./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 6c24879c Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash db9cad3d4bb6f197e1ca94da7e6c4fb3038f74aed96fd168a277cfa6f57caad2 --- Real Ultimate output --- This is Ultimate 0.2.2-?-6c24879 [2022-07-12 06:21:14,500 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-07-12 06:21:14,502 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-07-12 06:21:14,520 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-07-12 06:21:14,520 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-07-12 06:21:14,521 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-07-12 06:21:14,522 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-07-12 06:21:14,523 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-07-12 06:21:14,525 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-07-12 06:21:14,525 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-07-12 06:21:14,526 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-07-12 06:21:14,527 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-07-12 06:21:14,527 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-07-12 06:21:14,528 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-07-12 06:21:14,529 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-07-12 06:21:14,530 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-07-12 06:21:14,530 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-07-12 06:21:14,531 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-07-12 06:21:14,532 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-07-12 06:21:14,533 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-07-12 06:21:14,534 INFO L181 SettingsManager]: Resetting HornVerifier preferences to default values [2022-07-12 06:21:14,535 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-07-12 06:21:14,536 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-07-12 06:21:14,537 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-07-12 06:21:14,537 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-07-12 06:21:14,539 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-07-12 06:21:14,540 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-07-12 06:21:14,540 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-07-12 06:21:14,541 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-07-12 06:21:14,541 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-07-12 06:21:14,542 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-07-12 06:21:14,542 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-07-12 06:21:14,543 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-07-12 06:21:14,543 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-07-12 06:21:14,544 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-07-12 06:21:14,545 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-07-12 06:21:14,545 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-07-12 06:21:14,545 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-07-12 06:21:14,546 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-07-12 06:21:14,546 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-07-12 06:21:14,546 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-07-12 06:21:14,547 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-07-12 06:21:14,548 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-07-12 06:21:14,561 INFO L113 SettingsManager]: Loading preferences was successful [2022-07-12 06:21:14,561 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-07-12 06:21:14,562 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-07-12 06:21:14,562 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-07-12 06:21:14,562 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-07-12 06:21:14,563 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-07-12 06:21:14,563 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-07-12 06:21:14,563 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-07-12 06:21:14,564 INFO L138 SettingsManager]: * Use SBE=true [2022-07-12 06:21:14,564 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-07-12 06:21:14,564 INFO L138 SettingsManager]: * sizeof long=4 [2022-07-12 06:21:14,564 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-07-12 06:21:14,564 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-07-12 06:21:14,564 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-07-12 06:21:14,565 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-07-12 06:21:14,565 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-07-12 06:21:14,565 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-07-12 06:21:14,565 INFO L138 SettingsManager]: * sizeof long double=12 [2022-07-12 06:21:14,565 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-07-12 06:21:14,566 INFO L138 SettingsManager]: * Use constant arrays=true [2022-07-12 06:21:14,566 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-07-12 06:21:14,566 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-07-12 06:21:14,566 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-07-12 06:21:14,566 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-07-12 06:21:14,567 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-12 06:21:14,567 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-07-12 06:21:14,567 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-07-12 06:21:14,567 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-07-12 06:21:14,567 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-07-12 06:21:14,568 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-07-12 06:21:14,568 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-07-12 06:21:14,568 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-07-12 06:21:14,568 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-07-12 06:21:14,568 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> db9cad3d4bb6f197e1ca94da7e6c4fb3038f74aed96fd168a277cfa6f57caad2 [2022-07-12 06:21:14,774 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-07-12 06:21:14,795 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-07-12 06:21:14,797 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-07-12 06:21:14,798 INFO L271 PluginConnector]: Initializing CDTParser... [2022-07-12 06:21:14,799 INFO L275 PluginConnector]: CDTParser initialized [2022-07-12 06:21:14,800 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c [2022-07-12 06:21:14,877 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/68f48de28/48e7c1dafeee4e059ac9af95267126c0/FLAG78a201352 [2022-07-12 06:21:15,300 INFO L306 CDTParser]: Found 1 translation units. [2022-07-12 06:21:15,301 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c [2022-07-12 06:21:15,310 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/68f48de28/48e7c1dafeee4e059ac9af95267126c0/FLAG78a201352 [2022-07-12 06:21:15,325 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/68f48de28/48e7c1dafeee4e059ac9af95267126c0 [2022-07-12 06:21:15,327 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-07-12 06:21:15,328 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-07-12 06:21:15,330 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-07-12 06:21:15,330 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-07-12 06:21:15,333 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-07-12 06:21:15,333 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,334 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@52ee8dc3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15, skipping insertion in model container [2022-07-12 06:21:15,334 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,339 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-07-12 06:21:15,383 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-07-12 06:21:15,590 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c[14935,14948] [2022-07-12 06:21:15,613 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-12 06:21:15,624 INFO L203 MainTranslator]: Completed pre-run [2022-07-12 06:21:15,687 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c[14935,14948] [2022-07-12 06:21:15,700 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-12 06:21:15,717 INFO L208 MainTranslator]: Completed translation [2022-07-12 06:21:15,718 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15 WrapperNode [2022-07-12 06:21:15,718 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-07-12 06:21:15,720 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-07-12 06:21:15,720 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-07-12 06:21:15,721 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-07-12 06:21:15,726 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,748 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,772 INFO L137 Inliner]: procedures = 59, calls = 160, calls flagged for inlining = 28, calls inlined = 25, statements flattened = 288 [2022-07-12 06:21:15,773 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-07-12 06:21:15,773 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-07-12 06:21:15,773 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-07-12 06:21:15,773 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-07-12 06:21:15,779 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,779 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,781 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,781 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,785 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,788 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,797 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,799 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-07-12 06:21:15,800 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-07-12 06:21:15,800 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-07-12 06:21:15,800 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-07-12 06:21:15,801 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (1/1) ... [2022-07-12 06:21:15,807 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-12 06:21:15,817 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-12 06:21:15,827 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-07-12 06:21:15,828 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-07-12 06:21:15,852 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-07-12 06:21:15,852 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-07-12 06:21:15,852 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-07-12 06:21:15,852 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-07-12 06:21:15,852 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-07-12 06:21:15,853 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-07-12 06:21:15,853 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-07-12 06:21:15,853 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-07-12 06:21:15,855 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-07-12 06:21:15,856 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-07-12 06:21:15,856 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-07-12 06:21:15,856 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-07-12 06:21:15,856 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-07-12 06:21:15,856 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-07-12 06:21:15,857 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-07-12 06:21:15,857 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-07-12 06:21:15,857 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-07-12 06:21:15,857 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-07-12 06:21:15,924 INFO L234 CfgBuilder]: Building ICFG [2022-07-12 06:21:15,925 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-07-12 06:21:16,129 INFO L275 CfgBuilder]: Performing block encoding [2022-07-12 06:21:16,135 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-07-12 06:21:16,137 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-07-12 06:21:16,138 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 12.07 06:21:16 BoogieIcfgContainer [2022-07-12 06:21:16,138 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-07-12 06:21:16,141 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-07-12 06:21:16,141 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-07-12 06:21:16,144 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-07-12 06:21:16,144 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 12.07 06:21:15" (1/3) ... [2022-07-12 06:21:16,144 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5dad5193 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 12.07 06:21:16, skipping insertion in model container [2022-07-12 06:21:16,145 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 12.07 06:21:15" (2/3) ... [2022-07-12 06:21:16,145 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5dad5193 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 12.07 06:21:16, skipping insertion in model container [2022-07-12 06:21:16,145 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 12.07 06:21:16" (3/3) ... [2022-07-12 06:21:16,146 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product58.cil.c [2022-07-12 06:21:16,168 INFO L201 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-07-12 06:21:16,168 INFO L160 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-07-12 06:21:16,208 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-07-12 06:21:16,215 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@be55f62, mLbeIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@65ead6e3 [2022-07-12 06:21:16,216 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-07-12 06:21:16,223 INFO L276 IsEmpty]: Start isEmpty. Operand has 97 states, 76 states have (on average 1.368421052631579) internal successors, (104), 84 states have internal predecessors, (104), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-07-12 06:21:16,230 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-07-12 06:21:16,230 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:16,231 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:16,231 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:16,234 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:16,243 INFO L85 PathProgramCache]: Analyzing trace with hash -716350399, now seen corresponding path program 1 times [2022-07-12 06:21:16,250 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:16,251 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1912533930] [2022-07-12 06:21:16,251 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:16,251 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:16,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-07-12 06:21:16,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-12 06:21:16,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,486 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:16,487 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:16,487 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1912533930] [2022-07-12 06:21:16,488 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1912533930] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:16,488 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:16,488 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-07-12 06:21:16,489 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [892830975] [2022-07-12 06:21:16,490 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:16,493 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-07-12 06:21:16,494 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:16,511 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-07-12 06:21:16,512 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-12 06:21:16,515 INFO L87 Difference]: Start difference. First operand has 97 states, 76 states have (on average 1.368421052631579) internal successors, (104), 84 states have internal predecessors, (104), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-12 06:21:16,557 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:16,557 INFO L93 Difference]: Finished difference Result 185 states and 250 transitions. [2022-07-12 06:21:16,558 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-07-12 06:21:16,559 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-07-12 06:21:16,559 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:16,567 INFO L225 Difference]: With dead ends: 185 [2022-07-12 06:21:16,568 INFO L226 Difference]: Without dead ends: 88 [2022-07-12 06:21:16,571 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-12 06:21:16,575 INFO L413 NwaCegarLoop]: 122 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 122 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:16,576 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 122 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-12 06:21:16,588 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2022-07-12 06:21:16,613 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 88. [2022-07-12 06:21:16,614 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 69 states have (on average 1.3043478260869565) internal successors, (90), 76 states have internal predecessors, (90), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-07-12 06:21:16,615 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 113 transitions. [2022-07-12 06:21:16,617 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 113 transitions. Word has length 32 [2022-07-12 06:21:16,617 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:16,617 INFO L495 AbstractCegarLoop]: Abstraction has 88 states and 113 transitions. [2022-07-12 06:21:16,618 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-12 06:21:16,618 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 113 transitions. [2022-07-12 06:21:16,619 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-07-12 06:21:16,619 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:16,620 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:16,620 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-07-12 06:21:16,620 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:16,620 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:16,620 INFO L85 PathProgramCache]: Analyzing trace with hash 407802526, now seen corresponding path program 1 times [2022-07-12 06:21:16,621 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:16,621 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [796728472] [2022-07-12 06:21:16,621 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:16,621 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:16,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-07-12 06:21:16,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,708 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-07-12 06:21:16,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,715 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:16,717 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:16,717 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [796728472] [2022-07-12 06:21:16,718 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [796728472] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:16,718 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:16,718 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-12 06:21:16,718 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [618623692] [2022-07-12 06:21:16,718 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:16,719 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-12 06:21:16,719 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:16,720 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-12 06:21:16,720 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-12 06:21:16,720 INFO L87 Difference]: Start difference. First operand 88 states and 113 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-12 06:21:16,738 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:16,738 INFO L93 Difference]: Finished difference Result 140 states and 180 transitions. [2022-07-12 06:21:16,739 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-12 06:21:16,739 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-07-12 06:21:16,739 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:16,740 INFO L225 Difference]: With dead ends: 140 [2022-07-12 06:21:16,740 INFO L226 Difference]: Without dead ends: 79 [2022-07-12 06:21:16,741 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-12 06:21:16,742 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 13 mSDsluCounter, 83 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 183 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:16,742 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [16 Valid, 183 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-12 06:21:16,743 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-07-12 06:21:16,747 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-07-12 06:21:16,747 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 63 states have (on average 1.3174603174603174) internal successors, (83), 70 states have internal predecessors, (83), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-07-12 06:21:16,748 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 101 transitions. [2022-07-12 06:21:16,749 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 101 transitions. Word has length 33 [2022-07-12 06:21:16,749 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:16,749 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 101 transitions. [2022-07-12 06:21:16,749 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-12 06:21:16,749 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-07-12 06:21:16,750 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-07-12 06:21:16,750 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:16,751 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:16,752 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-07-12 06:21:16,752 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:16,752 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:16,753 INFO L85 PathProgramCache]: Analyzing trace with hash -1999351370, now seen corresponding path program 1 times [2022-07-12 06:21:16,753 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:16,753 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [142099201] [2022-07-12 06:21:16,753 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:16,754 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:16,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,813 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-12 06:21:16,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-07-12 06:21:16,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,817 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:16,818 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:16,818 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [142099201] [2022-07-12 06:21:16,818 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [142099201] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:16,818 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:16,818 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-12 06:21:16,818 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [754560026] [2022-07-12 06:21:16,818 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:16,818 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-12 06:21:16,819 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:16,819 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-12 06:21:16,819 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-12 06:21:16,819 INFO L87 Difference]: Start difference. First operand 79 states and 101 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-12 06:21:16,844 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:16,847 INFO L93 Difference]: Finished difference Result 150 states and 195 transitions. [2022-07-12 06:21:16,848 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-12 06:21:16,848 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-07-12 06:21:16,849 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:16,849 INFO L225 Difference]: With dead ends: 150 [2022-07-12 06:21:16,850 INFO L226 Difference]: Without dead ends: 79 [2022-07-12 06:21:16,850 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-12 06:21:16,851 INFO L413 NwaCegarLoop]: 99 mSDtfsCounter, 91 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 91 SdHoareTripleChecker+Valid, 99 SdHoareTripleChecker+Invalid, 2 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:16,852 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [91 Valid, 99 Invalid, 2 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-12 06:21:16,852 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-07-12 06:21:16,858 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-07-12 06:21:16,858 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 70 states have internal predecessors, (82), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-07-12 06:21:16,859 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 100 transitions. [2022-07-12 06:21:16,859 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 100 transitions. Word has length 38 [2022-07-12 06:21:16,860 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:16,860 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 100 transitions. [2022-07-12 06:21:16,860 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-12 06:21:16,860 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 100 transitions. [2022-07-12 06:21:16,861 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 47 [2022-07-12 06:21:16,861 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:16,861 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:16,861 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-07-12 06:21:16,861 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:16,862 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:16,862 INFO L85 PathProgramCache]: Analyzing trace with hash 879947394, now seen corresponding path program 1 times [2022-07-12 06:21:16,862 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:16,862 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [936145562] [2022-07-12 06:21:16,862 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:16,862 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:16,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,905 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-12 06:21:16,906 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-07-12 06:21:16,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:16,918 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:16,918 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:16,918 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [936145562] [2022-07-12 06:21:16,919 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [936145562] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:16,919 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:16,919 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-12 06:21:16,919 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [925828665] [2022-07-12 06:21:16,919 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:16,920 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-12 06:21:16,920 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:16,920 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-12 06:21:16,921 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-12 06:21:16,921 INFO L87 Difference]: Start difference. First operand 79 states and 100 transitions. Second operand has 3 states, 3 states have (on average 13.0) internal successors, (39), 3 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-12 06:21:16,974 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:16,975 INFO L93 Difference]: Finished difference Result 199 states and 258 transitions. [2022-07-12 06:21:16,991 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-12 06:21:16,992 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 13.0) internal successors, (39), 3 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 46 [2022-07-12 06:21:16,992 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:16,993 INFO L225 Difference]: With dead ends: 199 [2022-07-12 06:21:16,993 INFO L226 Difference]: Without dead ends: 128 [2022-07-12 06:21:16,994 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-12 06:21:16,995 INFO L413 NwaCegarLoop]: 108 mSDtfsCounter, 59 mSDsluCounter, 68 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 59 SdHoareTripleChecker+Valid, 176 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:16,995 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [59 Valid, 176 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-12 06:21:16,996 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 128 states. [2022-07-12 06:21:17,016 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 128 to 126. [2022-07-12 06:21:17,017 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 126 states, 99 states have (on average 1.2828282828282829) internal successors, (127), 107 states have internal predecessors, (127), 14 states have call successors, (14), 12 states have call predecessors, (14), 12 states have return successors, (18), 14 states have call predecessors, (18), 14 states have call successors, (18) [2022-07-12 06:21:17,017 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 126 states to 126 states and 159 transitions. [2022-07-12 06:21:17,018 INFO L78 Accepts]: Start accepts. Automaton has 126 states and 159 transitions. Word has length 46 [2022-07-12 06:21:17,018 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:17,018 INFO L495 AbstractCegarLoop]: Abstraction has 126 states and 159 transitions. [2022-07-12 06:21:17,018 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 13.0) internal successors, (39), 3 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-12 06:21:17,018 INFO L276 IsEmpty]: Start isEmpty. Operand 126 states and 159 transitions. [2022-07-12 06:21:17,019 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2022-07-12 06:21:17,019 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:17,019 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:17,019 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-07-12 06:21:17,019 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:17,020 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:17,020 INFO L85 PathProgramCache]: Analyzing trace with hash -2106872253, now seen corresponding path program 1 times [2022-07-12 06:21:17,020 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:17,020 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1005632062] [2022-07-12 06:21:17,020 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:17,020 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:17,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-12 06:21:17,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,126 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-12 06:21:17,155 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-07-12 06:21:17,163 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2022-07-12 06:21:17,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,174 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-07-12 06:21:17,175 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:17,175 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1005632062] [2022-07-12 06:21:17,175 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1005632062] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:17,175 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:17,175 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-07-12 06:21:17,175 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [160238080] [2022-07-12 06:21:17,175 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:17,176 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-07-12 06:21:17,176 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:17,176 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-07-12 06:21:17,176 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-07-12 06:21:17,177 INFO L87 Difference]: Start difference. First operand 126 states and 159 transitions. Second operand has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) [2022-07-12 06:21:17,407 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:17,407 INFO L93 Difference]: Finished difference Result 280 states and 355 transitions. [2022-07-12 06:21:17,407 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-07-12 06:21:17,408 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) Word has length 54 [2022-07-12 06:21:17,408 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:17,409 INFO L225 Difference]: With dead ends: 280 [2022-07-12 06:21:17,409 INFO L226 Difference]: Without dead ends: 162 [2022-07-12 06:21:17,410 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2022-07-12 06:21:17,411 INFO L413 NwaCegarLoop]: 102 mSDtfsCounter, 119 mSDsluCounter, 363 mSDsCounter, 0 mSdLazyCounter, 191 mSolverCounterSat, 32 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 125 SdHoareTripleChecker+Valid, 465 SdHoareTripleChecker+Invalid, 223 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 32 IncrementalHoareTripleChecker+Valid, 191 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:17,411 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [125 Valid, 465 Invalid, 223 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [32 Valid, 191 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-07-12 06:21:17,412 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 162 states. [2022-07-12 06:21:17,420 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 162 to 148. [2022-07-12 06:21:17,421 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 148 states, 116 states have (on average 1.2586206896551724) internal successors, (146), 124 states have internal predecessors, (146), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-07-12 06:21:17,422 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 148 states to 148 states and 185 transitions. [2022-07-12 06:21:17,422 INFO L78 Accepts]: Start accepts. Automaton has 148 states and 185 transitions. Word has length 54 [2022-07-12 06:21:17,422 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:17,422 INFO L495 AbstractCegarLoop]: Abstraction has 148 states and 185 transitions. [2022-07-12 06:21:17,422 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) [2022-07-12 06:21:17,423 INFO L276 IsEmpty]: Start isEmpty. Operand 148 states and 185 transitions. [2022-07-12 06:21:17,423 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-07-12 06:21:17,423 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:17,424 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:17,424 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-07-12 06:21:17,424 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:17,424 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:17,424 INFO L85 PathProgramCache]: Analyzing trace with hash 1055316791, now seen corresponding path program 1 times [2022-07-12 06:21:17,425 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:17,425 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1422668724] [2022-07-12 06:21:17,425 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:17,425 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:17,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-12 06:21:17,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-12 06:21:17,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-07-12 06:21:17,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,488 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:17,488 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:17,488 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1422668724] [2022-07-12 06:21:17,488 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1422668724] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:17,488 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:17,488 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-12 06:21:17,488 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1669456136] [2022-07-12 06:21:17,488 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:17,488 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-12 06:21:17,489 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:17,489 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-12 06:21:17,489 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-12 06:21:17,489 INFO L87 Difference]: Start difference. First operand 148 states and 185 transitions. Second operand has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-12 06:21:17,639 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:17,639 INFO L93 Difference]: Finished difference Result 298 states and 383 transitions. [2022-07-12 06:21:17,640 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-12 06:21:17,640 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-07-12 06:21:17,640 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:17,641 INFO L225 Difference]: With dead ends: 298 [2022-07-12 06:21:17,641 INFO L226 Difference]: Without dead ends: 158 [2022-07-12 06:21:17,642 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-07-12 06:21:17,642 INFO L413 NwaCegarLoop]: 91 mSDtfsCounter, 71 mSDsluCounter, 277 mSDsCounter, 0 mSdLazyCounter, 109 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 74 SdHoareTripleChecker+Valid, 368 SdHoareTripleChecker+Invalid, 130 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 109 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:17,642 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [74 Valid, 368 Invalid, 130 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 109 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-12 06:21:17,643 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 158 states. [2022-07-12 06:21:17,651 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 158 to 151. [2022-07-12 06:21:17,651 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 151 states, 119 states have (on average 1.2521008403361344) internal successors, (149), 127 states have internal predecessors, (149), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-07-12 06:21:17,652 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 151 states to 151 states and 188 transitions. [2022-07-12 06:21:17,652 INFO L78 Accepts]: Start accepts. Automaton has 151 states and 188 transitions. Word has length 56 [2022-07-12 06:21:17,652 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:17,652 INFO L495 AbstractCegarLoop]: Abstraction has 151 states and 188 transitions. [2022-07-12 06:21:17,652 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-12 06:21:17,652 INFO L276 IsEmpty]: Start isEmpty. Operand 151 states and 188 transitions. [2022-07-12 06:21:17,653 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-07-12 06:21:17,653 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:17,653 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:17,653 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-07-12 06:21:17,653 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:17,653 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:17,653 INFO L85 PathProgramCache]: Analyzing trace with hash -750121543, now seen corresponding path program 1 times [2022-07-12 06:21:17,653 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:17,653 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1571079297] [2022-07-12 06:21:17,654 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:17,654 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:17,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-12 06:21:17,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-12 06:21:17,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-07-12 06:21:17,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,733 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:17,733 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:17,733 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1571079297] [2022-07-12 06:21:17,733 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1571079297] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:17,734 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:17,734 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-12 06:21:17,734 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1460445354] [2022-07-12 06:21:17,734 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:17,734 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-12 06:21:17,734 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:17,734 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-12 06:21:17,735 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-12 06:21:17,735 INFO L87 Difference]: Start difference. First operand 151 states and 188 transitions. Second operand has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-12 06:21:17,841 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:17,841 INFO L93 Difference]: Finished difference Result 307 states and 393 transitions. [2022-07-12 06:21:17,841 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-12 06:21:17,841 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 56 [2022-07-12 06:21:17,843 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:17,844 INFO L225 Difference]: With dead ends: 307 [2022-07-12 06:21:17,844 INFO L226 Difference]: Without dead ends: 164 [2022-07-12 06:21:17,845 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=34, Invalid=56, Unknown=0, NotChecked=0, Total=90 [2022-07-12 06:21:17,848 INFO L413 NwaCegarLoop]: 92 mSDtfsCounter, 178 mSDsluCounter, 196 mSDsCounter, 0 mSdLazyCounter, 88 mSolverCounterSat, 41 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 182 SdHoareTripleChecker+Valid, 288 SdHoareTripleChecker+Invalid, 129 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 41 IncrementalHoareTripleChecker+Valid, 88 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:17,848 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [182 Valid, 288 Invalid, 129 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [41 Valid, 88 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-12 06:21:17,849 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 164 states. [2022-07-12 06:21:17,855 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 164 to 153. [2022-07-12 06:21:17,855 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 153 states, 121 states have (on average 1.2479338842975207) internal successors, (151), 129 states have internal predecessors, (151), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-07-12 06:21:17,856 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 153 states to 153 states and 190 transitions. [2022-07-12 06:21:17,856 INFO L78 Accepts]: Start accepts. Automaton has 153 states and 190 transitions. Word has length 56 [2022-07-12 06:21:17,856 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:17,856 INFO L495 AbstractCegarLoop]: Abstraction has 153 states and 190 transitions. [2022-07-12 06:21:17,857 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-12 06:21:17,857 INFO L276 IsEmpty]: Start isEmpty. Operand 153 states and 190 transitions. [2022-07-12 06:21:17,857 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-07-12 06:21:17,857 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:17,857 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:17,857 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-07-12 06:21:17,857 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:17,858 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:17,858 INFO L85 PathProgramCache]: Analyzing trace with hash -609572933, now seen corresponding path program 1 times [2022-07-12 06:21:17,858 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:17,858 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1661173836] [2022-07-12 06:21:17,858 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:17,858 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:17,867 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,895 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-12 06:21:17,897 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-12 06:21:17,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,916 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-07-12 06:21:17,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:17,920 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:17,921 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:17,921 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1661173836] [2022-07-12 06:21:17,921 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1661173836] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:17,921 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:17,921 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-07-12 06:21:17,921 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [509912611] [2022-07-12 06:21:17,921 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:17,923 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-07-12 06:21:17,923 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:17,923 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-07-12 06:21:17,923 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-07-12 06:21:17,924 INFO L87 Difference]: Start difference. First operand 153 states and 190 transitions. Second operand has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-12 06:21:18,097 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:18,097 INFO L93 Difference]: Finished difference Result 430 states and 556 transitions. [2022-07-12 06:21:18,098 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-12 06:21:18,098 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-07-12 06:21:18,098 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:18,102 INFO L225 Difference]: With dead ends: 430 [2022-07-12 06:21:18,103 INFO L226 Difference]: Without dead ends: 285 [2022-07-12 06:21:18,104 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-07-12 06:21:18,106 INFO L413 NwaCegarLoop]: 142 mSDtfsCounter, 213 mSDsluCounter, 172 mSDsCounter, 0 mSdLazyCounter, 144 mSolverCounterSat, 65 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 220 SdHoareTripleChecker+Valid, 314 SdHoareTripleChecker+Invalid, 209 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 65 IncrementalHoareTripleChecker+Valid, 144 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:18,109 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [220 Valid, 314 Invalid, 209 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [65 Valid, 144 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-12 06:21:18,111 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 285 states. [2022-07-12 06:21:18,139 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 285 to 283. [2022-07-12 06:21:18,140 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 283 states, 219 states have (on average 1.2191780821917808) internal successors, (267), 231 states have internal predecessors, (267), 34 states have call successors, (34), 28 states have call predecessors, (34), 29 states have return successors, (53), 34 states have call predecessors, (53), 34 states have call successors, (53) [2022-07-12 06:21:18,142 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 283 states to 283 states and 354 transitions. [2022-07-12 06:21:18,142 INFO L78 Accepts]: Start accepts. Automaton has 283 states and 354 transitions. Word has length 56 [2022-07-12 06:21:18,143 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:18,143 INFO L495 AbstractCegarLoop]: Abstraction has 283 states and 354 transitions. [2022-07-12 06:21:18,143 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-12 06:21:18,143 INFO L276 IsEmpty]: Start isEmpty. Operand 283 states and 354 transitions. [2022-07-12 06:21:18,145 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 61 [2022-07-12 06:21:18,145 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:18,145 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:18,145 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-07-12 06:21:18,146 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:18,146 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:18,146 INFO L85 PathProgramCache]: Analyzing trace with hash 1449050389, now seen corresponding path program 1 times [2022-07-12 06:21:18,146 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:18,146 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [701918324] [2022-07-12 06:21:18,147 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:18,147 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:18,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,235 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-12 06:21:18,237 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,239 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-07-12 06:21:18,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-07-12 06:21:18,251 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-07-12 06:21:18,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,262 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-12 06:21:18,263 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:18,263 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [701918324] [2022-07-12 06:21:18,263 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [701918324] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-12 06:21:18,263 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-12 06:21:18,263 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-07-12 06:21:18,263 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1813068461] [2022-07-12 06:21:18,263 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-12 06:21:18,263 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-07-12 06:21:18,263 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:18,264 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-07-12 06:21:18,264 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2022-07-12 06:21:18,264 INFO L87 Difference]: Start difference. First operand 283 states and 354 transitions. Second operand has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-07-12 06:21:18,862 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:18,863 INFO L93 Difference]: Finished difference Result 770 states and 1011 transitions. [2022-07-12 06:21:18,863 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2022-07-12 06:21:18,864 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 60 [2022-07-12 06:21:18,864 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:18,867 INFO L225 Difference]: With dead ends: 770 [2022-07-12 06:21:18,867 INFO L226 Difference]: Without dead ends: 546 [2022-07-12 06:21:18,869 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 31 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 255 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=250, Invalid=806, Unknown=0, NotChecked=0, Total=1056 [2022-07-12 06:21:18,870 INFO L413 NwaCegarLoop]: 141 mSDtfsCounter, 619 mSDsluCounter, 442 mSDsCounter, 0 mSdLazyCounter, 481 mSolverCounterSat, 210 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 624 SdHoareTripleChecker+Valid, 583 SdHoareTripleChecker+Invalid, 691 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 210 IncrementalHoareTripleChecker+Valid, 481 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:18,870 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [624 Valid, 583 Invalid, 691 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [210 Valid, 481 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-07-12 06:21:18,871 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 546 states. [2022-07-12 06:21:18,894 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 546 to 440. [2022-07-12 06:21:18,895 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 440 states, 342 states have (on average 1.2076023391812865) internal successors, (413), 363 states have internal predecessors, (413), 51 states have call successors, (51), 39 states have call predecessors, (51), 46 states have return successors, (83), 52 states have call predecessors, (83), 51 states have call successors, (83) [2022-07-12 06:21:18,898 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 440 states to 440 states and 547 transitions. [2022-07-12 06:21:18,898 INFO L78 Accepts]: Start accepts. Automaton has 440 states and 547 transitions. Word has length 60 [2022-07-12 06:21:18,898 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:18,898 INFO L495 AbstractCegarLoop]: Abstraction has 440 states and 547 transitions. [2022-07-12 06:21:18,899 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-07-12 06:21:18,899 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 547 transitions. [2022-07-12 06:21:18,900 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-07-12 06:21:18,900 INFO L187 NwaCegarLoop]: Found error trace [2022-07-12 06:21:18,900 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:18,901 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-07-12 06:21:18,901 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-12 06:21:18,901 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-12 06:21:18,901 INFO L85 PathProgramCache]: Analyzing trace with hash -1477759876, now seen corresponding path program 1 times [2022-07-12 06:21:18,901 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-12 06:21:18,902 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1277655389] [2022-07-12 06:21:18,902 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:18,902 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-12 06:21:18,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-12 06:21:18,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-07-12 06:21:18,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-12 06:21:18,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-07-12 06:21:18,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:18,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-07-12 06:21:18,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:19,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-07-12 06:21:19,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:19,010 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-07-12 06:21:19,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:19,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-07-12 06:21:19,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:19,014 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 16 proven. 11 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-07-12 06:21:19,014 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-12 06:21:19,015 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1277655389] [2022-07-12 06:21:19,015 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1277655389] provided 0 perfect and 1 imperfect interpolant sequences [2022-07-12 06:21:19,015 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1603682196] [2022-07-12 06:21:19,015 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-12 06:21:19,015 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-07-12 06:21:19,016 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-12 06:21:19,017 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-07-12 06:21:19,035 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-07-12 06:21:19,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-12 06:21:19,121 INFO L263 TraceCheckSpWp]: Trace formula consists of 494 conjuncts, 8 conjunts are in the unsatisfiable core [2022-07-12 06:21:19,126 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-07-12 06:21:19,310 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 25 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-07-12 06:21:19,310 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-07-12 06:21:19,430 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-07-12 06:21:19,430 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1603682196] provided 0 perfect and 2 imperfect interpolant sequences [2022-07-12 06:21:19,430 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-07-12 06:21:19,430 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-07-12 06:21:19,430 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1254201025] [2022-07-12 06:21:19,431 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-07-12 06:21:19,431 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-07-12 06:21:19,431 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-12 06:21:19,431 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-07-12 06:21:19,431 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-07-12 06:21:19,432 INFO L87 Difference]: Start difference. First operand 440 states and 547 transitions. Second operand has 15 states, 15 states have (on average 8.4) internal successors, (126), 10 states have internal predecessors, (126), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 6 states have call successors, (16) [2022-07-12 06:21:20,155 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-12 06:21:20,156 INFO L93 Difference]: Finished difference Result 925 states and 1176 transitions. [2022-07-12 06:21:20,156 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2022-07-12 06:21:20,156 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 8.4) internal successors, (126), 10 states have internal predecessors, (126), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 6 states have call successors, (16) Word has length 102 [2022-07-12 06:21:20,156 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-12 06:21:20,157 INFO L225 Difference]: With dead ends: 925 [2022-07-12 06:21:20,157 INFO L226 Difference]: Without dead ends: 0 [2022-07-12 06:21:20,159 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 266 GetRequests, 227 SyntacticMatches, 1 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 354 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=356, Invalid=1204, Unknown=0, NotChecked=0, Total=1560 [2022-07-12 06:21:20,160 INFO L413 NwaCegarLoop]: 215 mSDtfsCounter, 450 mSDsluCounter, 1022 mSDsCounter, 0 mSdLazyCounter, 937 mSolverCounterSat, 190 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 455 SdHoareTripleChecker+Valid, 1237 SdHoareTripleChecker+Invalid, 1127 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 190 IncrementalHoareTripleChecker+Valid, 937 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-07-12 06:21:20,160 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [455 Valid, 1237 Invalid, 1127 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [190 Valid, 937 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-07-12 06:21:20,160 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-07-12 06:21:20,160 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-07-12 06:21:20,160 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-07-12 06:21:20,160 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-07-12 06:21:20,160 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 102 [2022-07-12 06:21:20,160 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-12 06:21:20,160 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-07-12 06:21:20,161 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 8.4) internal successors, (126), 10 states have internal predecessors, (126), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 6 states have call successors, (16) [2022-07-12 06:21:20,161 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-07-12 06:21:20,161 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-07-12 06:21:20,162 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-07-12 06:21:20,185 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-07-12 06:21:20,382 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-07-12 06:21:20,384 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-07-12 06:21:23,528 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 790 796) no Hoare annotation was computed. [2022-07-12 06:21:23,528 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 790 796) the Hoare annotation is: true [2022-07-12 06:21:23,528 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 84 95) the Hoare annotation is: true [2022-07-12 06:21:23,528 INFO L899 garLoopResultBuilder]: For program point L88-1(lines 84 95) no Hoare annotation was computed. [2022-07-12 06:21:23,529 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 84 95) no Hoare annotation was computed. [2022-07-12 06:21:23,529 INFO L899 garLoopResultBuilder]: For program point L64(lines 64 68) no Hoare annotation was computed. [2022-07-12 06:21:23,529 INFO L899 garLoopResultBuilder]: For program point L770-2(lines 766 788) no Hoare annotation was computed. [2022-07-12 06:21:23,529 INFO L899 garLoopResultBuilder]: For program point L832(lines 832 840) no Hoare annotation was computed. [2022-07-12 06:21:23,529 INFO L895 garLoopResultBuilder]: At program point L192(line 192) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (= ~pumpRunning~0 0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse3 .cse4))) (or .cse8 (and .cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse5) (or .cse8 .cse0 .cse5 .cse6) (let ((.cse9 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse7 .cse9 .cse4) .cse5 (and .cse2 .cse9 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-12 06:21:23,529 INFO L899 garLoopResultBuilder]: For program point L192-1(line 192) no Hoare annotation was computed. [2022-07-12 06:21:23,529 INFO L895 garLoopResultBuilder]: At program point L64-2(lines 60 71) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-12 06:21:23,530 INFO L899 garLoopResultBuilder]: For program point L828(lines 828 845) no Hoare annotation was computed. [2022-07-12 06:21:23,530 INFO L895 garLoopResultBuilder]: At program point L973(lines 958 976) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-12 06:21:23,530 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 763 789) no Hoare annotation was computed. [2022-07-12 06:21:23,530 INFO L895 garLoopResultBuilder]: At program point L156(lines 151 159) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-12 06:21:23,530 INFO L895 garLoopResultBuilder]: At program point L177(line 177) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-07-12 06:21:23,530 INFO L899 garLoopResultBuilder]: For program point L177-1(line 177) no Hoare annotation was computed. [2022-07-12 06:21:23,530 INFO L899 garLoopResultBuilder]: For program point L685(line 685) no Hoare annotation was computed. [2022-07-12 06:21:23,531 INFO L895 garLoopResultBuilder]: At program point L838(line 838) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-12 06:21:23,531 INFO L899 garLoopResultBuilder]: For program point L194(lines 194 204) no Hoare annotation was computed. [2022-07-12 06:21:23,531 INFO L899 garLoopResultBuilder]: For program point L190(lines 190 207) no Hoare annotation was computed. [2022-07-12 06:21:23,531 INFO L895 garLoopResultBuilder]: At program point L190-1(lines 182 210) the Hoare annotation is: (let ((.cse6 (= 1 ~systemActive~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse3 (not .cse6)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse9 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (<= 2 |old(~waterLevel~0)|)))) (and (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse1 .cse2) .cse3 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse2) .cse4)) (let ((.cse7 (<= ~waterLevel~0 2))) (or .cse3 .cse5 (and .cse1 .cse6 .cse7 .cse8) .cse4 (and .cse9 .cse7 .cse8) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (or .cse0 .cse3 (and (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1|) (<= |timeShift_getWaterLevel_#res#1| 2) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|)) .cse4 .cse10) (let ((.cse11 (= ~waterLevel~0 1))) (or (and .cse1 .cse6 .cse11 .cse8) .cse3 .cse5 (and .cse9 .cse11 .cse8) .cse4 .cse10))))) [2022-07-12 06:21:23,531 INFO L895 garLoopResultBuilder]: At program point L880(lines 875 882) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= ~pumpRunning~0 0)) (.cse3 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (and .cse2 (<= ~waterLevel~0 2) .cse3) .cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse4 (not (<= 2 |old(~waterLevel~0)|)) (and .cse2 (= ~waterLevel~0 1) .cse3)) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse4))) [2022-07-12 06:21:23,531 INFO L895 garLoopResultBuilder]: At program point L686(lines 681 688) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2))) [2022-07-12 06:21:23,532 INFO L895 garLoopResultBuilder]: At program point L843(line 843) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse1) (or .cse0 .cse2 .cse1 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse2 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-07-12 06:21:23,532 INFO L895 garLoopResultBuilder]: At program point L843-1(lines 824 848) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= ~pumpRunning~0 0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 (not (<= 2 |old(~waterLevel~0)|)) (and .cse6 .cse3 .cse4))) (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse6 .cse7) .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse7) .cse5)) (let ((.cse8 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse6 .cse8 .cse4) .cse5 (and .cse2 .cse8 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-12 06:21:23,532 INFO L899 garLoopResultBuilder]: For program point L777-1(lines 777 783) no Hoare annotation was computed. [2022-07-12 06:21:23,532 INFO L899 garLoopResultBuilder]: For program point L967(lines 967 971) no Hoare annotation was computed. [2022-07-12 06:21:23,532 INFO L899 garLoopResultBuilder]: For program point L967-2(lines 967 971) no Hoare annotation was computed. [2022-07-12 06:21:23,532 INFO L895 garLoopResultBuilder]: At program point L133(lines 128 136) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (= ~pumpRunning~0 0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse3 .cse4))) (let ((.cse9 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse8 (and .cse7 .cse9) .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse9) .cse5)) (or .cse8 .cse0 .cse5 (and (<= |timeShift_getWaterLevel_#res#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|)) .cse6) (let ((.cse10 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse7 .cse10 .cse4) .cse5 (and .cse2 .cse10 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-12 06:21:23,532 INFO L899 garLoopResultBuilder]: For program point L195(lines 195 201) no Hoare annotation was computed. [2022-07-12 06:21:23,533 INFO L895 garLoopResultBuilder]: At program point L179(lines 172 181) the Hoare annotation is: (let ((.cse0 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse0) .cse1 .cse2) (or .cse3 .cse1 .cse4 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse1 .cse4 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-12 06:21:23,533 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 763 789) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-07-12 06:21:23,533 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 763 789) no Hoare annotation was computed. [2022-07-12 06:21:23,533 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 685) no Hoare annotation was computed. [2022-07-12 06:21:23,533 INFO L899 garLoopResultBuilder]: For program point L770(lines 770 776) no Hoare annotation was computed. [2022-07-12 06:21:23,533 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 580 609) no Hoare annotation was computed. [2022-07-12 06:21:23,533 INFO L902 garLoopResultBuilder]: At program point L605(lines 580 609) the Hoare annotation is: true [2022-07-12 06:21:23,533 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 580 609) the Hoare annotation is: true [2022-07-12 06:21:23,534 INFO L899 garLoopResultBuilder]: For program point L601(line 601) no Hoare annotation was computed. [2022-07-12 06:21:23,534 INFO L899 garLoopResultBuilder]: For program point L594(lines 594 598) no Hoare annotation was computed. [2022-07-12 06:21:23,534 INFO L902 garLoopResultBuilder]: At program point L594-1(lines 594 598) the Hoare annotation is: true [2022-07-12 06:21:23,534 INFO L899 garLoopResultBuilder]: For program point L591(line 591) no Hoare annotation was computed. [2022-07-12 06:21:23,534 INFO L902 garLoopResultBuilder]: At program point L590-2(lines 590 604) the Hoare annotation is: true [2022-07-12 06:21:23,534 INFO L902 garLoopResultBuilder]: At program point L586(line 586) the Hoare annotation is: true [2022-07-12 06:21:23,534 INFO L899 garLoopResultBuilder]: For program point L586-1(line 586) no Hoare annotation was computed. [2022-07-12 06:21:23,534 INFO L899 garLoopResultBuilder]: For program point L667(lines 667 674) no Hoare annotation was computed. [2022-07-12 06:21:23,534 INFO L899 garLoopResultBuilder]: For program point L667-2(lines 667 674) no Hoare annotation was computed. [2022-07-12 06:21:23,535 INFO L899 garLoopResultBuilder]: For program point L721(lines 721 727) no Hoare annotation was computed. [2022-07-12 06:21:23,535 INFO L899 garLoopResultBuilder]: For program point L721-1(lines 721 727) no Hoare annotation was computed. [2022-07-12 06:21:23,535 INFO L902 garLoopResultBuilder]: At program point L651(lines 643 653) the Hoare annotation is: true [2022-07-12 06:21:23,535 INFO L895 garLoopResultBuilder]: At program point L746(lines 701 748) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-12 06:21:23,535 INFO L895 garLoopResultBuilder]: At program point L713(line 713) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-12 06:21:23,535 INFO L902 garLoopResultBuilder]: At program point L676(lines 657 679) the Hoare annotation is: true [2022-07-12 06:21:23,535 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-07-12 06:21:23,535 INFO L895 garLoopResultBuilder]: At program point L639(lines 635 641) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-12 06:21:23,535 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-07-12 06:21:23,536 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-07-12 06:21:23,536 INFO L895 garLoopResultBuilder]: At program point L982(lines 977 984) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-12 06:21:23,536 INFO L895 garLoopResultBuilder]: At program point L169(lines 164 171) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-12 06:21:23,536 INFO L899 garLoopResultBuilder]: For program point L739(lines 739 743) no Hoare annotation was computed. [2022-07-12 06:21:23,536 INFO L895 garLoopResultBuilder]: At program point L739-2(lines 731 744) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-12 06:21:23,536 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-07-12 06:21:23,536 INFO L899 garLoopResultBuilder]: For program point L702(lines 701 748) no Hoare annotation was computed. [2022-07-12 06:21:23,536 INFO L899 garLoopResultBuilder]: For program point L731(lines 731 744) no Hoare annotation was computed. [2022-07-12 06:21:23,536 INFO L895 garLoopResultBuilder]: At program point L1016(lines 1011 1019) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-12 06:21:23,536 INFO L895 garLoopResultBuilder]: At program point L723(line 723) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-12 06:21:23,536 INFO L895 garLoopResultBuilder]: At program point L1008(lines 1004 1010) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-12 06:21:23,537 INFO L902 garLoopResultBuilder]: At program point L752(lines 691 756) the Hoare annotation is: true [2022-07-12 06:21:23,537 INFO L899 garLoopResultBuilder]: For program point L711(lines 711 717) no Hoare annotation was computed. [2022-07-12 06:21:23,537 INFO L899 garLoopResultBuilder]: For program point L711-1(lines 711 717) no Hoare annotation was computed. [2022-07-12 06:21:23,537 INFO L899 garLoopResultBuilder]: For program point L703(lines 703 707) no Hoare annotation was computed. [2022-07-12 06:21:23,537 INFO L895 garLoopResultBuilder]: At program point L749(lines 700 750) the Hoare annotation is: false [2022-07-12 06:21:23,537 INFO L895 garLoopResultBuilder]: At program point L1001(lines 997 1003) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-12 06:21:23,537 INFO L899 garLoopResultBuilder]: For program point L865(lines 865 871) no Hoare annotation was computed. [2022-07-12 06:21:23,537 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 798 822) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 .cse1))) [2022-07-12 06:21:23,537 INFO L895 garLoopResultBuilder]: At program point L865-2(lines 858 874) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2)))) (and (let ((.cse0 (<= 2 ~waterLevel~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) .cse0) .cse1 .cse2 (and (= ~pumpRunning~0 0) .cse0))) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-12 06:21:23,537 INFO L895 garLoopResultBuilder]: At program point L954(lines 939 957) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2)))) (and (let ((.cse0 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse0 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~9#1| 0))) .cse1 .cse2 (and .cse0 (<= 2 ~waterLevel~0)))) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-12 06:21:23,537 INFO L895 garLoopResultBuilder]: At program point L890(lines 883 893) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0))))) [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point L948(lines 948 952) no Hoare annotation was computed. [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point L948-2(lines 948 952) no Hoare annotation was computed. [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point L141(lines 141 147) no Hoare annotation was computed. [2022-07-12 06:21:23,538 INFO L895 garLoopResultBuilder]: At program point L812(line 812) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~6#1| 0)) (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point L806(lines 806 814) no Hoare annotation was computed. [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point L802(lines 802 819) no Hoare annotation was computed. [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 798 822) no Hoare annotation was computed. [2022-07-12 06:21:23,538 INFO L895 garLoopResultBuilder]: At program point L854(lines 849 856) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0)) .cse0 .cse1))) [2022-07-12 06:21:23,538 INFO L895 garLoopResultBuilder]: At program point L146(lines 137 150) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2)))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))) .cse2 (and .cse1 (<= 2 ~waterLevel~0)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-12 06:21:23,538 INFO L895 garLoopResultBuilder]: At program point L817(line 817) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point L817-1(lines 798 822) no Hoare annotation was computed. [2022-07-12 06:21:23,538 INFO L895 garLoopResultBuilder]: At program point L101(lines 96 104) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0))))) [2022-07-12 06:21:23,538 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 72 83) no Hoare annotation was computed. [2022-07-12 06:21:23,539 INFO L899 garLoopResultBuilder]: For program point L76-1(lines 72 83) no Hoare annotation was computed. [2022-07-12 06:21:23,539 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 72 83) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or (not (= ~pumpRunning~0 0)) .cse0 .cse2 .cse3))) [2022-07-12 06:21:23,539 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 894 902) no Hoare annotation was computed. [2022-07-12 06:21:23,539 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 894 902) the Hoare annotation is: true [2022-07-12 06:21:23,539 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 894 902) no Hoare annotation was computed. [2022-07-12 06:21:23,541 INFO L356 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-12 06:21:23,543 INFO L176 ceAbstractionStarter]: Computing trace abstraction results [2022-07-12 06:21:23,570 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 12.07 06:21:23 BoogieIcfgContainer [2022-07-12 06:21:23,570 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-07-12 06:21:23,571 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-07-12 06:21:23,571 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-07-12 06:21:23,571 INFO L275 PluginConnector]: Witness Printer initialized [2022-07-12 06:21:23,572 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 12.07 06:21:16" (3/4) ... [2022-07-12 06:21:23,573 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-07-12 06:21:23,578 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-07-12 06:21:23,578 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-07-12 06:21:23,578 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-07-12 06:21:23,578 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-07-12 06:21:23,578 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-07-12 06:21:23,579 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-07-12 06:21:23,579 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-07-12 06:21:23,584 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 54 nodes and edges [2022-07-12 06:21:23,584 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-07-12 06:21:23,585 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-07-12 06:21:23,585 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-07-12 06:21:23,585 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-07-12 06:21:23,586 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-12 06:21:23,586 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-12 06:21:23,602 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-12 06:21:23,602 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-12 06:21:23,603 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((pumpRunning == 0 && 1 == systemActive) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((1 < tmp && \result <= 2) && tmp <= 2) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-12 06:21:23,603 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-12 06:21:23,603 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-07-12 06:21:23,603 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-12 06:21:23,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-12 06:21:23,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) [2022-07-12 06:21:23,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-12 06:21:23,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (((pumpRunning == 0 && tmp___0 == 0) && \result == 0) && !(tmp == 0))) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) [2022-07-12 06:21:23,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-07-12 06:21:23,605 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) [2022-07-12 06:21:23,605 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) [2022-07-12 06:21:23,605 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) [2022-07-12 06:21:23,605 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) [2022-07-12 06:21:23,644 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-07-12 06:21:23,644 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-07-12 06:21:23,645 INFO L158 Benchmark]: Toolchain (without parser) took 8316.25ms. Allocated memory was 94.4MB in the beginning and 163.6MB in the end (delta: 69.2MB). Free memory was 60.8MB in the beginning and 91.2MB in the end (delta: -30.4MB). Peak memory consumption was 37.9MB. Max. memory is 16.1GB. [2022-07-12 06:21:23,645 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 94.4MB. Free memory is still 49.5MB. There was no memory consumed. Max. memory is 16.1GB. [2022-07-12 06:21:23,645 INFO L158 Benchmark]: CACSL2BoogieTranslator took 388.11ms. Allocated memory is still 94.4MB. Free memory was 60.6MB in the beginning and 60.8MB in the end (delta: -223.3kB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-07-12 06:21:23,645 INFO L158 Benchmark]: Boogie Procedure Inliner took 52.53ms. Allocated memory is still 94.4MB. Free memory was 60.8MB in the beginning and 58.4MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-12 06:21:23,645 INFO L158 Benchmark]: Boogie Preprocessor took 26.13ms. Allocated memory is still 94.4MB. Free memory was 58.4MB in the beginning and 56.6MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-12 06:21:23,646 INFO L158 Benchmark]: RCFGBuilder took 338.71ms. Allocated memory is still 94.4MB. Free memory was 56.6MB in the beginning and 39.4MB in the end (delta: 17.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2022-07-12 06:21:23,646 INFO L158 Benchmark]: TraceAbstraction took 7429.84ms. Allocated memory was 94.4MB in the beginning and 163.6MB in the end (delta: 69.2MB). Free memory was 39.1MB in the beginning and 96.4MB in the end (delta: -57.3MB). Peak memory consumption was 67.2MB. Max. memory is 16.1GB. [2022-07-12 06:21:23,646 INFO L158 Benchmark]: Witness Printer took 73.34ms. Allocated memory is still 163.6MB. Free memory was 96.4MB in the beginning and 91.2MB in the end (delta: 5.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-07-12 06:21:23,647 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 94.4MB. Free memory is still 49.5MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 388.11ms. Allocated memory is still 94.4MB. Free memory was 60.6MB in the beginning and 60.8MB in the end (delta: -223.3kB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 52.53ms. Allocated memory is still 94.4MB. Free memory was 60.8MB in the beginning and 58.4MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 26.13ms. Allocated memory is still 94.4MB. Free memory was 58.4MB in the beginning and 56.6MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 338.71ms. Allocated memory is still 94.4MB. Free memory was 56.6MB in the beginning and 39.4MB in the end (delta: 17.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 7429.84ms. Allocated memory was 94.4MB in the beginning and 163.6MB in the end (delta: 69.2MB). Free memory was 39.1MB in the beginning and 96.4MB in the end (delta: -57.3MB). Peak memory consumption was 67.2MB. Max. memory is 16.1GB. * Witness Printer took 73.34ms. Allocated memory is still 163.6MB. Free memory was 96.4MB in the beginning and 91.2MB in the end (delta: 5.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 685]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 97 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 7.3s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.2s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 3.1s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1846 SdHoareTripleChecker+Valid, 1.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1813 mSDsluCounter, 3835 SdHoareTripleChecker+Invalid, 1.0s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2623 mSDsCounter, 566 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1961 IncrementalHoareTripleChecker+Invalid, 2527 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 566 mSolverCounterUnsat, 1212 mSDtfsCounter, 1961 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 408 GetRequests, 300 SyntacticMatches, 2 SemanticMatches, 106 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 640 ImplicationChecksByTransitivity, 0.8s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=440occurred in iteration=9, InterpolantAutomatonStates: 101, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 10 MinimizatonAttempts, 142 StatesRemovedByMinimization, 6 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 46 LocationsWithAnnotation, 1015 PreInvPairs, 1233 NumberOfFragments, 1876 HoareAnnotationTreeSize, 1015 FomulaSimplifications, 752 FormulaSimplificationTreeSizeReduction, 0.2s HoareSimplificationTime, 46 FomulaSimplificationsInter, 9420 FormulaSimplificationTreeSizeReductionInter, 2.9s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.0s InterpolantComputationTime, 635 NumberOfCodeBlocks, 635 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 725 ConstructedInterpolants, 0 QuantifiedInterpolants, 1477 SizeOfPredicates, 3 NumberOfNonLiveVariables, 494 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 101/129 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 635]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 875]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 700]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 691]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 977]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 128]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 172]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 96]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) - InvariantResult [Line: 824]: Loop Invariant Derived loop invariant: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 590]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 1011]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 939]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (((pumpRunning == 0 && tmp___0 == 0) && \result == 0) && !(tmp == 0))) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 681]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 643]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 701]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 580]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 958]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 182]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((pumpRunning == 0 && 1 == systemActive) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((1 < tmp && \result <= 2) && tmp <= 2) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 883]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) - InvariantResult [Line: 60]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 164]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 858]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 1004]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 151]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 137]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 849]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) - InvariantResult [Line: 997]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 657]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-07-12 06:21:23,684 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE