecessors, (52), 42 states have return successors, (78), 51 states have call predecessors, (78), 52 states have call successors, (78) Second operand 410 states. [2022-02-20 18:13:01,309 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:01,309 INFO L93 Difference]: Finished difference Result 410 states and 516 transitions. [2022-02-20 18:13:01,309 INFO L276 IsEmpty]: Start isEmpty. Operand 410 states and 516 transitions. [2022-02-20 18:13:01,310 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:01,310 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:01,311 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:13:01,311 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:13:01,312 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 408 states, 313 states have (on average 1.2300319488817892) internal successors, (385), 332 states have internal predecessors, (385), 52 states have call successors, (52), 42 states have call predecessors, (52), 42 states have return successors, (78), 51 states have call predecessors, (78), 52 states have call successors, (78) [2022-02-20 18:13:01,323 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 408 states to 408 states and 515 transitions. [2022-02-20 18:13:01,323 INFO L78 Accepts]: Start accepts. Automaton has 408 states and 515 transitions. Word has length 56 [2022-02-20 18:13:01,323 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:13:01,324 INFO L470 AbstractCegarLoop]: Abstraction has 408 states and 515 transitions. [2022-02-20 18:13:01,324 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:13:01,324 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 515 transitions. [2022-02-20 18:13:01,325 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 61 [2022-02-20 18:13:01,325 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:13:01,325 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:13:01,325 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:13:01,326 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:13:01,326 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:13:01,326 INFO L85 PathProgramCache]: Analyzing trace with hash 741082050, now seen corresponding path program 1 times [2022-02-20 18:13:01,326 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:13:01,326 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [907937781] [2022-02-20 18:13:01,327 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:13:01,327 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:13:01,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:01,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:13:01,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:01,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {7875#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,429 INFO L290 TraceCheckUtils]: 1: Hoare triple {7850#(<= ~waterLevel~0 2)} assume true; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,430 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7850#(<= ~waterLevel~0 2)} {7846#(= ~waterLevel~0 1)} #278#return; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,430 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:13:01,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:01,435 INFO L290 TraceCheckUtils]: 0: Hoare triple {7844#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {7844#true} is VALID [2022-02-20 18:13:01,435 INFO L290 TraceCheckUtils]: 1: Hoare triple {7844#true} assume true; {7844#true} is VALID [2022-02-20 18:13:01,436 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7844#true} {7850#(<= ~waterLevel~0 2)} #268#return; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,441 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:13:01,445 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:01,457 INFO L290 TraceCheckUtils]: 0: Hoare triple {7876#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {7844#true} is VALID [2022-02-20 18:13:01,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {7844#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {7844#true} is VALID [2022-02-20 18:13:01,457 INFO L290 TraceCheckUtils]: 2: Hoare triple {7844#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,458 INFO L290 TraceCheckUtils]: 3: Hoare triple {7877#(not (<= ~waterLevel~0 1))} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,458 INFO L290 TraceCheckUtils]: 4: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,458 INFO L290 TraceCheckUtils]: 5: Hoare triple {7877#(not (<= ~waterLevel~0 1))} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,458 INFO L290 TraceCheckUtils]: 6: Hoare triple {7877#(not (<= ~waterLevel~0 1))} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,459 INFO L290 TraceCheckUtils]: 7: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,459 INFO L290 TraceCheckUtils]: 8: Hoare triple {7877#(not (<= ~waterLevel~0 1))} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,459 INFO L290 TraceCheckUtils]: 9: Hoare triple {7877#(not (<= ~waterLevel~0 1))} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,460 INFO L290 TraceCheckUtils]: 10: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,460 INFO L290 TraceCheckUtils]: 11: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,460 INFO L290 TraceCheckUtils]: 12: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume { :end_inline_activatePump } true; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,460 INFO L290 TraceCheckUtils]: 13: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume true; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,461 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {7877#(not (<= ~waterLevel~0 1))} {7850#(<= ~waterLevel~0 2)} #274#return; {7869#(and (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:13:01,461 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:13:01,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:01,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {7844#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {7844#true} is VALID [2022-02-20 18:13:01,464 INFO L290 TraceCheckUtils]: 1: Hoare triple {7844#true} assume true; {7844#true} is VALID [2022-02-20 18:13:01,464 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7844#true} {7845#false} #276#return; {7845#false} is VALID [2022-02-20 18:13:01,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {7844#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,465 INFO L290 TraceCheckUtils]: 1: Hoare triple {7846#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {7846#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,465 INFO L290 TraceCheckUtils]: 3: Hoare triple {7846#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,466 INFO L290 TraceCheckUtils]: 4: Hoare triple {7846#(= ~waterLevel~0 1)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,466 INFO L290 TraceCheckUtils]: 5: Hoare triple {7846#(= ~waterLevel~0 1)} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,466 INFO L290 TraceCheckUtils]: 6: Hoare triple {7846#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,466 INFO L290 TraceCheckUtils]: 7: Hoare triple {7846#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,467 INFO L290 TraceCheckUtils]: 8: Hoare triple {7846#(= ~waterLevel~0 1)} assume !false; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,467 INFO L290 TraceCheckUtils]: 9: Hoare triple {7846#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,467 INFO L290 TraceCheckUtils]: 10: Hoare triple {7846#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,468 INFO L290 TraceCheckUtils]: 11: Hoare triple {7846#(= ~waterLevel~0 1)} assume 0 != test_~tmp~5#1; {7846#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:13:01,468 INFO L272 TraceCheckUtils]: 12: Hoare triple {7846#(= ~waterLevel~0 1)} call waterRise(); {7875#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:13:01,469 INFO L290 TraceCheckUtils]: 13: Hoare triple {7875#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,469 INFO L290 TraceCheckUtils]: 14: Hoare triple {7850#(<= ~waterLevel~0 2)} assume true; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,469 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {7850#(<= ~waterLevel~0 2)} {7846#(= ~waterLevel~0 1)} #278#return; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,470 INFO L290 TraceCheckUtils]: 16: Hoare triple {7850#(<= ~waterLevel~0 2)} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,470 INFO L290 TraceCheckUtils]: 17: Hoare triple {7850#(<= ~waterLevel~0 2)} assume !(0 != test_~tmp___0~2#1); {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,470 INFO L290 TraceCheckUtils]: 18: Hoare triple {7850#(<= ~waterLevel~0 2)} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,470 INFO L290 TraceCheckUtils]: 19: Hoare triple {7850#(<= ~waterLevel~0 2)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,471 INFO L290 TraceCheckUtils]: 20: Hoare triple {7850#(<= ~waterLevel~0 2)} assume { :end_inline_startSystem } true; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,471 INFO L272 TraceCheckUtils]: 21: Hoare triple {7850#(<= ~waterLevel~0 2)} call timeShift(); {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,471 INFO L290 TraceCheckUtils]: 22: Hoare triple {7850#(<= ~waterLevel~0 2)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,471 INFO L272 TraceCheckUtils]: 23: Hoare triple {7850#(<= ~waterLevel~0 2)} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {7844#true} is VALID [2022-02-20 18:13:01,471 INFO L290 TraceCheckUtils]: 24: Hoare triple {7844#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {7844#true} is VALID [2022-02-20 18:13:01,472 INFO L290 TraceCheckUtils]: 25: Hoare triple {7844#true} assume true; {7844#true} is VALID [2022-02-20 18:13:01,477 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {7844#true} {7850#(<= ~waterLevel~0 2)} #268#return; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,478 INFO L290 TraceCheckUtils]: 27: Hoare triple {7850#(<= ~waterLevel~0 2)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,478 INFO L290 TraceCheckUtils]: 28: Hoare triple {7850#(<= ~waterLevel~0 2)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,478 INFO L290 TraceCheckUtils]: 29: Hoare triple {7850#(<= ~waterLevel~0 2)} assume !(0 != ~pumpRunning~0); {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,478 INFO L290 TraceCheckUtils]: 30: Hoare triple {7850#(<= ~waterLevel~0 2)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,479 INFO L290 TraceCheckUtils]: 31: Hoare triple {7850#(<= ~waterLevel~0 2)} assume !(0 != ~pumpRunning~0); {7850#(<= ~waterLevel~0 2)} is VALID [2022-02-20 18:13:01,479 INFO L272 TraceCheckUtils]: 32: Hoare triple {7850#(<= ~waterLevel~0 2)} call processEnvironment__wrappee__highWaterSensor(); {7876#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:01,479 INFO L290 TraceCheckUtils]: 33: Hoare triple {7876#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {7844#true} is VALID [2022-02-20 18:13:01,479 INFO L290 TraceCheckUtils]: 34: Hoare triple {7844#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {7844#true} is VALID [2022-02-20 18:13:01,480 INFO L290 TraceCheckUtils]: 35: Hoare triple {7844#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,480 INFO L290 TraceCheckUtils]: 36: Hoare triple {7877#(not (<= ~waterLevel~0 1))} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,480 INFO L290 TraceCheckUtils]: 37: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,481 INFO L290 TraceCheckUtils]: 38: Hoare triple {7877#(not (<= ~waterLevel~0 1))} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,481 INFO L290 TraceCheckUtils]: 39: Hoare triple {7877#(not (<= ~waterLevel~0 1))} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,481 INFO L290 TraceCheckUtils]: 40: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,482 INFO L290 TraceCheckUtils]: 41: Hoare triple {7877#(not (<= ~waterLevel~0 1))} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,482 INFO L290 TraceCheckUtils]: 42: Hoare triple {7877#(not (<= ~waterLevel~0 1))} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,482 INFO L290 TraceCheckUtils]: 43: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,482 INFO L290 TraceCheckUtils]: 44: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,483 INFO L290 TraceCheckUtils]: 45: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume { :end_inline_activatePump } true; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,483 INFO L290 TraceCheckUtils]: 46: Hoare triple {7877#(not (<= ~waterLevel~0 1))} assume true; {7877#(not (<= ~waterLevel~0 1))} is VALID [2022-02-20 18:13:01,483 INFO L284 TraceCheckUtils]: 47: Hoare quadruple {7877#(not (<= ~waterLevel~0 1))} {7850#(<= ~waterLevel~0 2)} #274#return; {7869#(and (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:13:01,484 INFO L290 TraceCheckUtils]: 48: Hoare triple {7869#(and (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :end_inline_processEnvironment } true; {7869#(and (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2))} is VALID [2022-02-20 18:13:01,484 INFO L290 TraceCheckUtils]: 49: Hoare triple {7869#(and (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {7870#(and (<= |timeShift_getWaterLevel_#res#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|))} is VALID [2022-02-20 18:13:01,485 INFO L290 TraceCheckUtils]: 50: Hoare triple {7870#(and (<= |timeShift_getWaterLevel_#res#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|))} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {7871#(and (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| 2))} is VALID [2022-02-20 18:13:01,486 INFO L290 TraceCheckUtils]: 51: Hoare triple {7871#(and (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| 2))} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {7845#false} is VALID [2022-02-20 18:13:01,486 INFO L272 TraceCheckUtils]: 52: Hoare triple {7845#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {7844#true} is VALID [2022-02-20 18:13:01,486 INFO L290 TraceCheckUtils]: 53: Hoare triple {7844#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {7844#true} is VALID [2022-02-20 18:13:01,486 INFO L290 TraceCheckUtils]: 54: Hoare triple {7844#true} assume true; {7844#true} is VALID [2022-02-20 18:13:01,486 INFO L284 TraceCheckUtils]: 55: Hoare quadruple {7844#true} {7845#false} #276#return; {7845#false} is VALID [2022-02-20 18:13:01,486 INFO L290 TraceCheckUtils]: 56: Hoare triple {7845#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {7845#false} is VALID [2022-02-20 18:13:01,486 INFO L290 TraceCheckUtils]: 57: Hoare triple {7845#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {7845#false} is VALID [2022-02-20 18:13:01,486 INFO L290 TraceCheckUtils]: 58: Hoare triple {7845#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {7845#false} is VALID [2022-02-20 18:13:01,487 INFO L290 TraceCheckUtils]: 59: Hoare triple {7845#false} assume !false; {7845#false} is VALID [2022-02-20 18:13:01,487 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:13:01,487 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:13:01,487 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [907937781] [2022-02-20 18:13:01,487 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [907937781] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:13:01,487 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:13:01,487 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-02-20 18:13:01,487 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1576181701] [2022-02-20 18:13:01,487 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:13:01,488 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 60 [2022-02-20 18:13:01,488 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:13:01,488 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:13:01,524 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 58 edges. 58 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:01,524 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:13:01,524 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:13:01,525 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:13:01,525 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:13:01,525 INFO L87 Difference]: Start difference. First operand 408 states and 515 transitions. Second operand has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:13:03,639 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:03,639 INFO L93 Difference]: Finished difference Result 1074 states and 1416 transitions. [2022-02-20 18:13:03,640 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 29 states. [2022-02-20 18:13:03,640 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 60 [2022-02-20 18:13:03,640 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:13:03,641 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:13:03,647 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 29 states to 29 states and 535 transitions. [2022-02-20 18:13:03,647 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:13:03,652 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 29 states to 29 states and 535 transitions. [2022-02-20 18:13:03,653 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 29 states and 535 transitions. [2022-02-20 18:13:04,017 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 535 edges. 535 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:04,060 INFO L225 Difference]: With dead ends: 1074 [2022-02-20 18:13:04,060 INFO L226 Difference]: Without dead ends: 762 [2022-02-20 18:13:04,062 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 282 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=258, Invalid=864, Unknown=0, NotChecked=0, Total=1122 [2022-02-20 18:13:04,063 INFO L933 BasicCegarLoop]: 157 mSDtfsCounter, 623 mSDsluCounter, 478 mSDsCounter, 0 mSdLazyCounter, 535 mSolverCounterSat, 217 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 631 SdHoareTripleChecker+Valid, 635 SdHoareTripleChecker+Invalid, 752 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 217 IncrementalHoareTripleChecker+Valid, 535 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:13:04,063 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [631 Valid, 635 Invalid, 752 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [217 Valid, 535 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 18:13:04,065 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 762 states. [2022-02-20 18:13:04,192 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 762 to 604. [2022-02-20 18:13:04,192 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:13:04,206 INFO L82 GeneralOperation]: Start isEquivalent. First operand 762 states. Second operand has 604 states, 464 states have (on average 1.2198275862068966) internal successors, (566), 495 states have internal predecessors, (566), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (115), 73 states have call predecessors, (115), 75 states have call successors, (115) [2022-02-20 18:13:04,208 INFO L74 IsIncluded]: Start isIncluded. First operand 762 states. Second operand has 604 states, 464 states have (on average 1.2198275862068966) internal successors, (566), 495 states have internal predecessors, (566), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (115), 73 states have call predecessors, (115), 75 states have call successors, (115) [2022-02-20 18:13:04,209 INFO L87 Difference]: Start difference. First operand 762 states. Second operand has 604 states, 464 states have (on average 1.2198275862068966) internal successors, (566), 495 states have internal predecessors, (566), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (115), 73 states have call predecessors, (115), 75 states have call successors, (115) [2022-02-20 18:13:04,232 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:04,232 INFO L93 Difference]: Finished difference Result 762 states and 956 transitions. [2022-02-20 18:13:04,232 INFO L276 IsEmpty]: Start isEmpty. Operand 762 states and 956 transitions. [2022-02-20 18:13:04,234 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:04,234 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:04,235 INFO L74 IsIncluded]: Start isIncluded. First operand has 604 states, 464 states have (on average 1.2198275862068966) internal successors, (566), 495 states have internal predecessors, (566), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (115), 73 states have call predecessors, (115), 75 states have call successors, (115) Second operand 762 states. [2022-02-20 18:13:04,243 INFO L87 Difference]: Start difference. First operand has 604 states, 464 states have (on average 1.2198275862068966) internal successors, (566), 495 states have internal predecessors, (566), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (115), 73 states have call predecessors, (115), 75 states have call successors, (115) Second operand 762 states. [2022-02-20 18:13:04,266 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:04,266 INFO L93 Difference]: Finished difference Result 762 states and 956 transitions. [2022-02-20 18:13:04,266 INFO L276 IsEmpty]: Start isEmpty. Operand 762 states and 956 transitions. [2022-02-20 18:13:04,268 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:04,268 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:04,268 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:13:04,268 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:13:04,270 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 604 states, 464 states have (on average 1.2198275862068966) internal successors, (566), 495 states have internal predecessors, (566), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (115), 73 states have call predecessors, (115), 75 states have call successors, (115) [2022-02-20 18:13:04,291 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 604 states to 604 states and 756 transitions. [2022-02-20 18:13:04,291 INFO L78 Accepts]: Start accepts. Automaton has 604 states and 756 transitions. Word has length 60 [2022-02-20 18:13:04,292 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:13:04,292 INFO L470 AbstractCegarLoop]: Abstraction has 604 states and 756 transitions. [2022-02-20 18:13:04,292 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:13:04,292 INFO L276 IsEmpty]: Start isEmpty. Operand 604 states and 756 transitions. [2022-02-20 18:13:04,293 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 18:13:04,293 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:13:04,293 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:13:04,294 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:13:04,294 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:13:04,294 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:13:04,294 INFO L85 PathProgramCache]: Analyzing trace with hash -488387093, now seen corresponding path program 1 times [2022-02-20 18:13:04,294 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:13:04,295 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [867697132] [2022-02-20 18:13:04,295 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:13:04,295 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:13:04,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,331 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:13:04,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {11846#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {11794#true} is VALID [2022-02-20 18:13:04,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,334 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11794#true} {11794#true} #278#return; {11794#true} is VALID [2022-02-20 18:13:04,339 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:13:04,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:13:04,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,355 INFO L290 TraceCheckUtils]: 0: Hoare triple {11794#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {11794#true} is VALID [2022-02-20 18:13:04,355 INFO L290 TraceCheckUtils]: 1: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,356 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11794#true} {11794#true} #268#return; {11794#true} is VALID [2022-02-20 18:13:04,359 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-02-20 18:13:04,363 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,368 INFO L290 TraceCheckUtils]: 0: Hoare triple {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {11794#true} is VALID [2022-02-20 18:13:04,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {11794#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {11794#true} is VALID [2022-02-20 18:13:04,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {11794#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {11794#true} is VALID [2022-02-20 18:13:04,369 INFO L290 TraceCheckUtils]: 3: Hoare triple {11794#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {11794#true} is VALID [2022-02-20 18:13:04,369 INFO L290 TraceCheckUtils]: 4: Hoare triple {11794#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {11794#true} is VALID [2022-02-20 18:13:04,369 INFO L290 TraceCheckUtils]: 5: Hoare triple {11794#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {11794#true} is VALID [2022-02-20 18:13:04,369 INFO L290 TraceCheckUtils]: 6: Hoare triple {11794#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {11794#true} is VALID [2022-02-20 18:13:04,369 INFO L290 TraceCheckUtils]: 7: Hoare triple {11794#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {11794#true} is VALID [2022-02-20 18:13:04,369 INFO L290 TraceCheckUtils]: 8: Hoare triple {11794#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {11794#true} is VALID [2022-02-20 18:13:04,369 INFO L290 TraceCheckUtils]: 9: Hoare triple {11794#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {11794#true} is VALID [2022-02-20 18:13:04,370 INFO L290 TraceCheckUtils]: 10: Hoare triple {11794#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {11794#true} is VALID [2022-02-20 18:13:04,370 INFO L290 TraceCheckUtils]: 11: Hoare triple {11794#true} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {11794#true} is VALID [2022-02-20 18:13:04,370 INFO L290 TraceCheckUtils]: 12: Hoare triple {11794#true} assume { :end_inline_activatePump } true; {11794#true} is VALID [2022-02-20 18:13:04,370 INFO L290 TraceCheckUtils]: 13: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,370 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {11794#true} {11851#(not (= 0 ~systemActive~0))} #274#return; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,371 INFO L290 TraceCheckUtils]: 0: Hoare triple {11847#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {11794#true} is VALID [2022-02-20 18:13:04,371 INFO L272 TraceCheckUtils]: 1: Hoare triple {11794#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {11794#true} is VALID [2022-02-20 18:13:04,371 INFO L290 TraceCheckUtils]: 2: Hoare triple {11794#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {11794#true} is VALID [2022-02-20 18:13:04,371 INFO L290 TraceCheckUtils]: 3: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,371 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11794#true} {11794#true} #268#return; {11794#true} is VALID [2022-02-20 18:13:04,371 INFO L290 TraceCheckUtils]: 5: Hoare triple {11794#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {11794#true} is VALID [2022-02-20 18:13:04,371 INFO L290 TraceCheckUtils]: 6: Hoare triple {11794#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {11794#true} is VALID [2022-02-20 18:13:04,372 INFO L290 TraceCheckUtils]: 7: Hoare triple {11794#true} assume !(0 != ~pumpRunning~0); {11794#true} is VALID [2022-02-20 18:13:04,372 INFO L290 TraceCheckUtils]: 8: Hoare triple {11794#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,372 INFO L290 TraceCheckUtils]: 9: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,373 INFO L272 TraceCheckUtils]: 10: Hoare triple {11851#(not (= 0 ~systemActive~0))} call processEnvironment__wrappee__highWaterSensor(); {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:04,373 INFO L290 TraceCheckUtils]: 11: Hoare triple {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {11794#true} is VALID [2022-02-20 18:13:04,373 INFO L290 TraceCheckUtils]: 12: Hoare triple {11794#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {11794#true} is VALID [2022-02-20 18:13:04,373 INFO L290 TraceCheckUtils]: 13: Hoare triple {11794#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {11794#true} is VALID [2022-02-20 18:13:04,373 INFO L290 TraceCheckUtils]: 14: Hoare triple {11794#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {11794#true} is VALID [2022-02-20 18:13:04,373 INFO L290 TraceCheckUtils]: 15: Hoare triple {11794#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {11794#true} is VALID [2022-02-20 18:13:04,373 INFO L290 TraceCheckUtils]: 16: Hoare triple {11794#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {11794#true} is VALID [2022-02-20 18:13:04,373 INFO L290 TraceCheckUtils]: 17: Hoare triple {11794#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {11794#true} is VALID [2022-02-20 18:13:04,374 INFO L290 TraceCheckUtils]: 18: Hoare triple {11794#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {11794#true} is VALID [2022-02-20 18:13:04,374 INFO L290 TraceCheckUtils]: 19: Hoare triple {11794#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {11794#true} is VALID [2022-02-20 18:13:04,374 INFO L290 TraceCheckUtils]: 20: Hoare triple {11794#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {11794#true} is VALID [2022-02-20 18:13:04,374 INFO L290 TraceCheckUtils]: 21: Hoare triple {11794#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {11794#true} is VALID [2022-02-20 18:13:04,374 INFO L290 TraceCheckUtils]: 22: Hoare triple {11794#true} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {11794#true} is VALID [2022-02-20 18:13:04,374 INFO L290 TraceCheckUtils]: 23: Hoare triple {11794#true} assume { :end_inline_activatePump } true; {11794#true} is VALID [2022-02-20 18:13:04,374 INFO L290 TraceCheckUtils]: 24: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,375 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {11794#true} {11851#(not (= 0 ~systemActive~0))} #274#return; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,375 INFO L290 TraceCheckUtils]: 26: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume { :end_inline_processEnvironment } true; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,376 INFO L290 TraceCheckUtils]: 27: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,376 INFO L290 TraceCheckUtils]: 28: Hoare triple {11851#(not (= 0 ~systemActive~0))} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,376 INFO L290 TraceCheckUtils]: 29: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~6#1); {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,377 INFO L290 TraceCheckUtils]: 30: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,377 INFO L290 TraceCheckUtils]: 31: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume true; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,377 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {11851#(not (= 0 ~systemActive~0))} {11799#(= 0 ~systemActive~0)} #284#return; {11795#false} is VALID [2022-02-20 18:13:04,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:13:04,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {11794#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {11794#true} is VALID [2022-02-20 18:13:04,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,380 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11794#true} {11795#false} #268#return; {11795#false} is VALID [2022-02-20 18:13:04,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:13:04,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:13:04,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,385 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {11794#true} {11794#true} #290#return; {11794#true} is VALID [2022-02-20 18:13:04,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {11794#true} is VALID [2022-02-20 18:13:04,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {11794#true} assume !(0 == ~pumpRunning~0); {11794#true} is VALID [2022-02-20 18:13:04,385 INFO L272 TraceCheckUtils]: 2: Hoare triple {11794#true} call processEnvironment__wrappee__base(); {11794#true} is VALID [2022-02-20 18:13:04,386 INFO L290 TraceCheckUtils]: 3: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,386 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11794#true} {11794#true} #290#return; {11794#true} is VALID [2022-02-20 18:13:04,386 INFO L290 TraceCheckUtils]: 5: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,386 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11794#true} {11795#false} #272#return; {11795#false} is VALID [2022-02-20 18:13:04,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:13:04,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:04,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {11794#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {11794#true} is VALID [2022-02-20 18:13:04,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,391 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11794#true} {11795#false} #276#return; {11795#false} is VALID [2022-02-20 18:13:04,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {11794#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {11794#true} is VALID [2022-02-20 18:13:04,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {11794#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {11794#true} is VALID [2022-02-20 18:13:04,391 INFO L290 TraceCheckUtils]: 2: Hoare triple {11794#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 3: Hoare triple {11794#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 4: Hoare triple {11794#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 5: Hoare triple {11794#true} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 6: Hoare triple {11794#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 7: Hoare triple {11794#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 8: Hoare triple {11794#true} assume !false; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 9: Hoare triple {11794#true} assume test_~splverifierCounter~0#1 < 4; {11794#true} is VALID [2022-02-20 18:13:04,392 INFO L290 TraceCheckUtils]: 10: Hoare triple {11794#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {11794#true} is VALID [2022-02-20 18:13:04,393 INFO L290 TraceCheckUtils]: 11: Hoare triple {11794#true} assume 0 != test_~tmp~5#1; {11794#true} is VALID [2022-02-20 18:13:04,393 INFO L272 TraceCheckUtils]: 12: Hoare triple {11794#true} call waterRise(); {11846#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:13:04,393 INFO L290 TraceCheckUtils]: 13: Hoare triple {11846#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {11794#true} is VALID [2022-02-20 18:13:04,393 INFO L290 TraceCheckUtils]: 14: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,393 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {11794#true} {11794#true} #278#return; {11794#true} is VALID [2022-02-20 18:13:04,394 INFO L290 TraceCheckUtils]: 16: Hoare triple {11794#true} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {11794#true} is VALID [2022-02-20 18:13:04,394 INFO L290 TraceCheckUtils]: 17: Hoare triple {11794#true} assume !(0 != test_~tmp___0~2#1); {11794#true} is VALID [2022-02-20 18:13:04,394 INFO L290 TraceCheckUtils]: 18: Hoare triple {11794#true} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {11794#true} is VALID [2022-02-20 18:13:04,394 INFO L290 TraceCheckUtils]: 19: Hoare triple {11794#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet21#1 && test_#t~nondet21#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet21#1;havoc test_#t~nondet21#1; {11794#true} is VALID [2022-02-20 18:13:04,394 INFO L290 TraceCheckUtils]: 20: Hoare triple {11794#true} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {11794#true} is VALID [2022-02-20 18:13:04,394 INFO L290 TraceCheckUtils]: 21: Hoare triple {11794#true} assume !(0 != ~pumpRunning~0); {11794#true} is VALID [2022-02-20 18:13:04,395 INFO L290 TraceCheckUtils]: 22: Hoare triple {11794#true} ~systemActive~0 := 0; {11799#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:13:04,395 INFO L290 TraceCheckUtils]: 23: Hoare triple {11799#(= 0 ~systemActive~0)} assume { :end_inline_stopSystem } true; {11799#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:13:04,395 INFO L272 TraceCheckUtils]: 24: Hoare triple {11799#(= 0 ~systemActive~0)} call timeShift(); {11847#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:13:04,396 INFO L290 TraceCheckUtils]: 25: Hoare triple {11847#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {11794#true} is VALID [2022-02-20 18:13:04,396 INFO L272 TraceCheckUtils]: 26: Hoare triple {11794#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {11794#true} is VALID [2022-02-20 18:13:04,396 INFO L290 TraceCheckUtils]: 27: Hoare triple {11794#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {11794#true} is VALID [2022-02-20 18:13:04,396 INFO L290 TraceCheckUtils]: 28: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,396 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11794#true} {11794#true} #268#return; {11794#true} is VALID [2022-02-20 18:13:04,396 INFO L290 TraceCheckUtils]: 30: Hoare triple {11794#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {11794#true} is VALID [2022-02-20 18:13:04,396 INFO L290 TraceCheckUtils]: 31: Hoare triple {11794#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {11794#true} is VALID [2022-02-20 18:13:04,396 INFO L290 TraceCheckUtils]: 32: Hoare triple {11794#true} assume !(0 != ~pumpRunning~0); {11794#true} is VALID [2022-02-20 18:13:04,397 INFO L290 TraceCheckUtils]: 33: Hoare triple {11794#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,397 INFO L290 TraceCheckUtils]: 34: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,397 INFO L272 TraceCheckUtils]: 35: Hoare triple {11851#(not (= 0 ~systemActive~0))} call processEnvironment__wrappee__highWaterSensor(); {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 36: Hoare triple {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {11794#true} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 37: Hoare triple {11794#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {11794#true} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 38: Hoare triple {11794#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {11794#true} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 39: Hoare triple {11794#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {11794#true} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 40: Hoare triple {11794#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {11794#true} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 41: Hoare triple {11794#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {11794#true} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 42: Hoare triple {11794#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {11794#true} is VALID [2022-02-20 18:13:04,398 INFO L290 TraceCheckUtils]: 43: Hoare triple {11794#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {11794#true} is VALID [2022-02-20 18:13:04,399 INFO L290 TraceCheckUtils]: 44: Hoare triple {11794#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {11794#true} is VALID [2022-02-20 18:13:04,399 INFO L290 TraceCheckUtils]: 45: Hoare triple {11794#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {11794#true} is VALID [2022-02-20 18:13:04,399 INFO L290 TraceCheckUtils]: 46: Hoare triple {11794#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {11794#true} is VALID [2022-02-20 18:13:04,399 INFO L290 TraceCheckUtils]: 47: Hoare triple {11794#true} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {11794#true} is VALID [2022-02-20 18:13:04,399 INFO L290 TraceCheckUtils]: 48: Hoare triple {11794#true} assume { :end_inline_activatePump } true; {11794#true} is VALID [2022-02-20 18:13:04,399 INFO L290 TraceCheckUtils]: 49: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,400 INFO L284 TraceCheckUtils]: 50: Hoare quadruple {11794#true} {11851#(not (= 0 ~systemActive~0))} #274#return; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,400 INFO L290 TraceCheckUtils]: 51: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume { :end_inline_processEnvironment } true; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,401 INFO L290 TraceCheckUtils]: 52: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,401 INFO L290 TraceCheckUtils]: 53: Hoare triple {11851#(not (= 0 ~systemActive~0))} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,401 INFO L290 TraceCheckUtils]: 54: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~6#1); {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,402 INFO L290 TraceCheckUtils]: 55: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,402 INFO L290 TraceCheckUtils]: 56: Hoare triple {11851#(not (= 0 ~systemActive~0))} assume true; {11851#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:13:04,402 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {11851#(not (= 0 ~systemActive~0))} {11799#(= 0 ~systemActive~0)} #284#return; {11795#false} is VALID [2022-02-20 18:13:04,402 INFO L290 TraceCheckUtils]: 58: Hoare triple {11795#false} assume !false; {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 59: Hoare triple {11795#false} assume test_~splverifierCounter~0#1 < 4; {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 60: Hoare triple {11795#false} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 61: Hoare triple {11795#false} assume !(0 != test_~tmp~5#1); {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 62: Hoare triple {11795#false} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 63: Hoare triple {11795#false} assume !(0 != test_~tmp___0~2#1); {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 64: Hoare triple {11795#false} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 65: Hoare triple {11795#false} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {11795#false} is VALID [2022-02-20 18:13:04,403 INFO L290 TraceCheckUtils]: 66: Hoare triple {11795#false} assume { :end_inline_startSystem } true; {11795#false} is VALID [2022-02-20 18:13:04,404 INFO L272 TraceCheckUtils]: 67: Hoare triple {11795#false} call timeShift(); {11795#false} is VALID [2022-02-20 18:13:04,404 INFO L290 TraceCheckUtils]: 68: Hoare triple {11795#false} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {11795#false} is VALID [2022-02-20 18:13:04,404 INFO L272 TraceCheckUtils]: 69: Hoare triple {11795#false} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {11794#true} is VALID [2022-02-20 18:13:04,404 INFO L290 TraceCheckUtils]: 70: Hoare triple {11794#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {11794#true} is VALID [2022-02-20 18:13:04,404 INFO L290 TraceCheckUtils]: 71: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,404 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {11794#true} {11795#false} #268#return; {11795#false} is VALID [2022-02-20 18:13:04,404 INFO L290 TraceCheckUtils]: 73: Hoare triple {11795#false} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {11795#false} is VALID [2022-02-20 18:13:04,405 INFO L290 TraceCheckUtils]: 74: Hoare triple {11795#false} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {11795#false} is VALID [2022-02-20 18:13:04,405 INFO L290 TraceCheckUtils]: 75: Hoare triple {11795#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {11795#false} is VALID [2022-02-20 18:13:04,405 INFO L290 TraceCheckUtils]: 76: Hoare triple {11795#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {11795#false} is VALID [2022-02-20 18:13:04,405 INFO L290 TraceCheckUtils]: 77: Hoare triple {11795#false} assume { :end_inline_lowerWaterLevel } true; {11795#false} is VALID [2022-02-20 18:13:04,405 INFO L290 TraceCheckUtils]: 78: Hoare triple {11795#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {11795#false} is VALID [2022-02-20 18:13:04,405 INFO L290 TraceCheckUtils]: 79: Hoare triple {11795#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_isLowWaterLevel } true;havoc isLowWaterLevel_#res#1;havoc isLowWaterLevel_#t~ret17#1, isLowWaterLevel_~retValue_acc~3#1, isLowWaterLevel_~tmp~4#1, isLowWaterLevel_~tmp___0~1#1;havoc isLowWaterLevel_~retValue_acc~3#1;havoc isLowWaterLevel_~tmp~4#1;havoc isLowWaterLevel_~tmp___0~1#1;assume { :begin_inline_isLowWaterSensorDry } true;havoc isLowWaterSensorDry_#res#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;isLowWaterSensorDry_~retValue_acc~13#1 := (if 0 == ~waterLevel~0 then 1 else 0);isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~13#1; {11795#false} is VALID [2022-02-20 18:13:04,405 INFO L290 TraceCheckUtils]: 80: Hoare triple {11795#false} isLowWaterLevel_#t~ret17#1 := isLowWaterSensorDry_#res#1;assume { :end_inline_isLowWaterSensorDry } true;assume -2147483648 <= isLowWaterLevel_#t~ret17#1 && isLowWaterLevel_#t~ret17#1 <= 2147483647;isLowWaterLevel_~tmp~4#1 := isLowWaterLevel_#t~ret17#1;havoc isLowWaterLevel_#t~ret17#1; {11795#false} is VALID [2022-02-20 18:13:04,406 INFO L290 TraceCheckUtils]: 81: Hoare triple {11795#false} assume 0 != isLowWaterLevel_~tmp~4#1;isLowWaterLevel_~tmp___0~1#1 := 0; {11795#false} is VALID [2022-02-20 18:13:04,406 INFO L290 TraceCheckUtils]: 82: Hoare triple {11795#false} isLowWaterLevel_~retValue_acc~3#1 := isLowWaterLevel_~tmp___0~1#1;isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~3#1; {11795#false} is VALID [2022-02-20 18:13:04,406 INFO L290 TraceCheckUtils]: 83: Hoare triple {11795#false} processEnvironment_#t~ret5#1 := isLowWaterLevel_#res#1;assume { :end_inline_isLowWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret5#1 && processEnvironment_#t~ret5#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret5#1;havoc processEnvironment_#t~ret5#1; {11795#false} is VALID [2022-02-20 18:13:04,406 INFO L290 TraceCheckUtils]: 84: Hoare triple {11795#false} assume !(0 != processEnvironment_~tmp~1#1); {11795#false} is VALID [2022-02-20 18:13:04,406 INFO L272 TraceCheckUtils]: 85: Hoare triple {11795#false} call processEnvironment__wrappee__highWaterSensor(); {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:04,406 INFO L290 TraceCheckUtils]: 86: Hoare triple {11867#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {11794#true} is VALID [2022-02-20 18:13:04,406 INFO L290 TraceCheckUtils]: 87: Hoare triple {11794#true} assume !(0 == ~pumpRunning~0); {11794#true} is VALID [2022-02-20 18:13:04,407 INFO L272 TraceCheckUtils]: 88: Hoare triple {11794#true} call processEnvironment__wrappee__base(); {11794#true} is VALID [2022-02-20 18:13:04,407 INFO L290 TraceCheckUtils]: 89: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,407 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {11794#true} {11794#true} #290#return; {11794#true} is VALID [2022-02-20 18:13:04,407 INFO L290 TraceCheckUtils]: 91: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,407 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {11794#true} {11795#false} #272#return; {11795#false} is VALID [2022-02-20 18:13:04,407 INFO L290 TraceCheckUtils]: 93: Hoare triple {11795#false} assume { :end_inline_processEnvironment } true; {11795#false} is VALID [2022-02-20 18:13:04,407 INFO L290 TraceCheckUtils]: 94: Hoare triple {11795#false} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {11795#false} is VALID [2022-02-20 18:13:04,407 INFO L290 TraceCheckUtils]: 95: Hoare triple {11795#false} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {11795#false} is VALID [2022-02-20 18:13:04,408 INFO L290 TraceCheckUtils]: 96: Hoare triple {11795#false} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {11795#false} is VALID [2022-02-20 18:13:04,408 INFO L272 TraceCheckUtils]: 97: Hoare triple {11795#false} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {11794#true} is VALID [2022-02-20 18:13:04,408 INFO L290 TraceCheckUtils]: 98: Hoare triple {11794#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {11794#true} is VALID [2022-02-20 18:13:04,408 INFO L290 TraceCheckUtils]: 99: Hoare triple {11794#true} assume true; {11794#true} is VALID [2022-02-20 18:13:04,408 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {11794#true} {11795#false} #276#return; {11795#false} is VALID [2022-02-20 18:13:04,408 INFO L290 TraceCheckUtils]: 101: Hoare triple {11795#false} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {11795#false} is VALID [2022-02-20 18:13:04,408 INFO L290 TraceCheckUtils]: 102: Hoare triple {11795#false} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {11795#false} is VALID [2022-02-20 18:13:04,409 INFO L290 TraceCheckUtils]: 103: Hoare triple {11795#false} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {11795#false} is VALID [2022-02-20 18:13:04,409 INFO L290 TraceCheckUtils]: 104: Hoare triple {11795#false} assume !false; {11795#false} is VALID [2022-02-20 18:13:04,409 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 20 proven. 0 refuted. 0 times theorem prover too weak. 13 trivial. 0 not checked. [2022-02-20 18:13:04,409 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:13:04,409 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [867697132] [2022-02-20 18:13:04,410 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [867697132] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:13:04,410 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:13:04,410 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:13:04,410 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1527267682] [2022-02-20 18:13:04,410 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:13:04,411 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 11.714285714285714) internal successors, (82), 4 states have internal predecessors, (82), 4 states have call successors, (9), 5 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) Word has length 105 [2022-02-20 18:13:04,411 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:13:04,411 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 11.714285714285714) internal successors, (82), 4 states have internal predecessors, (82), 4 states have call successors, (9), 5 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 18:13:04,463 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:04,464 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:13:04,464 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:13:04,464 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:13:04,464 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:13:04,465 INFO L87 Difference]: Start difference. First operand 604 states and 756 transitions. Second operand has 7 states, 7 states have (on average 11.714285714285714) internal successors, (82), 4 states have internal predecessors, (82), 4 states have call successors, (9), 5 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 18:13:05,453 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:05,454 INFO L93 Difference]: Finished difference Result 1230 states and 1538 transitions. [2022-02-20 18:13:05,454 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:13:05,454 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 11.714285714285714) internal successors, (82), 4 states have internal predecessors, (82), 4 states have call successors, (9), 5 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) Word has length 105 [2022-02-20 18:13:05,454 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:13:05,455 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 11.714285714285714) internal successors, (82), 4 states have internal predecessors, (82), 4 states have call successors, (9), 5 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 18:13:05,458 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 326 transitions. [2022-02-20 18:13:05,459 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 11.714285714285714) internal successors, (82), 4 states have internal predecessors, (82), 4 states have call successors, (9), 5 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 18:13:05,462 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 326 transitions. [2022-02-20 18:13:05,462 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 326 transitions. [2022-02-20 18:13:05,704 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 326 edges. 326 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:05,731 INFO L225 Difference]: With dead ends: 1230 [2022-02-20 18:13:05,732 INFO L226 Difference]: Without dead ends: 634 [2022-02-20 18:13:05,734 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 21 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:13:05,736 INFO L933 BasicCegarLoop]: 148 mSDtfsCounter, 294 mSDsluCounter, 228 mSDsCounter, 0 mSdLazyCounter, 214 mSolverCounterSat, 91 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 303 SdHoareTripleChecker+Valid, 376 SdHoareTripleChecker+Invalid, 305 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 91 IncrementalHoareTripleChecker+Valid, 214 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:13:05,737 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [303 Valid, 376 Invalid, 305 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [91 Valid, 214 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:13:05,738 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 634 states. [2022-02-20 18:13:05,879 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 634 to 604. [2022-02-20 18:13:05,880 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:13:05,881 INFO L82 GeneralOperation]: Start isEquivalent. First operand 634 states. Second operand has 604 states, 464 states have (on average 1.2112068965517242) internal successors, (562), 495 states have internal predecessors, (562), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (108), 73 states have call predecessors, (108), 75 states have call successors, (108) [2022-02-20 18:13:05,882 INFO L74 IsIncluded]: Start isIncluded. First operand 634 states. Second operand has 604 states, 464 states have (on average 1.2112068965517242) internal successors, (562), 495 states have internal predecessors, (562), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (108), 73 states have call predecessors, (108), 75 states have call successors, (108) [2022-02-20 18:13:05,883 INFO L87 Difference]: Start difference. First operand 634 states. Second operand has 604 states, 464 states have (on average 1.2112068965517242) internal successors, (562), 495 states have internal predecessors, (562), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (108), 73 states have call predecessors, (108), 75 states have call successors, (108) [2022-02-20 18:13:05,904 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:05,904 INFO L93 Difference]: Finished difference Result 634 states and 779 transitions. [2022-02-20 18:13:05,905 INFO L276 IsEmpty]: Start isEmpty. Operand 634 states and 779 transitions. [2022-02-20 18:13:05,906 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:05,907 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:05,908 INFO L74 IsIncluded]: Start isIncluded. First operand has 604 states, 464 states have (on average 1.2112068965517242) internal successors, (562), 495 states have internal predecessors, (562), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (108), 73 states have call predecessors, (108), 75 states have call successors, (108) Second operand 634 states. [2022-02-20 18:13:05,910 INFO L87 Difference]: Start difference. First operand has 604 states, 464 states have (on average 1.2112068965517242) internal successors, (562), 495 states have internal predecessors, (562), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (108), 73 states have call predecessors, (108), 75 states have call successors, (108) Second operand 634 states. [2022-02-20 18:13:05,932 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:05,932 INFO L93 Difference]: Finished difference Result 634 states and 779 transitions. [2022-02-20 18:13:05,933 INFO L276 IsEmpty]: Start isEmpty. Operand 634 states and 779 transitions. [2022-02-20 18:13:05,935 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:05,935 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:05,935 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:13:05,935 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:13:05,937 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 604 states, 464 states have (on average 1.2112068965517242) internal successors, (562), 495 states have internal predecessors, (562), 75 states have call successors, (75), 57 states have call predecessors, (75), 64 states have return successors, (108), 73 states have call predecessors, (108), 75 states have call successors, (108) [2022-02-20 18:13:05,960 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 604 states to 604 states and 745 transitions. [2022-02-20 18:13:05,961 INFO L78 Accepts]: Start accepts. Automaton has 604 states and 745 transitions. Word has length 105 [2022-02-20 18:13:05,962 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:13:05,962 INFO L470 AbstractCegarLoop]: Abstraction has 604 states and 745 transitions. [2022-02-20 18:13:05,962 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 11.714285714285714) internal successors, (82), 4 states have internal predecessors, (82), 4 states have call successors, (9), 5 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 18:13:05,962 INFO L276 IsEmpty]: Start isEmpty. Operand 604 states and 745 transitions. [2022-02-20 18:13:05,967 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 18:13:05,968 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:13:05,968 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:13:05,968 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:13:05,968 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:13:05,969 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:13:05,969 INFO L85 PathProgramCache]: Analyzing trace with hash -1062453768, now seen corresponding path program 1 times [2022-02-20 18:13:05,969 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:13:05,969 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1632397905] [2022-02-20 18:13:05,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:13:05,970 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:13:06,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:13:06,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {15773#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {15717#true} is VALID [2022-02-20 18:13:06,082 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,082 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {15717#true} {15717#true} #278#return; {15717#true} is VALID [2022-02-20 18:13:06,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-02-20 18:13:06,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:13:06,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,122 INFO L290 TraceCheckUtils]: 0: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:06,122 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,122 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {15717#true} {15717#true} #268#return; {15717#true} is VALID [2022-02-20 18:13:06,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-02-20 18:13:06,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,141 INFO L290 TraceCheckUtils]: 0: Hoare triple {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:06,142 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,142 INFO L290 TraceCheckUtils]: 2: Hoare triple {15717#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,142 INFO L290 TraceCheckUtils]: 3: Hoare triple {15717#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {15717#true} is VALID [2022-02-20 18:13:06,142 INFO L290 TraceCheckUtils]: 4: Hoare triple {15717#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {15717#true} is VALID [2022-02-20 18:13:06,145 INFO L290 TraceCheckUtils]: 5: Hoare triple {15717#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {15717#true} is VALID [2022-02-20 18:13:06,145 INFO L290 TraceCheckUtils]: 6: Hoare triple {15717#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {15717#true} is VALID [2022-02-20 18:13:06,145 INFO L290 TraceCheckUtils]: 7: Hoare triple {15717#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {15717#true} is VALID [2022-02-20 18:13:06,145 INFO L290 TraceCheckUtils]: 8: Hoare triple {15717#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {15717#true} is VALID [2022-02-20 18:13:06,145 INFO L290 TraceCheckUtils]: 9: Hoare triple {15717#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {15717#true} is VALID [2022-02-20 18:13:06,146 INFO L290 TraceCheckUtils]: 10: Hoare triple {15717#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,146 INFO L290 TraceCheckUtils]: 11: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,147 INFO L290 TraceCheckUtils]: 12: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,147 INFO L290 TraceCheckUtils]: 13: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,148 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #274#return; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,148 INFO L290 TraceCheckUtils]: 0: Hoare triple {15774#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:06,148 INFO L272 TraceCheckUtils]: 1: Hoare triple {15717#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:06,148 INFO L290 TraceCheckUtils]: 2: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:06,148 INFO L290 TraceCheckUtils]: 3: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,149 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15717#true} {15717#true} #268#return; {15717#true} is VALID [2022-02-20 18:13:06,149 INFO L290 TraceCheckUtils]: 5: Hoare triple {15717#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:06,149 INFO L290 TraceCheckUtils]: 6: Hoare triple {15717#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {15717#true} is VALID [2022-02-20 18:13:06,149 INFO L290 TraceCheckUtils]: 7: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,149 INFO L290 TraceCheckUtils]: 8: Hoare triple {15717#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {15717#true} is VALID [2022-02-20 18:13:06,149 INFO L290 TraceCheckUtils]: 9: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,150 INFO L272 TraceCheckUtils]: 10: Hoare triple {15717#true} call processEnvironment__wrappee__highWaterSensor(); {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:06,150 INFO L290 TraceCheckUtils]: 11: Hoare triple {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:06,150 INFO L290 TraceCheckUtils]: 12: Hoare triple {15717#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,150 INFO L290 TraceCheckUtils]: 13: Hoare triple {15717#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,150 INFO L290 TraceCheckUtils]: 14: Hoare triple {15717#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {15717#true} is VALID [2022-02-20 18:13:06,151 INFO L290 TraceCheckUtils]: 15: Hoare triple {15717#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {15717#true} is VALID [2022-02-20 18:13:06,151 INFO L290 TraceCheckUtils]: 16: Hoare triple {15717#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {15717#true} is VALID [2022-02-20 18:13:06,151 INFO L290 TraceCheckUtils]: 17: Hoare triple {15717#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {15717#true} is VALID [2022-02-20 18:13:06,151 INFO L290 TraceCheckUtils]: 18: Hoare triple {15717#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {15717#true} is VALID [2022-02-20 18:13:06,151 INFO L290 TraceCheckUtils]: 19: Hoare triple {15717#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {15717#true} is VALID [2022-02-20 18:13:06,151 INFO L290 TraceCheckUtils]: 20: Hoare triple {15717#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {15717#true} is VALID [2022-02-20 18:13:06,152 INFO L290 TraceCheckUtils]: 21: Hoare triple {15717#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,152 INFO L290 TraceCheckUtils]: 22: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,153 INFO L290 TraceCheckUtils]: 23: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,153 INFO L290 TraceCheckUtils]: 24: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,153 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #274#return; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,154 INFO L290 TraceCheckUtils]: 26: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,168 INFO L290 TraceCheckUtils]: 27: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,169 INFO L290 TraceCheckUtils]: 28: Hoare triple {15793#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,169 INFO L290 TraceCheckUtils]: 29: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~6#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,170 INFO L290 TraceCheckUtils]: 30: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,170 INFO L290 TraceCheckUtils]: 31: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,170 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #284#return; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:13:06,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:13:06,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:13:06,195 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} {15757#(not (= ~pumpRunning~0 0))} #268#return; {15761#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret22#1| 0))} is VALID [2022-02-20 18:13:06,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:13:06,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:13:06,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,202 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {15717#true} {15717#true} #290#return; {15717#true} is VALID [2022-02-20 18:13:06,202 INFO L290 TraceCheckUtils]: 0: Hoare triple {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:06,202 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume !(0 == ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,202 INFO L272 TraceCheckUtils]: 2: Hoare triple {15717#true} call processEnvironment__wrappee__base(); {15717#true} is VALID [2022-02-20 18:13:06,202 INFO L290 TraceCheckUtils]: 3: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,202 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15717#true} {15717#true} #290#return; {15717#true} is VALID [2022-02-20 18:13:06,202 INFO L290 TraceCheckUtils]: 5: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,203 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {15717#true} {15762#(not (= ~switchedOnBeforeTS~0 0))} #272#return; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,203 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:13:06,204 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:06,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,209 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {15717#true} {15762#(not (= ~switchedOnBeforeTS~0 0))} #276#return; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,210 INFO L290 TraceCheckUtils]: 0: Hoare triple {15717#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {15717#true} is VALID [2022-02-20 18:13:06,210 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {15717#true} is VALID [2022-02-20 18:13:06,210 INFO L290 TraceCheckUtils]: 2: Hoare triple {15717#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15717#true} is VALID [2022-02-20 18:13:06,211 INFO L290 TraceCheckUtils]: 3: Hoare triple {15717#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {15719#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:13:06,211 INFO L290 TraceCheckUtils]: 4: Hoare triple {15719#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {15720#(= |ULTIMATE.start_main_~tmp~10#1| 1)} is VALID [2022-02-20 18:13:06,211 INFO L290 TraceCheckUtils]: 5: Hoare triple {15720#(= |ULTIMATE.start_main_~tmp~10#1| 1)} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {15717#true} is VALID [2022-02-20 18:13:06,211 INFO L290 TraceCheckUtils]: 6: Hoare triple {15717#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {15717#true} is VALID [2022-02-20 18:13:06,212 INFO L290 TraceCheckUtils]: 7: Hoare triple {15717#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {15717#true} is VALID [2022-02-20 18:13:06,212 INFO L290 TraceCheckUtils]: 8: Hoare triple {15717#true} assume !false; {15717#true} is VALID [2022-02-20 18:13:06,212 INFO L290 TraceCheckUtils]: 9: Hoare triple {15717#true} assume test_~splverifierCounter~0#1 < 4; {15717#true} is VALID [2022-02-20 18:13:06,212 INFO L290 TraceCheckUtils]: 10: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {15717#true} is VALID [2022-02-20 18:13:06,212 INFO L290 TraceCheckUtils]: 11: Hoare triple {15717#true} assume 0 != test_~tmp~5#1; {15717#true} is VALID [2022-02-20 18:13:06,213 INFO L272 TraceCheckUtils]: 12: Hoare triple {15717#true} call waterRise(); {15773#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:13:06,213 INFO L290 TraceCheckUtils]: 13: Hoare triple {15773#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {15717#true} is VALID [2022-02-20 18:13:06,213 INFO L290 TraceCheckUtils]: 14: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,213 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {15717#true} {15717#true} #278#return; {15717#true} is VALID [2022-02-20 18:13:06,213 INFO L290 TraceCheckUtils]: 16: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {15717#true} is VALID [2022-02-20 18:13:06,213 INFO L290 TraceCheckUtils]: 17: Hoare triple {15717#true} assume !(0 != test_~tmp___0~2#1); {15717#true} is VALID [2022-02-20 18:13:06,214 INFO L290 TraceCheckUtils]: 18: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {15717#true} is VALID [2022-02-20 18:13:06,214 INFO L290 TraceCheckUtils]: 19: Hoare triple {15717#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {15717#true} is VALID [2022-02-20 18:13:06,214 INFO L290 TraceCheckUtils]: 20: Hoare triple {15717#true} assume { :end_inline_startSystem } true; {15717#true} is VALID [2022-02-20 18:13:06,214 INFO L272 TraceCheckUtils]: 21: Hoare triple {15717#true} call timeShift(); {15774#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:13:06,215 INFO L290 TraceCheckUtils]: 22: Hoare triple {15774#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:06,215 INFO L272 TraceCheckUtils]: 23: Hoare triple {15717#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:06,215 INFO L290 TraceCheckUtils]: 24: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:06,215 INFO L290 TraceCheckUtils]: 25: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,215 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {15717#true} {15717#true} #268#return; {15717#true} is VALID [2022-02-20 18:13:06,215 INFO L290 TraceCheckUtils]: 27: Hoare triple {15717#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:06,216 INFO L290 TraceCheckUtils]: 28: Hoare triple {15717#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {15717#true} is VALID [2022-02-20 18:13:06,216 INFO L290 TraceCheckUtils]: 29: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,216 INFO L290 TraceCheckUtils]: 30: Hoare triple {15717#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {15717#true} is VALID [2022-02-20 18:13:06,216 INFO L290 TraceCheckUtils]: 31: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,216 INFO L272 TraceCheckUtils]: 32: Hoare triple {15717#true} call processEnvironment__wrappee__highWaterSensor(); {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:06,217 INFO L290 TraceCheckUtils]: 33: Hoare triple {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:06,217 INFO L290 TraceCheckUtils]: 34: Hoare triple {15717#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,217 INFO L290 TraceCheckUtils]: 35: Hoare triple {15717#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,217 INFO L290 TraceCheckUtils]: 36: Hoare triple {15717#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {15717#true} is VALID [2022-02-20 18:13:06,217 INFO L290 TraceCheckUtils]: 37: Hoare triple {15717#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {15717#true} is VALID [2022-02-20 18:13:06,217 INFO L290 TraceCheckUtils]: 38: Hoare triple {15717#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {15717#true} is VALID [2022-02-20 18:13:06,217 INFO L290 TraceCheckUtils]: 39: Hoare triple {15717#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {15717#true} is VALID [2022-02-20 18:13:06,218 INFO L290 TraceCheckUtils]: 40: Hoare triple {15717#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {15717#true} is VALID [2022-02-20 18:13:06,218 INFO L290 TraceCheckUtils]: 41: Hoare triple {15717#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {15717#true} is VALID [2022-02-20 18:13:06,218 INFO L290 TraceCheckUtils]: 42: Hoare triple {15717#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {15717#true} is VALID [2022-02-20 18:13:06,218 INFO L290 TraceCheckUtils]: 43: Hoare triple {15717#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,219 INFO L290 TraceCheckUtils]: 44: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,219 INFO L290 TraceCheckUtils]: 45: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,219 INFO L290 TraceCheckUtils]: 46: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,220 INFO L284 TraceCheckUtils]: 47: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #274#return; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,220 INFO L290 TraceCheckUtils]: 48: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,220 INFO L290 TraceCheckUtils]: 49: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,221 INFO L290 TraceCheckUtils]: 50: Hoare triple {15793#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,221 INFO L290 TraceCheckUtils]: 51: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~6#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,221 INFO L290 TraceCheckUtils]: 52: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,221 INFO L290 TraceCheckUtils]: 53: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,222 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #284#return; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,222 INFO L290 TraceCheckUtils]: 55: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume !false; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,223 INFO L290 TraceCheckUtils]: 56: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume test_~splverifierCounter~0#1 < 4; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,223 INFO L290 TraceCheckUtils]: 57: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,223 INFO L290 TraceCheckUtils]: 58: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp~5#1); {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,223 INFO L290 TraceCheckUtils]: 59: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,224 INFO L290 TraceCheckUtils]: 60: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp___0~2#1); {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,224 INFO L290 TraceCheckUtils]: 61: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,224 INFO L290 TraceCheckUtils]: 62: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,225 INFO L290 TraceCheckUtils]: 63: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume { :end_inline_startSystem } true; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,225 INFO L272 TraceCheckUtils]: 64: Hoare triple {15757#(not (= ~pumpRunning~0 0))} call timeShift(); {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,225 INFO L290 TraceCheckUtils]: 65: Hoare triple {15757#(not (= ~pumpRunning~0 0))} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15757#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:13:06,226 INFO L272 TraceCheckUtils]: 66: Hoare triple {15757#(not (= ~pumpRunning~0 0))} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:06,226 INFO L290 TraceCheckUtils]: 67: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:13:06,226 INFO L290 TraceCheckUtils]: 68: Hoare triple {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} assume true; {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} is VALID [2022-02-20 18:13:06,227 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {15795#(= ~pumpRunning~0 |isPumpRunning_#res|)} {15757#(not (= ~pumpRunning~0 0))} #268#return; {15761#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret22#1| 0))} is VALID [2022-02-20 18:13:06,227 INFO L290 TraceCheckUtils]: 70: Hoare triple {15761#(not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret22#1| 0))} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,228 INFO L290 TraceCheckUtils]: 71: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,228 INFO L290 TraceCheckUtils]: 72: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,228 INFO L290 TraceCheckUtils]: 73: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,228 INFO L290 TraceCheckUtils]: 74: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline_lowerWaterLevel } true; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,229 INFO L290 TraceCheckUtils]: 75: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,229 INFO L290 TraceCheckUtils]: 76: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != ~pumpRunning~0;assume { :begin_inline_isLowWaterLevel } true;havoc isLowWaterLevel_#res#1;havoc isLowWaterLevel_#t~ret17#1, isLowWaterLevel_~retValue_acc~3#1, isLowWaterLevel_~tmp~4#1, isLowWaterLevel_~tmp___0~1#1;havoc isLowWaterLevel_~retValue_acc~3#1;havoc isLowWaterLevel_~tmp~4#1;havoc isLowWaterLevel_~tmp___0~1#1;assume { :begin_inline_isLowWaterSensorDry } true;havoc isLowWaterSensorDry_#res#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;isLowWaterSensorDry_~retValue_acc~13#1 := (if 0 == ~waterLevel~0 then 1 else 0);isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~13#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,229 INFO L290 TraceCheckUtils]: 77: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} isLowWaterLevel_#t~ret17#1 := isLowWaterSensorDry_#res#1;assume { :end_inline_isLowWaterSensorDry } true;assume -2147483648 <= isLowWaterLevel_#t~ret17#1 && isLowWaterLevel_#t~ret17#1 <= 2147483647;isLowWaterLevel_~tmp~4#1 := isLowWaterLevel_#t~ret17#1;havoc isLowWaterLevel_#t~ret17#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,237 INFO L290 TraceCheckUtils]: 78: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != isLowWaterLevel_~tmp~4#1;isLowWaterLevel_~tmp___0~1#1 := 0; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,237 INFO L290 TraceCheckUtils]: 79: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} isLowWaterLevel_~retValue_acc~3#1 := isLowWaterLevel_~tmp___0~1#1;isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~3#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,238 INFO L290 TraceCheckUtils]: 80: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} processEnvironment_#t~ret5#1 := isLowWaterLevel_#res#1;assume { :end_inline_isLowWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret5#1 && processEnvironment_#t~ret5#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret5#1;havoc processEnvironment_#t~ret5#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,238 INFO L290 TraceCheckUtils]: 81: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume !(0 != processEnvironment_~tmp~1#1); {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,238 INFO L272 TraceCheckUtils]: 82: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} call processEnvironment__wrappee__highWaterSensor(); {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:13:06,239 INFO L290 TraceCheckUtils]: 83: Hoare triple {15794#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:06,239 INFO L290 TraceCheckUtils]: 84: Hoare triple {15717#true} assume !(0 == ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,239 INFO L272 TraceCheckUtils]: 85: Hoare triple {15717#true} call processEnvironment__wrappee__base(); {15717#true} is VALID [2022-02-20 18:13:06,239 INFO L290 TraceCheckUtils]: 86: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,239 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {15717#true} {15717#true} #290#return; {15717#true} is VALID [2022-02-20 18:13:06,239 INFO L290 TraceCheckUtils]: 88: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,240 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {15717#true} {15762#(not (= ~switchedOnBeforeTS~0 0))} #272#return; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,240 INFO L290 TraceCheckUtils]: 90: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume { :end_inline_processEnvironment } true; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,240 INFO L290 TraceCheckUtils]: 91: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,241 INFO L290 TraceCheckUtils]: 92: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,241 INFO L290 TraceCheckUtils]: 93: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,241 INFO L272 TraceCheckUtils]: 94: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:06,241 INFO L290 TraceCheckUtils]: 95: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:06,241 INFO L290 TraceCheckUtils]: 96: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,242 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {15717#true} {15762#(not (= ~switchedOnBeforeTS~0 0))} #276#return; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,242 INFO L290 TraceCheckUtils]: 98: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,243 INFO L290 TraceCheckUtils]: 99: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {15762#(not (= ~switchedOnBeforeTS~0 0))} is VALID [2022-02-20 18:13:06,243 INFO L290 TraceCheckUtils]: 100: Hoare triple {15762#(not (= ~switchedOnBeforeTS~0 0))} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {15718#false} is VALID [2022-02-20 18:13:06,243 INFO L290 TraceCheckUtils]: 101: Hoare triple {15718#false} assume !false; {15718#false} is VALID [2022-02-20 18:13:06,243 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 18 proven. 9 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-02-20 18:13:06,244 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:13:06,244 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1632397905] [2022-02-20 18:13:06,244 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1632397905] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:13:06,244 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1865523861] [2022-02-20 18:13:06,244 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:13:06,245 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:13:06,245 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:13:06,246 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:13:06,270 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:13:06,358 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,378 INFO L263 TraceCheckSpWp]: Trace formula consists of 494 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:13:06,424 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:13:06,431 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:13:06,885 INFO L290 TraceCheckUtils]: 0: Hoare triple {15717#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {15717#true} is VALID [2022-02-20 18:13:06,886 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {15717#true} is VALID [2022-02-20 18:13:06,886 INFO L290 TraceCheckUtils]: 2: Hoare triple {15717#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15717#true} is VALID [2022-02-20 18:13:06,886 INFO L290 TraceCheckUtils]: 3: Hoare triple {15717#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {15717#true} is VALID [2022-02-20 18:13:06,886 INFO L290 TraceCheckUtils]: 4: Hoare triple {15717#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {15717#true} is VALID [2022-02-20 18:13:06,886 INFO L290 TraceCheckUtils]: 5: Hoare triple {15717#true} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {15717#true} is VALID [2022-02-20 18:13:06,886 INFO L290 TraceCheckUtils]: 6: Hoare triple {15717#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {15717#true} is VALID [2022-02-20 18:13:06,886 INFO L290 TraceCheckUtils]: 7: Hoare triple {15717#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {15717#true} is VALID [2022-02-20 18:13:06,887 INFO L290 TraceCheckUtils]: 8: Hoare triple {15717#true} assume !false; {15717#true} is VALID [2022-02-20 18:13:06,887 INFO L290 TraceCheckUtils]: 9: Hoare triple {15717#true} assume test_~splverifierCounter~0#1 < 4; {15717#true} is VALID [2022-02-20 18:13:06,887 INFO L290 TraceCheckUtils]: 10: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {15717#true} is VALID [2022-02-20 18:13:06,887 INFO L290 TraceCheckUtils]: 11: Hoare triple {15717#true} assume 0 != test_~tmp~5#1; {15717#true} is VALID [2022-02-20 18:13:06,887 INFO L272 TraceCheckUtils]: 12: Hoare triple {15717#true} call waterRise(); {15717#true} is VALID [2022-02-20 18:13:06,887 INFO L290 TraceCheckUtils]: 13: Hoare triple {15717#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {15717#true} is VALID [2022-02-20 18:13:06,887 INFO L290 TraceCheckUtils]: 14: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,888 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {15717#true} {15717#true} #278#return; {15717#true} is VALID [2022-02-20 18:13:06,888 INFO L290 TraceCheckUtils]: 16: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {15717#true} is VALID [2022-02-20 18:13:06,888 INFO L290 TraceCheckUtils]: 17: Hoare triple {15717#true} assume !(0 != test_~tmp___0~2#1); {15717#true} is VALID [2022-02-20 18:13:06,888 INFO L290 TraceCheckUtils]: 18: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {15717#true} is VALID [2022-02-20 18:13:06,888 INFO L290 TraceCheckUtils]: 19: Hoare triple {15717#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {15717#true} is VALID [2022-02-20 18:13:06,888 INFO L290 TraceCheckUtils]: 20: Hoare triple {15717#true} assume { :end_inline_startSystem } true; {15717#true} is VALID [2022-02-20 18:13:06,898 INFO L272 TraceCheckUtils]: 21: Hoare triple {15717#true} call timeShift(); {15717#true} is VALID [2022-02-20 18:13:06,898 INFO L290 TraceCheckUtils]: 22: Hoare triple {15717#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:06,898 INFO L272 TraceCheckUtils]: 23: Hoare triple {15717#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:06,899 INFO L290 TraceCheckUtils]: 24: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:06,899 INFO L290 TraceCheckUtils]: 25: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:06,899 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {15717#true} {15717#true} #268#return; {15717#true} is VALID [2022-02-20 18:13:06,899 INFO L290 TraceCheckUtils]: 27: Hoare triple {15717#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:06,899 INFO L290 TraceCheckUtils]: 28: Hoare triple {15717#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {15717#true} is VALID [2022-02-20 18:13:06,899 INFO L290 TraceCheckUtils]: 29: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,900 INFO L290 TraceCheckUtils]: 30: Hoare triple {15717#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {15717#true} is VALID [2022-02-20 18:13:06,900 INFO L290 TraceCheckUtils]: 31: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:06,900 INFO L272 TraceCheckUtils]: 32: Hoare triple {15717#true} call processEnvironment__wrappee__highWaterSensor(); {15717#true} is VALID [2022-02-20 18:13:06,900 INFO L290 TraceCheckUtils]: 33: Hoare triple {15717#true} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:06,900 INFO L290 TraceCheckUtils]: 34: Hoare triple {15717#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,900 INFO L290 TraceCheckUtils]: 35: Hoare triple {15717#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:06,900 INFO L290 TraceCheckUtils]: 36: Hoare triple {15717#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {15717#true} is VALID [2022-02-20 18:13:06,901 INFO L290 TraceCheckUtils]: 37: Hoare triple {15717#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {15717#true} is VALID [2022-02-20 18:13:06,901 INFO L290 TraceCheckUtils]: 38: Hoare triple {15717#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {15717#true} is VALID [2022-02-20 18:13:06,901 INFO L290 TraceCheckUtils]: 39: Hoare triple {15717#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {15717#true} is VALID [2022-02-20 18:13:06,901 INFO L290 TraceCheckUtils]: 40: Hoare triple {15717#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {15717#true} is VALID [2022-02-20 18:13:06,901 INFO L290 TraceCheckUtils]: 41: Hoare triple {15717#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {15717#true} is VALID [2022-02-20 18:13:06,901 INFO L290 TraceCheckUtils]: 42: Hoare triple {15717#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {15717#true} is VALID [2022-02-20 18:13:06,902 INFO L290 TraceCheckUtils]: 43: Hoare triple {15717#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,902 INFO L290 TraceCheckUtils]: 44: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,903 INFO L290 TraceCheckUtils]: 45: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,903 INFO L290 TraceCheckUtils]: 46: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,903 INFO L284 TraceCheckUtils]: 47: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #274#return; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,904 INFO L290 TraceCheckUtils]: 48: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,904 INFO L290 TraceCheckUtils]: 49: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,904 INFO L290 TraceCheckUtils]: 50: Hoare triple {15793#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,905 INFO L290 TraceCheckUtils]: 51: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~6#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,905 INFO L290 TraceCheckUtils]: 52: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,905 INFO L290 TraceCheckUtils]: 53: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,906 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #284#return; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,906 INFO L290 TraceCheckUtils]: 55: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !false; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,906 INFO L290 TraceCheckUtils]: 56: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume test_~splverifierCounter~0#1 < 4; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,907 INFO L290 TraceCheckUtils]: 57: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,907 INFO L290 TraceCheckUtils]: 58: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp~5#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,907 INFO L290 TraceCheckUtils]: 59: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,908 INFO L290 TraceCheckUtils]: 60: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp___0~2#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,908 INFO L290 TraceCheckUtils]: 61: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,911 INFO L290 TraceCheckUtils]: 62: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,911 INFO L290 TraceCheckUtils]: 63: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_startSystem } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,912 INFO L272 TraceCheckUtils]: 64: Hoare triple {15793#(<= 1 ~pumpRunning~0)} call timeShift(); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,912 INFO L290 TraceCheckUtils]: 65: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,912 INFO L272 TraceCheckUtils]: 66: Hoare triple {15793#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:06,913 INFO L290 TraceCheckUtils]: 67: Hoare triple {15793#(<= 1 ~pumpRunning~0)} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {16002#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} is VALID [2022-02-20 18:13:06,913 INFO L290 TraceCheckUtils]: 68: Hoare triple {16002#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} assume true; {16002#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} is VALID [2022-02-20 18:13:06,914 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {16002#(and (<= 1 ~pumpRunning~0) (<= ~pumpRunning~0 |isPumpRunning_#res|))} {15793#(<= 1 ~pumpRunning~0)} #268#return; {16009#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret22#1|)} is VALID [2022-02-20 18:13:06,915 INFO L290 TraceCheckUtils]: 70: Hoare triple {16009#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret22#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,915 INFO L290 TraceCheckUtils]: 71: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,915 INFO L290 TraceCheckUtils]: 72: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,916 INFO L290 TraceCheckUtils]: 73: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,916 INFO L290 TraceCheckUtils]: 74: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_lowerWaterLevel } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,916 INFO L290 TraceCheckUtils]: 75: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,917 INFO L290 TraceCheckUtils]: 76: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_isLowWaterLevel } true;havoc isLowWaterLevel_#res#1;havoc isLowWaterLevel_#t~ret17#1, isLowWaterLevel_~retValue_acc~3#1, isLowWaterLevel_~tmp~4#1, isLowWaterLevel_~tmp___0~1#1;havoc isLowWaterLevel_~retValue_acc~3#1;havoc isLowWaterLevel_~tmp~4#1;havoc isLowWaterLevel_~tmp___0~1#1;assume { :begin_inline_isLowWaterSensorDry } true;havoc isLowWaterSensorDry_#res#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;isLowWaterSensorDry_~retValue_acc~13#1 := (if 0 == ~waterLevel~0 then 1 else 0);isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~13#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,917 INFO L290 TraceCheckUtils]: 77: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} isLowWaterLevel_#t~ret17#1 := isLowWaterSensorDry_#res#1;assume { :end_inline_isLowWaterSensorDry } true;assume -2147483648 <= isLowWaterLevel_#t~ret17#1 && isLowWaterLevel_#t~ret17#1 <= 2147483647;isLowWaterLevel_~tmp~4#1 := isLowWaterLevel_#t~ret17#1;havoc isLowWaterLevel_#t~ret17#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,917 INFO L290 TraceCheckUtils]: 78: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != isLowWaterLevel_~tmp~4#1;isLowWaterLevel_~tmp___0~1#1 := 0; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,927 INFO L290 TraceCheckUtils]: 79: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} isLowWaterLevel_~retValue_acc~3#1 := isLowWaterLevel_~tmp___0~1#1;isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~3#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,928 INFO L290 TraceCheckUtils]: 80: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} processEnvironment_#t~ret5#1 := isLowWaterLevel_#res#1;assume { :end_inline_isLowWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret5#1 && processEnvironment_#t~ret5#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret5#1;havoc processEnvironment_#t~ret5#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,928 INFO L290 TraceCheckUtils]: 81: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume !(0 != processEnvironment_~tmp~1#1); {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,929 INFO L272 TraceCheckUtils]: 82: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} call processEnvironment__wrappee__highWaterSensor(); {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,929 INFO L290 TraceCheckUtils]: 83: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} havoc ~tmp~0#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,930 INFO L290 TraceCheckUtils]: 84: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume !(0 == ~pumpRunning~0); {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,930 INFO L272 TraceCheckUtils]: 85: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} call processEnvironment__wrappee__base(); {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,930 INFO L290 TraceCheckUtils]: 86: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,931 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {16013#(<= 1 ~switchedOnBeforeTS~0)} {16013#(<= 1 ~switchedOnBeforeTS~0)} #290#return; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,931 INFO L290 TraceCheckUtils]: 88: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,931 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {16013#(<= 1 ~switchedOnBeforeTS~0)} {16013#(<= 1 ~switchedOnBeforeTS~0)} #272#return; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,932 INFO L290 TraceCheckUtils]: 90: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_processEnvironment } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,932 INFO L290 TraceCheckUtils]: 91: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,933 INFO L290 TraceCheckUtils]: 92: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,933 INFO L290 TraceCheckUtils]: 93: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,933 INFO L272 TraceCheckUtils]: 94: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,934 INFO L290 TraceCheckUtils]: 95: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,934 INFO L290 TraceCheckUtils]: 96: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,934 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {16013#(<= 1 ~switchedOnBeforeTS~0)} {16013#(<= 1 ~switchedOnBeforeTS~0)} #276#return; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,935 INFO L290 TraceCheckUtils]: 98: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,935 INFO L290 TraceCheckUtils]: 99: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:06,936 INFO L290 TraceCheckUtils]: 100: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {15718#false} is VALID [2022-02-20 18:13:06,936 INFO L290 TraceCheckUtils]: 101: Hoare triple {15718#false} assume !false; {15718#false} is VALID [2022-02-20 18:13:06,936 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 25 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:13:06,936 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:13:07,453 INFO L290 TraceCheckUtils]: 101: Hoare triple {15718#false} assume !false; {15718#false} is VALID [2022-02-20 18:13:07,453 INFO L290 TraceCheckUtils]: 100: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 == ~switchedOnBeforeTS~0;assume { :begin_inline___automaton_fail } true; {15718#false} is VALID [2022-02-20 18:13:07,454 INFO L290 TraceCheckUtils]: 99: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != __utac_acc__Specification5_spec__3_~tmp___0~3#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,454 INFO L290 TraceCheckUtils]: 98: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret24#1 && __utac_acc__Specification5_spec__3_#t~ret24#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp___0~3#1 := __utac_acc__Specification5_spec__3_#t~ret24#1;havoc __utac_acc__Specification5_spec__3_#t~ret24#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,455 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {15717#true} {16013#(<= 1 ~switchedOnBeforeTS~0)} #276#return; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,455 INFO L290 TraceCheckUtils]: 96: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:07,455 INFO L290 TraceCheckUtils]: 95: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:07,455 INFO L272 TraceCheckUtils]: 94: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} call __utac_acc__Specification5_spec__3_#t~ret24#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:07,456 INFO L290 TraceCheckUtils]: 93: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 2 != __utac_acc__Specification5_spec__3_~tmp~6#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,456 INFO L290 TraceCheckUtils]: 92: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,456 INFO L290 TraceCheckUtils]: 91: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,457 INFO L290 TraceCheckUtils]: 90: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_processEnvironment } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,457 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {15717#true} {16013#(<= 1 ~switchedOnBeforeTS~0)} #272#return; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,457 INFO L290 TraceCheckUtils]: 88: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:07,457 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {15717#true} {15717#true} #290#return; {15717#true} is VALID [2022-02-20 18:13:07,457 INFO L290 TraceCheckUtils]: 86: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:07,458 INFO L272 TraceCheckUtils]: 85: Hoare triple {15717#true} call processEnvironment__wrappee__base(); {15717#true} is VALID [2022-02-20 18:13:07,458 INFO L290 TraceCheckUtils]: 84: Hoare triple {15717#true} assume !(0 == ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:07,458 INFO L290 TraceCheckUtils]: 83: Hoare triple {15717#true} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:07,458 INFO L272 TraceCheckUtils]: 82: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} call processEnvironment__wrappee__highWaterSensor(); {15717#true} is VALID [2022-02-20 18:13:07,458 INFO L290 TraceCheckUtils]: 81: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume !(0 != processEnvironment_~tmp~1#1); {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,459 INFO L290 TraceCheckUtils]: 80: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} processEnvironment_#t~ret5#1 := isLowWaterLevel_#res#1;assume { :end_inline_isLowWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret5#1 && processEnvironment_#t~ret5#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret5#1;havoc processEnvironment_#t~ret5#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,459 INFO L290 TraceCheckUtils]: 79: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} isLowWaterLevel_~retValue_acc~3#1 := isLowWaterLevel_~tmp___0~1#1;isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~3#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,459 INFO L290 TraceCheckUtils]: 78: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != isLowWaterLevel_~tmp~4#1;isLowWaterLevel_~tmp___0~1#1 := 0; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,460 INFO L290 TraceCheckUtils]: 77: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} isLowWaterLevel_#t~ret17#1 := isLowWaterSensorDry_#res#1;assume { :end_inline_isLowWaterSensorDry } true;assume -2147483648 <= isLowWaterLevel_#t~ret17#1 && isLowWaterLevel_#t~ret17#1 <= 2147483647;isLowWaterLevel_~tmp~4#1 := isLowWaterLevel_#t~ret17#1;havoc isLowWaterLevel_#t~ret17#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,460 INFO L290 TraceCheckUtils]: 76: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_isLowWaterLevel } true;havoc isLowWaterLevel_#res#1;havoc isLowWaterLevel_#t~ret17#1, isLowWaterLevel_~retValue_acc~3#1, isLowWaterLevel_~tmp~4#1, isLowWaterLevel_~tmp___0~1#1;havoc isLowWaterLevel_~retValue_acc~3#1;havoc isLowWaterLevel_~tmp~4#1;havoc isLowWaterLevel_~tmp___0~1#1;assume { :begin_inline_isLowWaterSensorDry } true;havoc isLowWaterSensorDry_#res#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;havoc isLowWaterSensorDry_~retValue_acc~13#1;isLowWaterSensorDry_~retValue_acc~13#1 := (if 0 == ~waterLevel~0 then 1 else 0);isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~13#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,460 INFO L290 TraceCheckUtils]: 75: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,461 INFO L290 TraceCheckUtils]: 74: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline_lowerWaterLevel } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,461 INFO L290 TraceCheckUtils]: 73: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,461 INFO L290 TraceCheckUtils]: 72: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,462 INFO L290 TraceCheckUtils]: 71: Hoare triple {16013#(<= 1 ~switchedOnBeforeTS~0)} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,462 INFO L290 TraceCheckUtils]: 70: Hoare triple {16009#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret22#1|)} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {16013#(<= 1 ~switchedOnBeforeTS~0)} is VALID [2022-02-20 18:13:07,463 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {16206#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} {15793#(<= 1 ~pumpRunning~0)} #268#return; {16009#(<= 1 |timeShift___utac_acc__Specification5_spec__2_#t~ret22#1|)} is VALID [2022-02-20 18:13:07,463 INFO L290 TraceCheckUtils]: 68: Hoare triple {16206#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} assume true; {16206#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} is VALID [2022-02-20 18:13:07,464 INFO L290 TraceCheckUtils]: 67: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {16206#(or (<= 1 |isPumpRunning_#res|) (not (<= 1 ~pumpRunning~0)))} is VALID [2022-02-20 18:13:07,464 INFO L272 TraceCheckUtils]: 66: Hoare triple {15793#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:07,464 INFO L290 TraceCheckUtils]: 65: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,464 INFO L272 TraceCheckUtils]: 64: Hoare triple {15793#(<= 1 ~pumpRunning~0)} call timeShift(); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,465 INFO L290 TraceCheckUtils]: 63: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_startSystem } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,465 INFO L290 TraceCheckUtils]: 62: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,465 INFO L290 TraceCheckUtils]: 61: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,466 INFO L290 TraceCheckUtils]: 60: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp___0~2#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,466 INFO L290 TraceCheckUtils]: 59: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,466 INFO L290 TraceCheckUtils]: 58: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp~5#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,467 INFO L290 TraceCheckUtils]: 57: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,467 INFO L290 TraceCheckUtils]: 56: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume test_~splverifierCounter~0#1 < 4; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,467 INFO L290 TraceCheckUtils]: 55: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !false; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,468 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #284#return; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,468 INFO L290 TraceCheckUtils]: 53: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,468 INFO L290 TraceCheckUtils]: 52: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification5_spec__3 } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,469 INFO L290 TraceCheckUtils]: 51: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume !(2 != __utac_acc__Specification5_spec__3_~tmp~6#1); {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,469 INFO L290 TraceCheckUtils]: 50: Hoare triple {15793#(<= 1 ~pumpRunning~0)} __utac_acc__Specification5_spec__3_#t~ret23#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification5_spec__3_#t~ret23#1 && __utac_acc__Specification5_spec__3_#t~ret23#1 <= 2147483647;__utac_acc__Specification5_spec__3_~tmp~6#1 := __utac_acc__Specification5_spec__3_#t~ret23#1;havoc __utac_acc__Specification5_spec__3_#t~ret23#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,469 INFO L290 TraceCheckUtils]: 49: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification5_spec__3 } true;havoc __utac_acc__Specification5_spec__3_#t~ret23#1, __utac_acc__Specification5_spec__3_#t~ret24#1, __utac_acc__Specification5_spec__3_~tmp~6#1, __utac_acc__Specification5_spec__3_~tmp___0~3#1;havoc __utac_acc__Specification5_spec__3_~tmp~6#1;havoc __utac_acc__Specification5_spec__3_~tmp___0~3#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~11#1;havoc getWaterLevel_~retValue_acc~11#1;getWaterLevel_~retValue_acc~11#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~11#1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,470 INFO L290 TraceCheckUtils]: 48: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,470 INFO L284 TraceCheckUtils]: 47: Hoare quadruple {15793#(<= 1 ~pumpRunning~0)} {15717#true} #274#return; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,470 INFO L290 TraceCheckUtils]: 46: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,471 INFO L290 TraceCheckUtils]: 45: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,471 INFO L290 TraceCheckUtils]: 44: Hoare triple {15793#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump__wrappee__lowWaterSensor } true; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,471 INFO L290 TraceCheckUtils]: 43: Hoare triple {15717#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__lowWaterSensor } true;~pumpRunning~0 := 1; {15793#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:13:07,471 INFO L290 TraceCheckUtils]: 42: Hoare triple {15717#true} activatePump_#t~ret6#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret6#1 && activatePump_#t~ret6#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret6#1;havoc activatePump_#t~ret6#1; {15717#true} is VALID [2022-02-20 18:13:07,471 INFO L290 TraceCheckUtils]: 41: Hoare triple {15717#true} isMethaneAlarm_#t~ret7#1 := isMethaneLevelCritical_#res#1;assume { :end_inline_isMethaneLevelCritical } true;assume -2147483648 <= isMethaneAlarm_#t~ret7#1 && isMethaneAlarm_#t~ret7#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret7#1;havoc isMethaneAlarm_#t~ret7#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {15717#true} is VALID [2022-02-20 18:13:07,472 INFO L290 TraceCheckUtils]: 40: Hoare triple {15717#true} assume 0 != ~tmp~0#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret6#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret7#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1;assume { :begin_inline_isMethaneLevelCritical } true;havoc isMethaneLevelCritical_#res#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;havoc isMethaneLevelCritical_~retValue_acc~10#1;isMethaneLevelCritical_~retValue_acc~10#1 := ~methaneLevelCritical~0;isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~10#1; {15717#true} is VALID [2022-02-20 18:13:07,472 INFO L290 TraceCheckUtils]: 39: Hoare triple {15717#true} #t~ret4#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret4#1 && #t~ret4#1 <= 2147483647;~tmp~0#1 := #t~ret4#1;havoc #t~ret4#1; {15717#true} is VALID [2022-02-20 18:13:07,472 INFO L290 TraceCheckUtils]: 38: Hoare triple {15717#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~0#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {15717#true} is VALID [2022-02-20 18:13:07,472 INFO L290 TraceCheckUtils]: 37: Hoare triple {15717#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~0#1 := 1; {15717#true} is VALID [2022-02-20 18:13:07,472 INFO L290 TraceCheckUtils]: 36: Hoare triple {15717#true} isHighWaterLevel_#t~ret16#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret16#1 && isHighWaterLevel_#t~ret16#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret16#1;havoc isHighWaterLevel_#t~ret16#1; {15717#true} is VALID [2022-02-20 18:13:07,472 INFO L290 TraceCheckUtils]: 35: Hoare triple {15717#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~12#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:07,472 INFO L290 TraceCheckUtils]: 34: Hoare triple {15717#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret16#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~0#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~0#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~12#1;havoc isHighWaterSensorDry_~retValue_acc~12#1; {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L290 TraceCheckUtils]: 33: Hoare triple {15717#true} havoc ~tmp~0#1; {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L272 TraceCheckUtils]: 32: Hoare triple {15717#true} call processEnvironment__wrappee__highWaterSensor(); {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L290 TraceCheckUtils]: 31: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L290 TraceCheckUtils]: 30: Hoare triple {15717#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L290 TraceCheckUtils]: 29: Hoare triple {15717#true} assume !(0 != ~pumpRunning~0); {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L290 TraceCheckUtils]: 28: Hoare triple {15717#true} assume { :end_inline___utac_acc__Specification5_spec__2 } true; {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L290 TraceCheckUtils]: 27: Hoare triple {15717#true} assume -2147483648 <= __utac_acc__Specification5_spec__2_#t~ret22#1 && __utac_acc__Specification5_spec__2_#t~ret22#1 <= 2147483647;~switchedOnBeforeTS~0 := __utac_acc__Specification5_spec__2_#t~ret22#1;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {15717#true} {15717#true} #268#return; {15717#true} is VALID [2022-02-20 18:13:07,473 INFO L290 TraceCheckUtils]: 25: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L290 TraceCheckUtils]: 24: Hoare triple {15717#true} havoc ~retValue_acc~1;~retValue_acc~1 := ~pumpRunning~0;#res := ~retValue_acc~1; {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L272 TraceCheckUtils]: 23: Hoare triple {15717#true} call __utac_acc__Specification5_spec__2_#t~ret22#1 := isPumpRunning(); {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L290 TraceCheckUtils]: 22: Hoare triple {15717#true} assume { :begin_inline___utac_acc__Specification5_spec__2 } true;havoc __utac_acc__Specification5_spec__2_#t~ret22#1; {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L272 TraceCheckUtils]: 21: Hoare triple {15717#true} call timeShift(); {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L290 TraceCheckUtils]: 20: Hoare triple {15717#true} assume { :end_inline_startSystem } true; {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L290 TraceCheckUtils]: 19: Hoare triple {15717#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L290 TraceCheckUtils]: 18: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet20#1 && test_#t~nondet20#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet20#1;havoc test_#t~nondet20#1; {15717#true} is VALID [2022-02-20 18:13:07,474 INFO L290 TraceCheckUtils]: 17: Hoare triple {15717#true} assume !(0 != test_~tmp___0~2#1); {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L290 TraceCheckUtils]: 16: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {15717#true} {15717#true} #278#return; {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L290 TraceCheckUtils]: 14: Hoare triple {15717#true} assume true; {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L290 TraceCheckUtils]: 13: Hoare triple {15717#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L272 TraceCheckUtils]: 12: Hoare triple {15717#true} call waterRise(); {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L290 TraceCheckUtils]: 11: Hoare triple {15717#true} assume 0 != test_~tmp~5#1; {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L290 TraceCheckUtils]: 10: Hoare triple {15717#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp~5#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {15717#true} is VALID [2022-02-20 18:13:07,475 INFO L290 TraceCheckUtils]: 9: Hoare triple {15717#true} assume test_~splverifierCounter~0#1 < 4; {15717#true} is VALID [2022-02-20 18:13:07,476 INFO L290 TraceCheckUtils]: 8: Hoare triple {15717#true} assume !false; {15717#true} is VALID [2022-02-20 18:13:07,476 INFO L290 TraceCheckUtils]: 7: Hoare triple {15717#true} assume { :end_inline___utac_acc__Specification5_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_~splverifierCounter~0#1, test_~tmp~5#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~5#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {15717#true} is VALID [2022-02-20 18:13:07,476 INFO L290 TraceCheckUtils]: 6: Hoare triple {15717#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification5_spec__1 } true;~switchedOnBeforeTS~0 := 0; {15717#true} is VALID [2022-02-20 18:13:07,476 INFO L290 TraceCheckUtils]: 5: Hoare triple {15717#true} assume 0 != main_~tmp~10#1;assume { :begin_inline_setup } true; {15717#true} is VALID [2022-02-20 18:13:07,476 INFO L290 TraceCheckUtils]: 4: Hoare triple {15717#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~10#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {15717#true} is VALID [2022-02-20 18:13:07,476 INFO L290 TraceCheckUtils]: 3: Hoare triple {15717#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~retValue_acc~9#1;valid_product_~retValue_acc~9#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {15717#true} is VALID [2022-02-20 18:13:07,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {15717#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15717#true} is VALID [2022-02-20 18:13:07,477 INFO L290 TraceCheckUtils]: 1: Hoare triple {15717#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~7#1, main_~tmp~10#1;havoc main_~retValue_acc~7#1;havoc main_~tmp~10#1;assume { :begin_inline_select_helpers } true; {15717#true} is VALID [2022-02-20 18:13:07,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {15717#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~switchedOnBeforeTS~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {15717#true} is VALID [2022-02-20 18:13:07,477 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-02-20 18:13:07,477 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1865523861] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:13:07,478 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:13:07,478 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 6, 6] total 16 [2022-02-20 18:13:07,478 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [966605263] [2022-02-20 18:13:07,478 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:13:07,479 INFO L78 Accepts]: Start accepts. Automaton has has 16 states, 16 states have (on average 7.9375) internal successors, (127), 11 states have internal predecessors, (127), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) Word has length 102 [2022-02-20 18:13:07,483 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:13:07,483 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 16 states, 16 states have (on average 7.9375) internal successors, (127), 11 states have internal predecessors, (127), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2022-02-20 18:13:07,586 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 163 edges. 163 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:07,587 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 16 states [2022-02-20 18:13:07,587 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:13:07,587 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2022-02-20 18:13:07,587 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=38, Invalid=202, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:13:07,588 INFO L87 Difference]: Start difference. First operand 604 states and 745 transitions. Second operand has 16 states, 16 states have (on average 7.9375) internal successors, (127), 11 states have internal predecessors, (127), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2022-02-20 18:13:10,945 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:10,946 INFO L93 Difference]: Finished difference Result 1310 states and 1663 transitions. [2022-02-20 18:13:10,946 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2022-02-20 18:13:10,946 INFO L78 Accepts]: Start accepts. Automaton has has 16 states, 16 states have (on average 7.9375) internal successors, (127), 11 states have internal predecessors, (127), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) Word has length 102 [2022-02-20 18:13:10,947 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:13:10,947 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 16 states, 16 states have (on average 7.9375) internal successors, (127), 11 states have internal predecessors, (127), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2022-02-20 18:13:10,952 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 32 states to 32 states and 440 transitions. [2022-02-20 18:13:10,953 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 16 states, 16 states have (on average 7.9375) internal successors, (127), 11 states have internal predecessors, (127), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2022-02-20 18:13:10,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 32 states to 32 states and 440 transitions. [2022-02-20 18:13:10,958 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 32 states and 440 transitions. [2022-02-20 18:13:11,276 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 440 edges. 440 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:13:11,277 INFO L225 Difference]: With dead ends: 1310 [2022-02-20 18:13:11,277 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:13:11,279 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 268 GetRequests, 227 SyntacticMatches, 1 SemanticMatches, 40 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 392 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=301, Invalid=1421, Unknown=0, NotChecked=0, Total=1722 [2022-02-20 18:13:11,280 INFO L933 BasicCegarLoop]: 234 mSDtfsCounter, 458 mSDsluCounter, 1174 mSDsCounter, 0 mSdLazyCounter, 1013 mSolverCounterSat, 187 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 459 SdHoareTripleChecker+Valid, 1408 SdHoareTripleChecker+Invalid, 1200 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 187 IncrementalHoareTripleChecker+Valid, 1013 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:13:11,280 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [459 Valid, 1408 Invalid, 1200 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [187 Valid, 1013 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-02-20 18:13:11,280 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:13:11,280 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:13:11,280 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:13:11,280 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:13:11,281 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:13:11,281 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:13:11,281 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:11,281 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:13:11,281 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:13:11,281 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:11,281 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:11,281 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:13:11,282 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:13:11,282 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:13:11,282 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:13:11,282 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:13:11,283 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:11,283 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:13:11,283 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:13:11,283 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:13:11,283 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:13:11,283 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:13:11,283 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 102 [2022-02-20 18:13:11,284 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:13:11,284 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:13:11,284 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 16 states, 16 states have (on average 7.9375) internal successors, (127), 11 states have internal predecessors, (127), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2022-02-20 18:13:11,284 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:13:11,284 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:13:11,286 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:13:11,307 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:13:11,499 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-02-20 18:13:11,501 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:13:15,774 INFO L854 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 179 186) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 (not (<= 2 ~waterLevel~0)) .cse2 .cse3) (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-02-20 18:13:15,774 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 179 186) no Hoare annotation was computed. [2022-02-20 18:13:15,774 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 179 186) no Hoare annotation was computed. [2022-02-20 18:13:15,774 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 94 100) no Hoare annotation was computed. [2022-02-20 18:13:15,774 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 94 100) the Hoare annotation is: true [2022-02-20 18:13:15,774 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 964 975) the Hoare annotation is: true [2022-02-20 18:13:15,774 INFO L858 garLoopResultBuilder]: For program point L968-1(lines 964 975) no Hoare annotation was computed. [2022-02-20 18:13:15,775 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 964 975) no Hoare annotation was computed. [2022-02-20 18:13:15,775 INFO L861 garLoopResultBuilder]: At program point L801(line 801) the Hoare annotation is: true [2022-02-20 18:13:15,775 INFO L858 garLoopResultBuilder]: For program point L801-1(line 801) no Hoare annotation was computed. [2022-02-20 18:13:15,775 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 795 824) no Hoare annotation was computed. [2022-02-20 18:13:15,775 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 795 824) the Hoare annotation is: true [2022-02-20 18:13:15,775 INFO L861 garLoopResultBuilder]: At program point L820(lines 795 824) the Hoare annotation is: true [2022-02-20 18:13:15,775 INFO L858 garLoopResultBuilder]: For program point L816(line 816) no Hoare annotation was computed. [2022-02-20 18:13:15,775 INFO L858 garLoopResultBuilder]: For program point L809(lines 809 813) no Hoare annotation was computed. [2022-02-20 18:13:15,776 INFO L861 garLoopResultBuilder]: At program point L809-1(lines 809 813) the Hoare annotation is: true [2022-02-20 18:13:15,776 INFO L858 garLoopResultBuilder]: For program point L806(line 806) no Hoare annotation was computed. [2022-02-20 18:13:15,776 INFO L861 garLoopResultBuilder]: At program point L805-2(lines 805 819) the Hoare annotation is: true [2022-02-20 18:13:15,776 INFO L858 garLoopResultBuilder]: For program point L411(lines 411 417) no Hoare annotation was computed. [2022-02-20 18:13:15,776 INFO L854 garLoopResultBuilder]: At program point L147(line 147) the Hoare annotation is: (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= 0 ~systemActive~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not .cse2)) (or .cse3 .cse2 .cse1 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse2 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1))) [2022-02-20 18:13:15,776 INFO L854 garLoopResultBuilder]: At program point L147-1(lines 128 152) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (= ~pumpRunning~0 0)) (.cse7 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 (not .cse2)) (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse3 .cse4) (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse4) .cse1)) (let ((.cse6 (<= ~waterLevel~0 2))) (or .cse5 (and .cse3 .cse6 .cse7) .cse2 .cse1 (and .cse8 .cse6 .cse7) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (let ((.cse9 (= ~waterLevel~0 1))) (or .cse5 (and .cse8 .cse9 .cse7) .cse2 .cse1 (not (<= 2 |old(~waterLevel~0)|)) (and .cse3 .cse9 .cse7))))) [2022-02-20 18:13:15,776 INFO L858 garLoopResultBuilder]: For program point L944(lines 944 948) no Hoare annotation was computed. [2022-02-20 18:13:15,777 INFO L858 garLoopResultBuilder]: For program point L81-1(lines 81 87) no Hoare annotation was computed. [2022-02-20 18:13:15,777 INFO L858 garLoopResultBuilder]: For program point L271(lines 271 275) no Hoare annotation was computed. [2022-02-20 18:13:15,777 INFO L854 garLoopResultBuilder]: At program point L944-2(lines 940 951) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (<= 1 ~switchedOnBeforeTS~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse1 (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4 .cse0 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse4 .cse0 (and .cse2 (<= ~waterLevel~0 2) .cse3) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-02-20 18:13:15,777 INFO L858 garLoopResultBuilder]: For program point L271-2(lines 271 275) no Hoare annotation was computed. [2022-02-20 18:13:15,777 INFO L854 garLoopResultBuilder]: At program point L395(lines 388 397) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse4 (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= 0 ~systemActive~0)) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse4) .cse3)))) [2022-02-20 18:13:15,777 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 67 93) no Hoare annotation was computed. [2022-02-20 18:13:15,778 INFO L854 garLoopResultBuilder]: At program point L408(line 408) the Hoare annotation is: (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (= 0 ~systemActive~0)) (.cse2 (not (<= 2 |old(~waterLevel~0)|))) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 0)) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (let ((.cse5 (<= ~waterLevel~0 2))) (or .cse3 (and .cse4 .cse5 .cse6) .cse7 .cse1 (and .cse8 .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (let ((.cse9 (= ~waterLevel~0 1))) (or .cse3 (and .cse8 .cse9 .cse6) .cse7 .cse1 .cse2 (and .cse4 .cse9 .cse6))) (or .cse0 (and .cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1))) [2022-02-20 18:13:15,778 INFO L858 garLoopResultBuilder]: For program point L408-1(line 408) no Hoare annotation was computed. [2022-02-20 18:13:15,778 INFO L854 garLoopResultBuilder]: At program point L1036(lines 1031 1039) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (<= 1 ~switchedOnBeforeTS~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse1 (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4 .cse0 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse4 .cse0 (and .cse2 (<= ~waterLevel~0 2) .cse3) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-02-20 18:13:15,778 INFO L858 garLoopResultBuilder]: For program point L74(lines 74 80) no Hoare annotation was computed. [2022-02-20 18:13:15,778 INFO L858 garLoopResultBuilder]: For program point L74-2(lines 70 92) no Hoare annotation was computed. [2022-02-20 18:13:15,778 INFO L858 garLoopResultBuilder]: For program point L136(lines 136 144) no Hoare annotation was computed. [2022-02-20 18:13:15,778 INFO L858 garLoopResultBuilder]: For program point L933(line 933) no Hoare annotation was computed. [2022-02-20 18:13:15,779 INFO L858 garLoopResultBuilder]: For program point L132(lines 132 149) no Hoare annotation was computed. [2022-02-20 18:13:15,779 INFO L854 garLoopResultBuilder]: At program point L277(lines 262 280) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (<= 1 ~switchedOnBeforeTS~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse1 (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4 .cse0 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse4 .cse0 (and .cse2 (<= ~waterLevel~0 2) .cse3) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-02-20 18:13:15,779 INFO L854 garLoopResultBuilder]: At program point L393(line 393) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2) (or .cse3 .cse4 .cse2 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse4 .cse2 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-02-20 18:13:15,779 INFO L858 garLoopResultBuilder]: For program point L393-1(line 393) no Hoare annotation was computed. [2022-02-20 18:13:15,779 INFO L854 garLoopResultBuilder]: At program point L934(lines 929 936) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse1 .cse2 .cse0 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse2 .cse0 (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-02-20 18:13:15,779 INFO L858 garLoopResultBuilder]: For program point L410(lines 410 420) no Hoare annotation was computed. [2022-02-20 18:13:15,780 INFO L858 garLoopResultBuilder]: For program point L406(lines 406 423) no Hoare annotation was computed. [2022-02-20 18:13:15,780 INFO L854 garLoopResultBuilder]: At program point L1013(lines 1008 1016) the Hoare annotation is: (let ((.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 0)) (.cse7 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (<= 2 |old(~waterLevel~0)|)))) (and (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse1 .cse2) (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse2 (not .cse3)) .cse4)) (let ((.cse6 (<= ~waterLevel~0 2))) (or .cse5 (and .cse1 .cse6 .cse7) .cse3 .cse4 (and .cse8 .cse6 .cse7) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (let ((.cse9 (= ~waterLevel~0 1))) (or .cse5 (and .cse8 .cse9 .cse7) .cse3 .cse4 .cse10 (and .cse1 .cse9 .cse7))) (or .cse0 .cse4 (and (<= |timeShift_getWaterLevel_#res#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|)) .cse10))) [2022-02-20 18:13:15,780 INFO L854 garLoopResultBuilder]: At program point L406-1(lines 398 426) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse9 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= 0 ~systemActive~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (<= 2 |old(~waterLevel~0)|))) (.cse1 (= ~pumpRunning~0 0)) (.cse8 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 (not .cse3)) (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse1 .cse4) (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse4) .cse2)) (or .cse0 (and (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1|) (<= |timeShift_getWaterLevel_#res#1| 2) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|)) .cse2 .cse5) (let ((.cse7 (<= ~waterLevel~0 2))) (or .cse6 (and .cse1 .cse7 .cse8) .cse3 .cse2 (and .cse9 .cse7 .cse8) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (let ((.cse10 (= ~waterLevel~0 1))) (or .cse6 (and .cse9 .cse10 .cse8) .cse3 .cse2 .cse5 (and .cse1 .cse10 .cse8))))) [2022-02-20 18:13:15,780 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 67 93) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2) (or .cse3 .cse4 .cse2 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse4 .cse2 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-02-20 18:13:15,780 INFO L854 garLoopResultBuilder]: At program point L142(line 142) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (<= 1 ~switchedOnBeforeTS~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse1 (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4 .cse0 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse4 .cse0 (and .cse2 (<= ~waterLevel~0 2) .cse3) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-02-20 18:13:15,781 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 67 93) no Hoare annotation was computed. [2022-02-20 18:13:15,781 INFO L854 garLoopResultBuilder]: At program point L138(line 138) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (<= 1 ~switchedOnBeforeTS~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse1 (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4 .cse0 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse4 .cse0 (and .cse2 (<= ~waterLevel~0 2) .cse3) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-02-20 18:13:15,781 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 933) no Hoare annotation was computed. [2022-02-20 18:13:15,781 INFO L858 garLoopResultBuilder]: For program point L320(lines 320 324) no Hoare annotation was computed. [2022-02-20 18:13:15,781 INFO L854 garLoopResultBuilder]: At program point L287(line 287) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse5) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse4 .cse5))) [2022-02-20 18:13:15,781 INFO L854 garLoopResultBuilder]: At program point L853(lines 849 855) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~10#1| 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:13:15,782 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:13:15,782 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:13:15,782 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:13:15,782 INFO L854 garLoopResultBuilder]: At program point L924(lines 919 927) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:13:15,782 INFO L854 garLoopResultBuilder]: At program point L916(lines 912 918) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:13:15,782 INFO L861 garLoopResultBuilder]: At program point L371(lines 308 375) the Hoare annotation is: true [2022-02-20 18:13:15,782 INFO L858 garLoopResultBuilder]: For program point L338(lines 338 344) no Hoare annotation was computed. [2022-02-20 18:13:15,783 INFO L858 garLoopResultBuilder]: For program point L338-1(lines 338 344) no Hoare annotation was computed. [2022-02-20 18:13:15,783 INFO L854 garLoopResultBuilder]: At program point L301(lines 296 303) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse5) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse4 .cse5) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse4 .cse5))) [2022-02-20 18:13:15,783 INFO L854 garLoopResultBuilder]: At program point L330(line 330) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse5) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse4 .cse5))) [2022-02-20 18:13:15,783 INFO L854 garLoopResultBuilder]: At program point L293(lines 281 295) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (<= ~waterLevel~0 2) (= 0 ~systemActive~0) (= |ULTIMATE.start_main_~tmp~10#1| 1)) [2022-02-20 18:13:15,783 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:13:15,783 INFO L858 garLoopResultBuilder]: For program point L285(lines 285 291) no Hoare annotation was computed. [2022-02-20 18:13:15,783 INFO L858 garLoopResultBuilder]: For program point L285-1(lines 285 291) no Hoare annotation was computed. [2022-02-20 18:13:15,784 INFO L858 garLoopResultBuilder]: For program point L880(lines 880 887) no Hoare annotation was computed. [2022-02-20 18:13:15,784 INFO L854 garLoopResultBuilder]: At program point L368(lines 317 369) the Hoare annotation is: false [2022-02-20 18:13:15,784 INFO L858 garLoopResultBuilder]: For program point L880-2(lines 880 887) no Hoare annotation was computed. [2022-02-20 18:13:15,784 INFO L854 garLoopResultBuilder]: At program point L909(lines 905 911) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:13:15,784 INFO L858 garLoopResultBuilder]: For program point L356(lines 356 362) no Hoare annotation was computed. [2022-02-20 18:13:15,784 INFO L854 garLoopResultBuilder]: At program point L356-2(lines 348 363) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse5) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse4 .cse5))) [2022-02-20 18:13:15,784 INFO L854 garLoopResultBuilder]: At program point L385(lines 380 387) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~10#1| 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:13:15,785 INFO L861 garLoopResultBuilder]: At program point L864(lines 856 866) the Hoare annotation is: true [2022-02-20 18:13:15,785 INFO L858 garLoopResultBuilder]: For program point L319(lines 318 367) no Hoare annotation was computed. [2022-02-20 18:13:15,785 INFO L858 garLoopResultBuilder]: For program point L348(lines 348 363) no Hoare annotation was computed. [2022-02-20 18:13:15,785 INFO L861 garLoopResultBuilder]: At program point L889(lines 870 892) the Hoare annotation is: true [2022-02-20 18:13:15,785 INFO L854 garLoopResultBuilder]: At program point L340(line 340) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse5) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse4 .cse5))) [2022-02-20 18:13:15,785 INFO L854 garLoopResultBuilder]: At program point L365(lines 318 367) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse5) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse4 .cse5))) [2022-02-20 18:13:15,786 INFO L858 garLoopResultBuilder]: For program point L328(lines 328 334) no Hoare annotation was computed. [2022-02-20 18:13:15,786 INFO L858 garLoopResultBuilder]: For program point L328-1(lines 328 334) no Hoare annotation was computed. [2022-02-20 18:13:15,786 INFO L854 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 102 126) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 .cse1))) [2022-02-20 18:13:15,786 INFO L858 garLoopResultBuilder]: For program point L252(lines 252 256) no Hoare annotation was computed. [2022-02-20 18:13:15,786 INFO L858 garLoopResultBuilder]: For program point L252-2(lines 252 256) no Hoare annotation was computed. [2022-02-20 18:13:15,786 INFO L854 garLoopResultBuilder]: At program point L981(lines 976 984) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0)) .cse1))) [2022-02-20 18:13:15,786 INFO L854 garLoopResultBuilder]: At program point L116(line 116) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)) .cse0 .cse1))) [2022-02-20 18:13:15,787 INFO L858 garLoopResultBuilder]: For program point L110(lines 110 118) no Hoare annotation was computed. [2022-02-20 18:13:15,787 INFO L858 garLoopResultBuilder]: For program point L106(lines 106 123) no Hoare annotation was computed. [2022-02-20 18:13:15,787 INFO L854 garLoopResultBuilder]: At program point L158(lines 153 160) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0)) .cse0 .cse1))) [2022-02-20 18:13:15,787 INFO L858 garLoopResultBuilder]: For program point L1021(lines 1021 1027) no Hoare annotation was computed. [2022-02-20 18:13:15,787 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 102 126) no Hoare annotation was computed. [2022-02-20 18:13:15,787 INFO L854 garLoopResultBuilder]: At program point L121(line 121) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-02-20 18:13:15,787 INFO L858 garLoopResultBuilder]: For program point L121-1(lines 102 126) no Hoare annotation was computed. [2022-02-20 18:13:15,787 INFO L858 garLoopResultBuilder]: For program point L169(lines 169 175) no Hoare annotation was computed. [2022-02-20 18:13:15,788 INFO L854 garLoopResultBuilder]: At program point L169-2(lines 162 178) the Hoare annotation is: (let ((.cse1 (not (<= ~waterLevel~0 2))) (.cse2 (= 0 ~systemActive~0))) (and (let ((.cse0 (<= 2 ~waterLevel~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) .cse0) .cse1 (and (= ~pumpRunning~0 0) .cse0) .cse2)) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-02-20 18:13:15,788 INFO L854 garLoopResultBuilder]: At program point L1026(lines 1017 1030) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse2 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))) .cse0 (and .cse2 (<= 2 ~waterLevel~0)) .cse1)))) [2022-02-20 18:13:15,788 INFO L854 garLoopResultBuilder]: At program point L258(lines 243 261) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse2 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0))) .cse0 (and .cse2 (<= 2 ~waterLevel~0)) .cse1)))) [2022-02-20 18:13:15,788 INFO L854 garLoopResultBuilder]: At program point L194(lines 187 197) the Hoare annotation is: (let ((.cse0 (not (<= ~waterLevel~0 2))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) .cse0 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0)) .cse1))) [2022-02-20 18:13:15,788 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 952 963) no Hoare annotation was computed. [2022-02-20 18:13:15,788 INFO L858 garLoopResultBuilder]: For program point L956-1(lines 952 963) no Hoare annotation was computed. [2022-02-20 18:13:15,789 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 952 963) the Hoare annotation is: (let ((.cse0 (not (<= 1 ~pumpRunning~0))) (.cse2 (= 0 ~systemActive~0)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= ~pumpRunning~0 0)) .cse1 .cse3))) [2022-02-20 18:13:15,789 INFO L858 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 198 206) no Hoare annotation was computed. [2022-02-20 18:13:15,789 INFO L861 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 198 206) the Hoare annotation is: true [2022-02-20 18:13:15,789 INFO L858 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 198 206) no Hoare annotation was computed. [2022-02-20 18:13:15,792 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:13:15,793 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:13:15,796 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:13:15,796 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:13:15,796 WARN L170 areAnnotationChecker]: L968-1 has no Hoare annotation [2022-02-20 18:13:15,796 WARN L170 areAnnotationChecker]: L968-1 has no Hoare annotation [2022-02-20 18:13:15,798 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:13:15,799 WARN L170 areAnnotationChecker]: L106 has no Hoare annotation [2022-02-20 18:13:15,799 WARN L170 areAnnotationChecker]: L956-1 has no Hoare annotation [2022-02-20 18:13:15,799 WARN L170 areAnnotationChecker]: L956-1 has no Hoare annotation [2022-02-20 18:13:15,799 WARN L170 areAnnotationChecker]: isPumpRunningFINAL has no Hoare annotation [2022-02-20 18:13:15,799 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:13:15,799 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:13:15,799 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:13:15,800 WARN L170 areAnnotationChecker]: L968-1 has no Hoare annotation [2022-02-20 18:13:15,800 WARN L170 areAnnotationChecker]: L801-1 has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: L393-1 has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: L106 has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: L106 has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: L956-1 has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: isPumpRunningFINAL has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:13:15,801 WARN L170 areAnnotationChecker]: L121-1 has no Hoare annotation [2022-02-20 18:13:15,802 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:13:15,802 WARN L170 areAnnotationChecker]: L801-1 has no Hoare annotation [2022-02-20 18:13:15,802 WARN L170 areAnnotationChecker]: L393-1 has no Hoare annotation [2022-02-20 18:13:15,802 WARN L170 areAnnotationChecker]: L1021 has no Hoare annotation [2022-02-20 18:13:15,802 WARN L170 areAnnotationChecker]: L1021 has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: L121-1 has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: isPumpRunningEXIT has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: isPumpRunningEXIT has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: L81-1 has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: L285-1 has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__highWaterSensorEXIT has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__highWaterSensorEXIT has no Hoare annotation [2022-02-20 18:13:15,803 WARN L170 areAnnotationChecker]: L338-1 has no Hoare annotation [2022-02-20 18:13:15,804 WARN L170 areAnnotationChecker]: L806 has no Hoare annotation [2022-02-20 18:13:15,804 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:13:15,804 WARN L170 areAnnotationChecker]: L252 has no Hoare annotation [2022-02-20 18:13:15,804 WARN L170 areAnnotationChecker]: L328-1 has no Hoare annotation [2022-02-20 18:13:15,804 WARN L170 areAnnotationChecker]: L408-1 has no Hoare annotation [2022-02-20 18:13:15,805 WARN L170 areAnnotationChecker]: L81-1 has no Hoare annotation [2022-02-20 18:13:15,805 WARN L170 areAnnotationChecker]: L348 has no Hoare annotation [2022-02-20 18:13:15,805 WARN L170 areAnnotationChecker]: L348 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L806 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L880 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L252 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L252 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L338 has no Hoare annotation [2022-02-20 18:13:15,806 WARN L170 areAnnotationChecker]: L338 has no Hoare annotation [2022-02-20 18:13:15,807 WARN L170 areAnnotationChecker]: L410 has no Hoare annotation [2022-02-20 18:13:15,807 WARN L170 areAnnotationChecker]: L410 has no Hoare annotation [2022-02-20 18:13:15,807 WARN L170 areAnnotationChecker]: L406 has no Hoare annotation [2022-02-20 18:13:15,825 WARN L170 areAnnotationChecker]: L356 has no Hoare annotation [2022-02-20 18:13:15,825 WARN L170 areAnnotationChecker]: L356 has no Hoare annotation [2022-02-20 18:13:15,825 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:13:15,825 WARN L170 areAnnotationChecker]: L809 has no Hoare annotation [2022-02-20 18:13:15,825 WARN L170 areAnnotationChecker]: L809 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L944 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L944 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L74-2 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L74-2 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L880 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L880 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L252-2 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L338-1 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L411 has no Hoare annotation [2022-02-20 18:13:15,826 WARN L170 areAnnotationChecker]: L411 has no Hoare annotation [2022-02-20 18:13:15,827 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:13:15,827 WARN L170 areAnnotationChecker]: L406 has no Hoare annotation [2022-02-20 18:13:15,827 WARN L170 areAnnotationChecker]: L406 has no Hoare annotation [2022-02-20 18:13:15,829 WARN L170 areAnnotationChecker]: L319 has no Hoare annotation [2022-02-20 18:13:15,829 WARN L170 areAnnotationChecker]: L285 has no Hoare annotation [2022-02-20 18:13:15,829 WARN L170 areAnnotationChecker]: L285 has no Hoare annotation [2022-02-20 18:13:15,829 WARN L170 areAnnotationChecker]: L816 has no Hoare annotation [2022-02-20 18:13:15,830 WARN L170 areAnnotationChecker]: L74-2 has no Hoare annotation [2022-02-20 18:13:15,830 WARN L170 areAnnotationChecker]: L132 has no Hoare annotation [2022-02-20 18:13:15,830 WARN L170 areAnnotationChecker]: L132 has no Hoare annotation [2022-02-20 18:13:15,831 WARN L170 areAnnotationChecker]: L880-2 has no Hoare annotation [2022-02-20 18:13:15,831 WARN L170 areAnnotationChecker]: L110 has no Hoare annotation [2022-02-20 18:13:15,831 WARN L170 areAnnotationChecker]: L933 has no Hoare annotation [2022-02-20 18:13:15,831 WARN L170 areAnnotationChecker]: L933 has no Hoare annotation [2022-02-20 18:13:15,831 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:13:15,831 WARN L170 areAnnotationChecker]: L408-1 has no Hoare annotation [2022-02-20 18:13:15,832 WARN L170 areAnnotationChecker]: L319 has no Hoare annotation [2022-02-20 18:13:15,832 WARN L170 areAnnotationChecker]: L319 has no Hoare annotation [2022-02-20 18:13:15,832 WARN L170 areAnnotationChecker]: L285-1 has no Hoare annotation [2022-02-20 18:13:15,833 WARN L170 areAnnotationChecker]: L880-2 has no Hoare annotation [2022-02-20 18:13:15,833 WARN L170 areAnnotationChecker]: L816 has no Hoare annotation [2022-02-20 18:13:15,833 WARN L170 areAnnotationChecker]: L271 has no Hoare annotation [2022-02-20 18:13:15,834 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:13:15,834 WARN L170 areAnnotationChecker]: L110 has no Hoare annotation [2022-02-20 18:13:15,834 WARN L170 areAnnotationChecker]: L110 has no Hoare annotation [2022-02-20 18:13:15,836 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:13:15,837 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:13:15,837 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:13:15,837 WARN L170 areAnnotationChecker]: L320 has no Hoare annotation [2022-02-20 18:13:15,837 WARN L170 areAnnotationChecker]: L271 has no Hoare annotation [2022-02-20 18:13:15,837 WARN L170 areAnnotationChecker]: L271 has no Hoare annotation [2022-02-20 18:13:15,837 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:13:15,839 WARN L170 areAnnotationChecker]: L121-1 has no Hoare annotation [2022-02-20 18:13:15,839 WARN L170 areAnnotationChecker]: L328 has no Hoare annotation [2022-02-20 18:13:15,839 WARN L170 areAnnotationChecker]: L328 has no Hoare annotation [2022-02-20 18:13:15,839 WARN L170 areAnnotationChecker]: L271-2 has no Hoare annotation [2022-02-20 18:13:15,839 WARN L170 areAnnotationChecker]: L169 has no Hoare annotation [2022-02-20 18:13:15,839 WARN L170 areAnnotationChecker]: L328-1 has no Hoare annotation [2022-02-20 18:13:15,840 WARN L170 areAnnotationChecker]: L136 has no Hoare annotation [2022-02-20 18:13:15,840 WARN L170 areAnnotationChecker]: L169 has no Hoare annotation [2022-02-20 18:13:15,841 WARN L170 areAnnotationChecker]: L169 has no Hoare annotation [2022-02-20 18:13:15,841 WARN L170 areAnnotationChecker]: L136 has no Hoare annotation [2022-02-20 18:13:15,841 WARN L170 areAnnotationChecker]: L136 has no Hoare annotation [2022-02-20 18:13:15,841 WARN L170 areAnnotationChecker]: L121-1 has no Hoare annotation [2022-02-20 18:13:15,844 INFO L163 areAnnotationChecker]: CFG has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:13:15,870 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:13:15 BoogieIcfgContainer [2022-02-20 18:13:15,871 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:13:15,872 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:13:15,872 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:13:15,872 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:13:15,872 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:12:55" (3/4) ... [2022-02-20 18:13:15,875 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:13:15,879 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:13:15,879 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:13:15,880 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:13:15,880 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:13:15,880 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:13:15,880 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:13:15,880 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:13:15,880 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-02-20 18:13:15,886 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 53 nodes and edges [2022-02-20 18:13:15,887 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:13:15,888 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:13:15,888 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:13:15,889 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:13:15,889 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:13:15,890 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:13:15,915 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && \result == 1) && waterLevel == 1) && !(0 == systemActive) [2022-02-20 18:13:15,915 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == 1) && waterLevel == 1) && tmp == 1) && !(0 == systemActive) [2022-02-20 18:13:15,915 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == 1) && waterLevel == 1) && tmp == 1) && !(0 == systemActive) [2022-02-20 18:13:15,916 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((1 <= pumpRunning && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == 1) && !(0 == systemActive)) || ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || ((((((1 <= pumpRunning && \result == 1) && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive)) [2022-02-20 18:13:15,917 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-02-20 18:13:15,918 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && ((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-02-20 18:13:15,918 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((1 <= pumpRunning && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == 1) && !(0 == systemActive)) || ((((((1 <= pumpRunning && \result == 1) && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive))) || (((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive)) [2022-02-20 18:13:15,919 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || (((1 < tmp && \result <= 2) && tmp <= 2) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-02-20 18:13:15,919 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-02-20 18:13:15,920 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-02-20 18:13:15,920 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive) && tmp == 1 [2022-02-20 18:13:15,920 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || (((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) <= 2)) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel))) [2022-02-20 18:13:15,921 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && ((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-02-20 18:13:15,921 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) [2022-02-20 18:13:15,921 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && ((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-02-20 18:13:15,921 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (((pumpRunning == 0 && \result == 0) && tmp___0 == 0) && !(tmp == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) [2022-02-20 18:13:15,925 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) [2022-02-20 18:13:15,925 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) [2022-02-20 18:13:15,925 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) [2022-02-20 18:13:15,925 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(waterLevel <= 2)) || 0 == systemActive) [2022-02-20 18:13:15,960 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:13:15,960 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:13:15,961 INFO L158 Benchmark]: Toolchain (without parser) took 21671.13ms. Allocated memory was 86.0MB in the beginning and 195.0MB in the end (delta: 109.1MB). Free memory was 50.9MB in the beginning and 90.5MB in the end (delta: -39.7MB). Peak memory consumption was 68.5MB. Max. memory is 16.1GB. [2022-02-20 18:13:15,962 INFO L158 Benchmark]: CDTParser took 0.22ms. Allocated memory is still 86.0MB. Free memory was 56.3MB in the beginning and 56.3MB in the end (delta: 27.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:13:15,962 INFO L158 Benchmark]: CACSL2BoogieTranslator took 386.02ms. Allocated memory was 86.0MB in the beginning and 132.1MB in the end (delta: 46.1MB). Free memory was 50.7MB in the beginning and 95.9MB in the end (delta: -45.2MB). Peak memory consumption was 5.6MB. Max. memory is 16.1GB. [2022-02-20 18:13:15,962 INFO L158 Benchmark]: Boogie Procedure Inliner took 74.71ms. Allocated memory is still 132.1MB. Free memory was 95.9MB in the beginning and 92.6MB in the end (delta: 3.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:13:15,965 INFO L158 Benchmark]: Boogie Preprocessor took 42.52ms. Allocated memory is still 132.1MB. Free memory was 92.6MB in the beginning and 91.0MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:13:15,966 INFO L158 Benchmark]: RCFGBuilder took 581.22ms. Allocated memory is still 132.1MB. Free memory was 91.0MB in the beginning and 104.6MB in the end (delta: -13.6MB). Peak memory consumption was 24.0MB. Max. memory is 16.1GB. [2022-02-20 18:13:15,967 INFO L158 Benchmark]: TraceAbstraction took 20489.76ms. Allocated memory was 132.1MB in the beginning and 195.0MB in the end (delta: 62.9MB). Free memory was 104.6MB in the beginning and 96.8MB in the end (delta: 7.8MB). Peak memory consumption was 112.4MB. Max. memory is 16.1GB. [2022-02-20 18:13:15,967 INFO L158 Benchmark]: Witness Printer took 88.68ms. Allocated memory is still 195.0MB. Free memory was 96.8MB in the beginning and 90.5MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 18:13:15,969 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.22ms. Allocated memory is still 86.0MB. Free memory was 56.3MB in the beginning and 56.3MB in the end (delta: 27.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 386.02ms. Allocated memory was 86.0MB in the beginning and 132.1MB in the end (delta: 46.1MB). Free memory was 50.7MB in the beginning and 95.9MB in the end (delta: -45.2MB). Peak memory consumption was 5.6MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 74.71ms. Allocated memory is still 132.1MB. Free memory was 95.9MB in the beginning and 92.6MB in the end (delta: 3.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 42.52ms. Allocated memory is still 132.1MB. Free memory was 92.6MB in the beginning and 91.0MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 581.22ms. Allocated memory is still 132.1MB. Free memory was 91.0MB in the beginning and 104.6MB in the end (delta: -13.6MB). Peak memory consumption was 24.0MB. Max. memory is 16.1GB. * TraceAbstraction took 20489.76ms. Allocated memory was 132.1MB in the beginning and 195.0MB in the end (delta: 62.9MB). Free memory was 104.6MB in the beginning and 96.8MB in the end (delta: 7.8MB). Peak memory consumption was 112.4MB. Max. memory is 16.1GB. * Witness Printer took 88.68ms. Allocated memory is still 195.0MB. Free memory was 96.8MB in the beginning and 90.5MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 933]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 104 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 20.4s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 11.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 4.3s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2080 SdHoareTripleChecker+Valid, 2.6s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2043 mSDsluCounter, 4848 SdHoareTripleChecker+Invalid, 2.5s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3466 mSDsCounter, 648 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 2262 IncrementalHoareTripleChecker+Invalid, 2910 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 648 mSolverCounterUnsat, 1382 mSDtfsCounter, 2262 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 434 GetRequests, 312 SyntacticMatches, 2 SemanticMatches, 120 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 712 ImplicationChecksByTransitivity, 0.8s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=604occurred in iteration=8, InterpolantAutomatonStates: 113, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.8s AutomataMinimizationTime, 10 MinimizatonAttempts, 221 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 49 LocationsWithAnnotation, 1676 PreInvPairs, 1984 NumberOfFragments, 2010 HoareAnnotationTreeSize, 1676 FomulaSimplifications, 2043 FormulaSimplificationTreeSizeReduction, 0.7s HoareSimplificationTime, 49 FomulaSimplificationsInter, 12334 FormulaSimplificationTreeSizeReductionInter, 3.2s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 2.2s InterpolantComputationTime, 681 NumberOfCodeBlocks, 681 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 771 ConstructedInterpolants, 0 QuantifiedInterpolants, 1501 SizeOfPredicates, 3 NumberOfNonLiveVariables, 494 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 133/159 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 243]: Loop Invariant Derived loop invariant: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (((pumpRunning == 0 && \result == 0) && tmp___0 == 0) && !(tmp == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) - InvariantResult [Line: 153]: Loop Invariant Derived loop invariant: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(waterLevel <= 2)) || 0 == systemActive) - InvariantResult [Line: 398]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || (((1 < tmp && \result <= 2) && tmp <= 2) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 317]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 1031]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && ((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 849]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == 1) && waterLevel == 1) && tmp == 1) && !(0 == systemActive) - InvariantResult [Line: 870]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 940]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && ((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 929]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 1017]: Loop Invariant Derived loop invariant: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) - InvariantResult [Line: 795]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 805]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 856]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 380]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == 1) && waterLevel == 1) && tmp == 1) && !(0 == systemActive) - InvariantResult [Line: 912]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 919]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && \result == 1) && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 281]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive) && tmp == 1 - InvariantResult [Line: 262]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && ((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 318]: Loop Invariant Derived loop invariant: (((((((1 <= pumpRunning && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == 1) && !(0 == systemActive)) || ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || ((((((1 <= pumpRunning && \result == 1) && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive)) - InvariantResult [Line: 388]: Loop Invariant Derived loop invariant: (((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 296]: Loop Invariant Derived loop invariant: (((((((1 <= pumpRunning && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == 1) && !(0 == systemActive)) || ((((((1 <= pumpRunning && \result == 1) && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive))) || (((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive)) - InvariantResult [Line: 976]: Loop Invariant Derived loop invariant: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) - InvariantResult [Line: 905]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 1008]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || (((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) <= 2)) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 162]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 308]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 128]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 187]: Loop Invariant Derived loop invariant: (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 2)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || 0 == systemActive) RESULT: Ultimate proved your program to be correct! [2022-02-20 18:13:16,041 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE