./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product20.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 35987657 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product20.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 61c2d7b2f53adc3803e4e62ab44daa78f4a9bdf9ba37b58d516bb40a6cc23cc6 --- Real Ultimate output --- This is Ultimate 0.2.2-?-3598765 [2022-07-21 05:02:09,140 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-07-21 05:02:09,141 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-07-21 05:02:09,166 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-07-21 05:02:09,166 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-07-21 05:02:09,167 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-07-21 05:02:09,172 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-07-21 05:02:09,175 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-07-21 05:02:09,177 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-07-21 05:02:09,181 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-07-21 05:02:09,182 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-07-21 05:02:09,183 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-07-21 05:02:09,184 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-07-21 05:02:09,185 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-07-21 05:02:09,187 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-07-21 05:02:09,189 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-07-21 05:02:09,190 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-07-21 05:02:09,191 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-07-21 05:02:09,194 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-07-21 05:02:09,199 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-07-21 05:02:09,200 INFO L181 SettingsManager]: Resetting HornVerifier preferences to default values [2022-07-21 05:02:09,201 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-07-21 05:02:09,201 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-07-21 05:02:09,203 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-07-21 05:02:09,204 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-07-21 05:02:09,209 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-07-21 05:02:09,209 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-07-21 05:02:09,210 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-07-21 05:02:09,211 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-07-21 05:02:09,211 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-07-21 05:02:09,212 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-07-21 05:02:09,212 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-07-21 05:02:09,213 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-07-21 05:02:09,214 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-07-21 05:02:09,215 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-07-21 05:02:09,215 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-07-21 05:02:09,216 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-07-21 05:02:09,216 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-07-21 05:02:09,216 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-07-21 05:02:09,216 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-07-21 05:02:09,217 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-07-21 05:02:09,218 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-07-21 05:02:09,222 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-07-21 05:02:09,255 INFO L113 SettingsManager]: Loading preferences was successful [2022-07-21 05:02:09,255 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-07-21 05:02:09,256 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-07-21 05:02:09,256 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-07-21 05:02:09,256 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-07-21 05:02:09,257 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-07-21 05:02:09,257 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-07-21 05:02:09,258 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-07-21 05:02:09,258 INFO L138 SettingsManager]: * Use SBE=true [2022-07-21 05:02:09,258 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-07-21 05:02:09,259 INFO L138 SettingsManager]: * sizeof long=4 [2022-07-21 05:02:09,259 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-07-21 05:02:09,259 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-07-21 05:02:09,259 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-07-21 05:02:09,259 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-07-21 05:02:09,259 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-07-21 05:02:09,260 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-07-21 05:02:09,260 INFO L138 SettingsManager]: * sizeof long double=12 [2022-07-21 05:02:09,260 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-07-21 05:02:09,260 INFO L138 SettingsManager]: * Use constant arrays=true [2022-07-21 05:02:09,260 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-07-21 05:02:09,260 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-07-21 05:02:09,261 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-07-21 05:02:09,261 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-07-21 05:02:09,261 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-21 05:02:09,261 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-07-21 05:02:09,261 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-07-21 05:02:09,261 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-07-21 05:02:09,261 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-07-21 05:02:09,262 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-07-21 05:02:09,262 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-07-21 05:02:09,262 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-07-21 05:02:09,262 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-07-21 05:02:09,262 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 61c2d7b2f53adc3803e4e62ab44daa78f4a9bdf9ba37b58d516bb40a6cc23cc6 [2022-07-21 05:02:09,496 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-07-21 05:02:09,514 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-07-21 05:02:09,516 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-07-21 05:02:09,516 INFO L271 PluginConnector]: Initializing CDTParser... [2022-07-21 05:02:09,517 INFO L275 PluginConnector]: CDTParser initialized [2022-07-21 05:02:09,518 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product20.cil.c [2022-07-21 05:02:09,573 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/fabebf30d/2bb044f4307249f9b8134c1aef9691a5/FLAG3bb5b8ea8 [2022-07-21 05:02:09,974 INFO L306 CDTParser]: Found 1 translation units. [2022-07-21 05:02:09,977 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product20.cil.c [2022-07-21 05:02:09,987 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/fabebf30d/2bb044f4307249f9b8134c1aef9691a5/FLAG3bb5b8ea8 [2022-07-21 05:02:10,002 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/fabebf30d/2bb044f4307249f9b8134c1aef9691a5 [2022-07-21 05:02:10,004 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-07-21 05:02:10,005 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-07-21 05:02:10,007 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-07-21 05:02:10,007 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-07-21 05:02:10,010 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-07-21 05:02:10,010 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,011 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2ea38476 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10, skipping insertion in model container [2022-07-21 05:02:10,011 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,016 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-07-21 05:02:10,056 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-07-21 05:02:10,287 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product20.cil.c[13937,13950] [2022-07-21 05:02:10,316 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-21 05:02:10,324 INFO L203 MainTranslator]: Completed pre-run [2022-07-21 05:02:10,353 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product20.cil.c[13937,13950] [2022-07-21 05:02:10,360 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-21 05:02:10,372 INFO L208 MainTranslator]: Completed translation [2022-07-21 05:02:10,372 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10 WrapperNode [2022-07-21 05:02:10,372 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-07-21 05:02:10,373 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-07-21 05:02:10,373 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-07-21 05:02:10,374 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-07-21 05:02:10,378 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,402 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,431 INFO L137 Inliner]: procedures = 56, calls = 155, calls flagged for inlining = 23, calls inlined = 19, statements flattened = 230 [2022-07-21 05:02:10,432 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-07-21 05:02:10,433 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-07-21 05:02:10,433 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-07-21 05:02:10,434 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-07-21 05:02:10,439 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,439 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,445 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,445 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,454 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,462 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,468 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,469 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-07-21 05:02:10,477 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-07-21 05:02:10,477 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-07-21 05:02:10,477 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-07-21 05:02:10,478 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (1/1) ... [2022-07-21 05:02:10,482 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-21 05:02:10,491 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-21 05:02:10,501 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-07-21 05:02:10,552 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-07-21 05:02:10,581 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-07-21 05:02:10,582 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-07-21 05:02:10,582 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-07-21 05:02:10,582 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-07-21 05:02:10,582 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-07-21 05:02:10,582 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-07-21 05:02:10,582 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-07-21 05:02:10,582 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-07-21 05:02:10,583 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-07-21 05:02:10,583 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-07-21 05:02:10,583 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-07-21 05:02:10,583 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-07-21 05:02:10,583 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-07-21 05:02:10,583 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-07-21 05:02:10,583 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-07-21 05:02:10,584 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-07-21 05:02:10,584 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-07-21 05:02:10,584 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-07-21 05:02:10,644 INFO L234 CfgBuilder]: Building ICFG [2022-07-21 05:02:10,646 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-07-21 05:02:10,927 INFO L275 CfgBuilder]: Performing block encoding [2022-07-21 05:02:10,931 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-07-21 05:02:10,933 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-07-21 05:02:10,935 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.07 05:02:10 BoogieIcfgContainer [2022-07-21 05:02:10,935 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-07-21 05:02:10,938 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-07-21 05:02:10,938 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-07-21 05:02:10,940 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-07-21 05:02:10,941 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 21.07 05:02:10" (1/3) ... [2022-07-21 05:02:10,941 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2b0151f1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 21.07 05:02:10, skipping insertion in model container [2022-07-21 05:02:10,942 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.07 05:02:10" (2/3) ... [2022-07-21 05:02:10,942 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2b0151f1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 21.07 05:02:10, skipping insertion in model container [2022-07-21 05:02:10,942 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.07 05:02:10" (3/3) ... [2022-07-21 05:02:10,944 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product20.cil.c [2022-07-21 05:02:10,954 INFO L201 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-07-21 05:02:10,954 INFO L160 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-07-21 05:02:11,004 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-07-21 05:02:11,011 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@14433fdb, mLbeIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@35376a15 [2022-07-21 05:02:11,012 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-07-21 05:02:11,015 INFO L276 IsEmpty]: Start isEmpty. Operand has 87 states, 66 states have (on average 1.3636363636363635) internal successors, (90), 73 states have internal predecessors, (90), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-07-21 05:02:11,023 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-07-21 05:02:11,024 INFO L187 NwaCegarLoop]: Found error trace [2022-07-21 05:02:11,024 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-21 05:02:11,025 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-21 05:02:11,030 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-21 05:02:11,030 INFO L85 PathProgramCache]: Analyzing trace with hash -1697011403, now seen corresponding path program 1 times [2022-07-21 05:02:11,037 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-21 05:02:11,037 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [618452161] [2022-07-21 05:02:11,038 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-21 05:02:11,038 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-21 05:02:11,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,258 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-07-21 05:02:11,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-21 05:02:11,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,285 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-21 05:02:11,286 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-21 05:02:11,287 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [618452161] [2022-07-21 05:02:11,288 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [618452161] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-21 05:02:11,288 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-21 05:02:11,288 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-07-21 05:02:11,289 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2089377954] [2022-07-21 05:02:11,290 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-21 05:02:11,294 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-07-21 05:02:11,294 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-21 05:02:11,317 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-07-21 05:02:11,318 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-21 05:02:11,320 INFO L87 Difference]: Start difference. First operand has 87 states, 66 states have (on average 1.3636363636363635) internal successors, (90), 73 states have internal predecessors, (90), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-21 05:02:11,356 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-21 05:02:11,357 INFO L93 Difference]: Finished difference Result 165 states and 222 transitions. [2022-07-21 05:02:11,358 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-07-21 05:02:11,359 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-07-21 05:02:11,359 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-21 05:02:11,368 INFO L225 Difference]: With dead ends: 165 [2022-07-21 05:02:11,369 INFO L226 Difference]: Without dead ends: 78 [2022-07-21 05:02:11,372 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-21 05:02:11,375 INFO L413 NwaCegarLoop]: 108 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 108 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-21 05:02:11,376 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 108 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-21 05:02:11,387 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 78 states. [2022-07-21 05:02:11,407 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 78 to 78. [2022-07-21 05:02:11,409 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 78 states, 59 states have (on average 1.2881355932203389) internal successors, (76), 65 states have internal predecessors, (76), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-07-21 05:02:11,412 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 78 states to 78 states and 99 transitions. [2022-07-21 05:02:11,413 INFO L78 Accepts]: Start accepts. Automaton has 78 states and 99 transitions. Word has length 32 [2022-07-21 05:02:11,414 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-21 05:02:11,414 INFO L495 AbstractCegarLoop]: Abstraction has 78 states and 99 transitions. [2022-07-21 05:02:11,414 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-21 05:02:11,415 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 99 transitions. [2022-07-21 05:02:11,418 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-07-21 05:02:11,419 INFO L187 NwaCegarLoop]: Found error trace [2022-07-21 05:02:11,419 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-21 05:02:11,420 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-07-21 05:02:11,420 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-21 05:02:11,421 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-21 05:02:11,421 INFO L85 PathProgramCache]: Analyzing trace with hash -2086467875, now seen corresponding path program 1 times [2022-07-21 05:02:11,421 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-21 05:02:11,421 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1737297438] [2022-07-21 05:02:11,422 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-21 05:02:11,422 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-21 05:02:11,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-07-21 05:02:11,469 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-07-21 05:02:11,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,473 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-21 05:02:11,474 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-21 05:02:11,474 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1737297438] [2022-07-21 05:02:11,474 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1737297438] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-21 05:02:11,474 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-21 05:02:11,474 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-21 05:02:11,475 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [583608432] [2022-07-21 05:02:11,475 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-21 05:02:11,476 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-21 05:02:11,476 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-21 05:02:11,476 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-21 05:02:11,477 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-21 05:02:11,477 INFO L87 Difference]: Start difference. First operand 78 states and 99 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-21 05:02:11,492 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-21 05:02:11,494 INFO L93 Difference]: Finished difference Result 116 states and 146 transitions. [2022-07-21 05:02:11,494 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-21 05:02:11,495 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-07-21 05:02:11,495 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-21 05:02:11,497 INFO L225 Difference]: With dead ends: 116 [2022-07-21 05:02:11,497 INFO L226 Difference]: Without dead ends: 69 [2022-07-21 05:02:11,500 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-21 05:02:11,503 INFO L413 NwaCegarLoop]: 86 mSDtfsCounter, 17 mSDsluCounter, 64 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 150 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-21 05:02:11,504 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 150 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-21 05:02:11,505 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 69 states. [2022-07-21 05:02:11,510 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 69 to 69. [2022-07-21 05:02:11,512 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 69 states, 53 states have (on average 1.3018867924528301) internal successors, (69), 59 states have internal predecessors, (69), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-07-21 05:02:11,515 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 69 states to 69 states and 87 transitions. [2022-07-21 05:02:11,516 INFO L78 Accepts]: Start accepts. Automaton has 69 states and 87 transitions. Word has length 33 [2022-07-21 05:02:11,516 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-21 05:02:11,516 INFO L495 AbstractCegarLoop]: Abstraction has 69 states and 87 transitions. [2022-07-21 05:02:11,517 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-21 05:02:11,517 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 87 transitions. [2022-07-21 05:02:11,519 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-07-21 05:02:11,519 INFO L187 NwaCegarLoop]: Found error trace [2022-07-21 05:02:11,520 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-21 05:02:11,520 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-07-21 05:02:11,520 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-21 05:02:11,520 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-21 05:02:11,521 INFO L85 PathProgramCache]: Analyzing trace with hash -524286602, now seen corresponding path program 1 times [2022-07-21 05:02:11,521 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-21 05:02:11,521 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [730630736] [2022-07-21 05:02:11,521 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-21 05:02:11,522 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-21 05:02:11,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-21 05:02:11,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,606 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-07-21 05:02:11,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,611 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-21 05:02:11,611 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-21 05:02:11,611 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [730630736] [2022-07-21 05:02:11,611 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [730630736] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-21 05:02:11,612 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-21 05:02:11,612 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-21 05:02:11,613 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1653704786] [2022-07-21 05:02:11,613 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-21 05:02:11,613 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-21 05:02:11,614 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-21 05:02:11,614 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-21 05:02:11,614 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-21 05:02:11,615 INFO L87 Difference]: Start difference. First operand 69 states and 87 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-21 05:02:11,657 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-21 05:02:11,660 INFO L93 Difference]: Finished difference Result 189 states and 244 transitions. [2022-07-21 05:02:11,661 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-21 05:02:11,661 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-07-21 05:02:11,662 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-21 05:02:11,663 INFO L225 Difference]: With dead ends: 189 [2022-07-21 05:02:11,663 INFO L226 Difference]: Without dead ends: 128 [2022-07-21 05:02:11,664 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-21 05:02:11,665 INFO L413 NwaCegarLoop]: 108 mSDtfsCounter, 75 mSDsluCounter, 74 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 75 SdHoareTripleChecker+Valid, 182 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-21 05:02:11,665 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [75 Valid, 182 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-21 05:02:11,666 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 128 states. [2022-07-21 05:02:11,676 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 128 to 125. [2022-07-21 05:02:11,676 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 125 states, 94 states have (on average 1.3297872340425532) internal successors, (125), 105 states have internal predecessors, (125), 18 states have call successors, (18), 12 states have call predecessors, (18), 12 states have return successors, (18), 13 states have call predecessors, (18), 18 states have call successors, (18) [2022-07-21 05:02:11,677 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 125 states to 125 states and 161 transitions. [2022-07-21 05:02:11,677 INFO L78 Accepts]: Start accepts. Automaton has 125 states and 161 transitions. Word has length 38 [2022-07-21 05:02:11,677 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-21 05:02:11,677 INFO L495 AbstractCegarLoop]: Abstraction has 125 states and 161 transitions. [2022-07-21 05:02:11,678 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-21 05:02:11,678 INFO L276 IsEmpty]: Start isEmpty. Operand 125 states and 161 transitions. [2022-07-21 05:02:11,679 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-07-21 05:02:11,679 INFO L187 NwaCegarLoop]: Found error trace [2022-07-21 05:02:11,679 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-21 05:02:11,679 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-07-21 05:02:11,679 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-21 05:02:11,680 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-21 05:02:11,683 INFO L85 PathProgramCache]: Analyzing trace with hash -1086926627, now seen corresponding path program 1 times [2022-07-21 05:02:11,684 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-21 05:02:11,684 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [276147535] [2022-07-21 05:02:11,684 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-21 05:02:11,684 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-21 05:02:11,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-07-21 05:02:11,760 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-07-21 05:02:11,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-21 05:02:11,779 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-07-21 05:02:11,779 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-21 05:02:11,779 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [276147535] [2022-07-21 05:02:11,779 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [276147535] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-21 05:02:11,780 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-21 05:02:11,780 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-21 05:02:11,780 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [453384784] [2022-07-21 05:02:11,780 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-21 05:02:11,780 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-21 05:02:11,781 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-21 05:02:11,781 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-21 05:02:11,781 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-21 05:02:11,781 INFO L87 Difference]: Start difference. First operand 125 states and 161 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-21 05:02:11,866 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-21 05:02:11,867 INFO L93 Difference]: Finished difference Result 218 states and 281 transitions. [2022-07-21 05:02:11,867 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-07-21 05:02:11,867 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-07-21 05:02:11,868 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-21 05:02:11,868 INFO L225 Difference]: With dead ends: 218 [2022-07-21 05:02:11,868 INFO L226 Difference]: Without dead ends: 0 [2022-07-21 05:02:11,869 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-07-21 05:02:11,869 INFO L413 NwaCegarLoop]: 59 mSDtfsCounter, 33 mSDsluCounter, 157 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 34 SdHoareTripleChecker+Valid, 216 SdHoareTripleChecker+Invalid, 41 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-21 05:02:11,870 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [34 Valid, 216 Invalid, 41 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-21 05:02:11,870 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-07-21 05:02:11,870 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-07-21 05:02:11,871 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-07-21 05:02:11,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-07-21 05:02:11,871 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 41 [2022-07-21 05:02:11,871 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-21 05:02:11,871 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-07-21 05:02:11,871 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-21 05:02:11,872 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-07-21 05:02:11,872 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-07-21 05:02:11,874 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-07-21 05:02:11,874 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-07-21 05:02:11,876 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-07-21 05:02:12,080 INFO L902 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 854 861) the Hoare annotation is: true [2022-07-21 05:02:12,080 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 854 861) no Hoare annotation was computed. [2022-07-21 05:02:12,080 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 854 861) no Hoare annotation was computed. [2022-07-21 05:02:12,081 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 813 819) no Hoare annotation was computed. [2022-07-21 05:02:12,081 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 813 819) the Hoare annotation is: true [2022-07-21 05:02:12,081 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 449 460) the Hoare annotation is: true [2022-07-21 05:02:12,081 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 449 460) no Hoare annotation was computed. [2022-07-21 05:02:12,081 INFO L899 garLoopResultBuilder]: For program point L453-1(lines 449 460) no Hoare annotation was computed. [2022-07-21 05:02:12,081 INFO L899 garLoopResultBuilder]: For program point L927(lines 927 931) no Hoare annotation was computed. [2022-07-21 05:02:12,081 INFO L895 garLoopResultBuilder]: At program point L543(line 543) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,082 INFO L899 garLoopResultBuilder]: For program point L543-1(line 543) no Hoare annotation was computed. [2022-07-21 05:02:12,082 INFO L899 garLoopResultBuilder]: For program point L927-2(lines 927 931) no Hoare annotation was computed. [2022-07-21 05:02:12,082 INFO L899 garLoopResultBuilder]: For program point L605(line 605) no Hoare annotation was computed. [2022-07-21 05:02:12,082 INFO L895 garLoopResultBuilder]: At program point L498(lines 493 501) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,082 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 786 812) no Hoare annotation was computed. [2022-07-21 05:02:12,082 INFO L899 garLoopResultBuilder]: For program point L800-1(lines 800 806) no Hoare annotation was computed. [2022-07-21 05:02:12,083 INFO L895 garLoopResultBuilder]: At program point L606(lines 601 608) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-07-21 05:02:12,083 INFO L899 garLoopResultBuilder]: For program point L829(lines 829 837) no Hoare annotation was computed. [2022-07-21 05:02:12,083 INFO L895 garLoopResultBuilder]: At program point L507(lines 502 510) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-07-21 05:02:12,083 INFO L899 garLoopResultBuilder]: For program point L825(lines 825 842) no Hoare annotation was computed. [2022-07-21 05:02:12,083 INFO L895 garLoopResultBuilder]: At program point L528(line 528) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,083 INFO L899 garLoopResultBuilder]: For program point L528-1(line 528) no Hoare annotation was computed. [2022-07-21 05:02:12,084 INFO L899 garLoopResultBuilder]: For program point L429(lines 429 433) no Hoare annotation was computed. [2022-07-21 05:02:12,084 INFO L895 garLoopResultBuilder]: At program point L429-2(lines 425 436) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-07-21 05:02:12,084 INFO L895 garLoopResultBuilder]: At program point L933(lines 918 936) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-07-21 05:02:12,084 INFO L899 garLoopResultBuilder]: For program point L545(lines 545 555) no Hoare annotation was computed. [2022-07-21 05:02:12,084 INFO L899 garLoopResultBuilder]: For program point L541(lines 541 558) no Hoare annotation was computed. [2022-07-21 05:02:12,084 INFO L895 garLoopResultBuilder]: At program point L541-1(lines 533 561) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,084 INFO L899 garLoopResultBuilder]: For program point L793(lines 793 799) no Hoare annotation was computed. [2022-07-21 05:02:12,085 INFO L899 garLoopResultBuilder]: For program point L793-2(lines 789 811) no Hoare annotation was computed. [2022-07-21 05:02:12,085 INFO L895 garLoopResultBuilder]: At program point L835(line 835) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-07-21 05:02:12,085 INFO L899 garLoopResultBuilder]: For program point L546(lines 546 552) no Hoare annotation was computed. [2022-07-21 05:02:12,085 INFO L895 garLoopResultBuilder]: At program point L831(line 831) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-07-21 05:02:12,085 INFO L895 garLoopResultBuilder]: At program point L530(lines 523 532) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,085 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 786 812) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,086 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 786 812) no Hoare annotation was computed. [2022-07-21 05:02:12,086 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 605) no Hoare annotation was computed. [2022-07-21 05:02:12,086 INFO L895 garLoopResultBuilder]: At program point L840(line 840) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,086 INFO L895 garLoopResultBuilder]: At program point L840-1(lines 821 845) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-07-21 05:02:12,086 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 612 641) no Hoare annotation was computed. [2022-07-21 05:02:12,086 INFO L902 garLoopResultBuilder]: At program point L637(lines 612 641) the Hoare annotation is: true [2022-07-21 05:02:12,087 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 612 641) the Hoare annotation is: true [2022-07-21 05:02:12,087 INFO L899 garLoopResultBuilder]: For program point L633(line 633) no Hoare annotation was computed. [2022-07-21 05:02:12,087 INFO L899 garLoopResultBuilder]: For program point L626(lines 626 630) no Hoare annotation was computed. [2022-07-21 05:02:12,087 INFO L902 garLoopResultBuilder]: At program point L626-1(lines 626 630) the Hoare annotation is: true [2022-07-21 05:02:12,087 INFO L899 garLoopResultBuilder]: For program point L623(line 623) no Hoare annotation was computed. [2022-07-21 05:02:12,087 INFO L902 garLoopResultBuilder]: At program point L622-2(lines 622 636) the Hoare annotation is: true [2022-07-21 05:02:12,088 INFO L902 garLoopResultBuilder]: At program point L618(line 618) the Hoare annotation is: true [2022-07-21 05:02:12,088 INFO L899 garLoopResultBuilder]: For program point L618-1(line 618) no Hoare annotation was computed. [2022-07-21 05:02:12,088 INFO L895 garLoopResultBuilder]: At program point L671(lines 667 673) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0)) [2022-07-21 05:02:12,088 INFO L899 garLoopResultBuilder]: For program point L696(lines 696 703) no Hoare annotation was computed. [2022-07-21 05:02:12,088 INFO L899 garLoopResultBuilder]: For program point L696-2(lines 696 703) no Hoare annotation was computed. [2022-07-21 05:02:12,088 INFO L902 garLoopResultBuilder]: At program point L775(lines 712 779) the Hoare annotation is: true [2022-07-21 05:02:12,089 INFO L899 garLoopResultBuilder]: For program point L742(lines 742 748) no Hoare annotation was computed. [2022-07-21 05:02:12,089 INFO L895 garLoopResultBuilder]: At program point L581(lines 577 583) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0)) [2022-07-21 05:02:12,089 INFO L899 garLoopResultBuilder]: For program point L742-1(lines 742 748) no Hoare annotation was computed. [2022-07-21 05:02:12,089 INFO L902 garLoopResultBuilder]: At program point L705(lines 686 708) the Hoare annotation is: true [2022-07-21 05:02:12,089 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-07-21 05:02:12,089 INFO L895 garLoopResultBuilder]: At program point L734(line 734) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-07-21 05:02:12,090 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-07-21 05:02:12,090 INFO L895 garLoopResultBuilder]: At program point L957(lines 952 959) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-07-21 05:02:12,090 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-07-21 05:02:12,090 INFO L895 garLoopResultBuilder]: At program point L949(lines 937 951) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-07-21 05:02:12,090 INFO L899 garLoopResultBuilder]: For program point L941(lines 941 947) no Hoare annotation was computed. [2022-07-21 05:02:12,090 INFO L899 garLoopResultBuilder]: For program point L941-1(lines 941 947) no Hoare annotation was computed. [2022-07-21 05:02:12,090 INFO L895 garLoopResultBuilder]: At program point L520(lines 515 522) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0)) [2022-07-21 05:02:12,091 INFO L895 garLoopResultBuilder]: At program point L772(lines 721 773) the Hoare annotation is: false [2022-07-21 05:02:12,091 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-07-21 05:02:12,091 INFO L899 garLoopResultBuilder]: For program point L760(lines 760 766) no Hoare annotation was computed. [2022-07-21 05:02:12,091 INFO L895 garLoopResultBuilder]: At program point L760-2(lines 752 767) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-07-21 05:02:12,091 INFO L899 garLoopResultBuilder]: For program point L723(lines 722 771) no Hoare annotation was computed. [2022-07-21 05:02:12,091 INFO L899 garLoopResultBuilder]: For program point L752(lines 752 767) no Hoare annotation was computed. [2022-07-21 05:02:12,092 INFO L895 garLoopResultBuilder]: At program point L744(line 744) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-07-21 05:02:12,092 INFO L895 garLoopResultBuilder]: At program point L769(lines 722 771) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-07-21 05:02:12,092 INFO L899 garLoopResultBuilder]: For program point L732(lines 732 738) no Hoare annotation was computed. [2022-07-21 05:02:12,092 INFO L899 garLoopResultBuilder]: For program point L732-1(lines 732 738) no Hoare annotation was computed. [2022-07-21 05:02:12,092 INFO L895 garLoopResultBuilder]: At program point L596(lines 591 599) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0)) [2022-07-21 05:02:12,092 INFO L899 garLoopResultBuilder]: For program point L724(lines 724 728) no Hoare annotation was computed. [2022-07-21 05:02:12,093 INFO L895 garLoopResultBuilder]: At program point L943(line 943) the Hoare annotation is: false [2022-07-21 05:02:12,093 INFO L895 garLoopResultBuilder]: At program point L588(lines 584 590) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0)) [2022-07-21 05:02:12,093 INFO L902 garLoopResultBuilder]: At program point L683(lines 675 685) the Hoare annotation is: true [2022-07-21 05:02:12,093 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 437 448) no Hoare annotation was computed. [2022-07-21 05:02:12,093 INFO L899 garLoopResultBuilder]: For program point L441-1(lines 437 448) no Hoare annotation was computed. [2022-07-21 05:02:12,093 INFO L902 garLoopResultBuilder]: At program point waterRiseENTRY(lines 437 448) the Hoare annotation is: true [2022-07-21 05:02:12,094 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 873 881) no Hoare annotation was computed. [2022-07-21 05:02:12,094 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 873 881) the Hoare annotation is: true [2022-07-21 05:02:12,094 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 873 881) no Hoare annotation was computed. [2022-07-21 05:02:12,097 INFO L356 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1] [2022-07-21 05:02:12,098 INFO L176 ceAbstractionStarter]: Computing trace abstraction results [2022-07-21 05:02:12,116 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 21.07 05:02:12 BoogieIcfgContainer [2022-07-21 05:02:12,120 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-07-21 05:02:12,121 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-07-21 05:02:12,121 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-07-21 05:02:12,121 INFO L275 PluginConnector]: Witness Printer initialized [2022-07-21 05:02:12,121 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.07 05:02:10" (3/4) ... [2022-07-21 05:02:12,123 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-07-21 05:02:12,128 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-07-21 05:02:12,128 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-07-21 05:02:12,128 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-07-21 05:02:12,128 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-07-21 05:02:12,128 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-07-21 05:02:12,129 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-07-21 05:02:12,129 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-07-21 05:02:12,135 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 49 nodes and edges [2022-07-21 05:02:12,135 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-07-21 05:02:12,136 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-07-21 05:02:12,136 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-07-21 05:02:12,136 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-07-21 05:02:12,137 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-21 05:02:12,137 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-21 05:02:12,194 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || pumpRunning == 0 [2022-07-21 05:02:12,195 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-07-21 05:02:12,195 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || pumpRunning == 0 [2022-07-21 05:02:12,196 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || pumpRunning == 0 [2022-07-21 05:02:12,201 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-07-21 05:02:12,201 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || pumpRunning == 0 [2022-07-21 05:02:12,210 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-07-21 05:02:12,210 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-07-21 05:02:12,234 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-07-21 05:02:12,234 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-07-21 05:02:12,235 INFO L158 Benchmark]: Toolchain (without parser) took 2230.13ms. Allocated memory was 54.5MB in the beginning and 109.1MB in the end (delta: 54.5MB). Free memory was 29.8MB in the beginning and 87.1MB in the end (delta: -57.3MB). Peak memory consumption was 19.4MB. Max. memory is 16.1GB. [2022-07-21 05:02:12,236 INFO L158 Benchmark]: CDTParser took 0.29ms. Allocated memory is still 54.5MB. Free memory was 35.2MB in the beginning and 35.2MB in the end (delta: 44.0kB). There was no memory consumed. Max. memory is 16.1GB. [2022-07-21 05:02:12,236 INFO L158 Benchmark]: CACSL2BoogieTranslator took 365.56ms. Allocated memory was 54.5MB in the beginning and 77.6MB in the end (delta: 23.1MB). Free memory was 29.6MB in the beginning and 47.2MB in the end (delta: -17.6MB). Peak memory consumption was 9.6MB. Max. memory is 16.1GB. [2022-07-21 05:02:12,236 INFO L158 Benchmark]: Boogie Procedure Inliner took 59.02ms. Allocated memory is still 77.6MB. Free memory was 47.2MB in the beginning and 44.8MB in the end (delta: 2.3MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-07-21 05:02:12,237 INFO L158 Benchmark]: Boogie Preprocessor took 42.90ms. Allocated memory is still 77.6MB. Free memory was 44.8MB in the beginning and 43.2MB in the end (delta: 1.6MB). There was no memory consumed. Max. memory is 16.1GB. [2022-07-21 05:02:12,238 INFO L158 Benchmark]: RCFGBuilder took 458.74ms. Allocated memory is still 77.6MB. Free memory was 43.2MB in the beginning and 48.4MB in the end (delta: -5.2MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-07-21 05:02:12,238 INFO L158 Benchmark]: TraceAbstraction took 1181.91ms. Allocated memory was 77.6MB in the beginning and 109.1MB in the end (delta: 31.5MB). Free memory was 48.0MB in the beginning and 73.1MB in the end (delta: -25.1MB). Peak memory consumption was 16.7MB. Max. memory is 16.1GB. [2022-07-21 05:02:12,239 INFO L158 Benchmark]: Witness Printer took 113.82ms. Allocated memory is still 109.1MB. Free memory was 73.1MB in the beginning and 87.1MB in the end (delta: -14.0MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-07-21 05:02:12,241 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.29ms. Allocated memory is still 54.5MB. Free memory was 35.2MB in the beginning and 35.2MB in the end (delta: 44.0kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 365.56ms. Allocated memory was 54.5MB in the beginning and 77.6MB in the end (delta: 23.1MB). Free memory was 29.6MB in the beginning and 47.2MB in the end (delta: -17.6MB). Peak memory consumption was 9.6MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 59.02ms. Allocated memory is still 77.6MB. Free memory was 47.2MB in the beginning and 44.8MB in the end (delta: 2.3MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 42.90ms. Allocated memory is still 77.6MB. Free memory was 44.8MB in the beginning and 43.2MB in the end (delta: 1.6MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 458.74ms. Allocated memory is still 77.6MB. Free memory was 43.2MB in the beginning and 48.4MB in the end (delta: -5.2MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * TraceAbstraction took 1181.91ms. Allocated memory was 77.6MB in the beginning and 109.1MB in the end (delta: 31.5MB). Free memory was 48.0MB in the beginning and 73.1MB in the end (delta: -25.1MB). Peak memory consumption was 16.7MB. Max. memory is 16.1GB. * Witness Printer took 113.82ms. Allocated memory is still 109.1MB. Free memory was 73.1MB in the beginning and 87.1MB in the end (delta: -14.0MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 605]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 87 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 1.1s, OverallIterations: 4, TraceHistogramMax: 2, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 0.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.2s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 130 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 125 mSDsluCounter, 656 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 295 mSDsCounter, 5 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 42 IncrementalHoareTripleChecker+Invalid, 47 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 5 mSolverCounterUnsat, 361 mSDtfsCounter, 42 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 32 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=125occurred in iteration=3, InterpolantAutomatonStates: 14, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.0s AutomataMinimizationTime, 4 MinimizatonAttempts, 3 StatesRemovedByMinimization, 1 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 40 LocationsWithAnnotation, 213 PreInvPairs, 239 NumberOfFragments, 183 HoareAnnotationTreeSize, 213 FomulaSimplifications, 8 FormulaSimplificationTreeSizeReduction, 0.0s HoareSimplificationTime, 40 FomulaSimplificationsInter, 310 FormulaSimplificationTreeSizeReductionInter, 0.2s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.2s InterpolantComputationTime, 144 NumberOfCodeBlocks, 144 NumberOfCodeBlocksAsserted, 4 NumberOfCheckSat, 140 ConstructedInterpolants, 0 QuantifiedInterpolants, 228 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 4 InterpolantComputations, 4 PerfectInterpolantSequences, 12/12 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 712]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 721]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 686]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 502]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 584]: Loop Invariant Derived loop invariant: pumpRunning == 0 && 1 == systemActive - InvariantResult [Line: 515]: Loop Invariant Derived loop invariant: pumpRunning == 0 && 1 == systemActive - InvariantResult [Line: 918]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 937]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 821]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || pumpRunning == 0 - InvariantResult [Line: 533]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || pumpRunning == 0 - InvariantResult [Line: 675]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 612]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 591]: Loop Invariant Derived loop invariant: pumpRunning == 0 && 1 == systemActive - InvariantResult [Line: 622]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 493]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || pumpRunning == 0 - InvariantResult [Line: 722]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 523]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || pumpRunning == 0 - InvariantResult [Line: 952]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0 - InvariantResult [Line: 577]: Loop Invariant Derived loop invariant: pumpRunning == 0 && 1 == systemActive - InvariantResult [Line: 601]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 667]: Loop Invariant Derived loop invariant: pumpRunning == 0 && 1 == systemActive - InvariantResult [Line: 425]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) RESULT: Ultimate proved your program to be correct! [2022-07-21 05:02:12,284 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE