./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version eb692b52 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash f18c518732faf536b365bed3360055c2f4eb753a861011ef1bbe74f5b721db8d --- Real Ultimate output --- This is Ultimate 0.2.2-?-eb692b5 [2022-07-19 17:25:57,734 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-07-19 17:25:57,737 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-07-19 17:25:57,769 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-07-19 17:25:57,770 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-07-19 17:25:57,771 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-07-19 17:25:57,772 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-07-19 17:25:57,774 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-07-19 17:25:57,775 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-07-19 17:25:57,776 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-07-19 17:25:57,777 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-07-19 17:25:57,778 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-07-19 17:25:57,779 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-07-19 17:25:57,780 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-07-19 17:25:57,781 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-07-19 17:25:57,782 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-07-19 17:25:57,783 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-07-19 17:25:57,783 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-07-19 17:25:57,785 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-07-19 17:25:57,787 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-07-19 17:25:57,788 INFO L181 SettingsManager]: Resetting HornVerifier preferences to default values [2022-07-19 17:25:57,789 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-07-19 17:25:57,790 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-07-19 17:25:57,791 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-07-19 17:25:57,792 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-07-19 17:25:57,795 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-07-19 17:25:57,796 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-07-19 17:25:57,796 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-07-19 17:25:57,797 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-07-19 17:25:57,798 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-07-19 17:25:57,799 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-07-19 17:25:57,799 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-07-19 17:25:57,800 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-07-19 17:25:57,801 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-07-19 17:25:57,802 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-07-19 17:25:57,803 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-07-19 17:25:57,805 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-07-19 17:25:57,806 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-07-19 17:25:57,806 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-07-19 17:25:57,806 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-07-19 17:25:57,807 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-07-19 17:25:57,808 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-07-19 17:25:57,810 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-07-19 17:25:57,837 INFO L113 SettingsManager]: Loading preferences was successful [2022-07-19 17:25:57,838 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-07-19 17:25:57,838 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-07-19 17:25:57,838 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-07-19 17:25:57,839 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-07-19 17:25:57,839 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-07-19 17:25:57,840 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-07-19 17:25:57,840 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-07-19 17:25:57,840 INFO L138 SettingsManager]: * Use SBE=true [2022-07-19 17:25:57,841 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-07-19 17:25:57,841 INFO L138 SettingsManager]: * sizeof long=4 [2022-07-19 17:25:57,841 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-07-19 17:25:57,841 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-07-19 17:25:57,842 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-07-19 17:25:57,842 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-07-19 17:25:57,842 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-07-19 17:25:57,842 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-07-19 17:25:57,842 INFO L138 SettingsManager]: * sizeof long double=12 [2022-07-19 17:25:57,843 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-07-19 17:25:57,843 INFO L138 SettingsManager]: * Use constant arrays=true [2022-07-19 17:25:57,844 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-07-19 17:25:57,844 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-07-19 17:25:57,844 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-07-19 17:25:57,845 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-07-19 17:25:57,845 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-19 17:25:57,845 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-07-19 17:25:57,845 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-07-19 17:25:57,845 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-07-19 17:25:57,846 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-07-19 17:25:57,846 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-07-19 17:25:57,846 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-07-19 17:25:57,846 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-07-19 17:25:57,846 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-07-19 17:25:57,847 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> f18c518732faf536b365bed3360055c2f4eb753a861011ef1bbe74f5b721db8d [2022-07-19 17:25:58,085 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-07-19 17:25:58,106 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-07-19 17:25:58,109 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-07-19 17:25:58,110 INFO L271 PluginConnector]: Initializing CDTParser... [2022-07-19 17:25:58,110 INFO L275 PluginConnector]: CDTParser initialized [2022-07-19 17:25:58,111 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c [2022-07-19 17:25:58,184 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9ffdea7b2/ffedbe22f637472eb2090f98e666f06e/FLAGf0f97771f [2022-07-19 17:25:58,624 INFO L306 CDTParser]: Found 1 translation units. [2022-07-19 17:25:58,625 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c [2022-07-19 17:25:58,635 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9ffdea7b2/ffedbe22f637472eb2090f98e666f06e/FLAGf0f97771f [2022-07-19 17:25:58,645 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9ffdea7b2/ffedbe22f637472eb2090f98e666f06e [2022-07-19 17:25:58,647 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-07-19 17:25:58,648 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-07-19 17:25:58,652 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-07-19 17:25:58,652 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-07-19 17:25:58,655 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-07-19 17:25:58,655 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 19.07 05:25:58" (1/1) ... [2022-07-19 17:25:58,656 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@13d2d437 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:58, skipping insertion in model container [2022-07-19 17:25:58,656 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 19.07 05:25:58" (1/1) ... [2022-07-19 17:25:58,663 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-07-19 17:25:58,703 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-07-19 17:25:59,047 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c[18005,18018] [2022-07-19 17:25:59,052 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-19 17:25:59,061 INFO L203 MainTranslator]: Completed pre-run [2022-07-19 17:25:59,129 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c[18005,18018] [2022-07-19 17:25:59,131 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-19 17:25:59,151 INFO L208 MainTranslator]: Completed translation [2022-07-19 17:25:59,151 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59 WrapperNode [2022-07-19 17:25:59,152 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-07-19 17:25:59,153 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-07-19 17:25:59,153 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-07-19 17:25:59,153 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-07-19 17:25:59,159 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,173 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,202 INFO L137 Inliner]: procedures = 57, calls = 157, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 261 [2022-07-19 17:25:59,208 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-07-19 17:25:59,209 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-07-19 17:25:59,209 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-07-19 17:25:59,209 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-07-19 17:25:59,216 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,217 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,227 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,227 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,236 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,240 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,244 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,246 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-07-19 17:25:59,249 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-07-19 17:25:59,249 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-07-19 17:25:59,249 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-07-19 17:25:59,250 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (1/1) ... [2022-07-19 17:25:59,259 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-19 17:25:59,270 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-19 17:25:59,282 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-07-19 17:25:59,291 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-07-19 17:25:59,318 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-07-19 17:25:59,319 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-07-19 17:25:59,319 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-07-19 17:25:59,319 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-07-19 17:25:59,319 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-07-19 17:25:59,319 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-07-19 17:25:59,319 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-07-19 17:25:59,320 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-07-19 17:25:59,320 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-07-19 17:25:59,320 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-07-19 17:25:59,320 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-07-19 17:25:59,320 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-07-19 17:25:59,320 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-07-19 17:25:59,321 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-07-19 17:25:59,321 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-07-19 17:25:59,321 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-07-19 17:25:59,378 INFO L234 CfgBuilder]: Building ICFG [2022-07-19 17:25:59,380 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-07-19 17:25:59,649 INFO L275 CfgBuilder]: Performing block encoding [2022-07-19 17:25:59,657 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-07-19 17:25:59,661 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-07-19 17:25:59,663 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.07 05:25:59 BoogieIcfgContainer [2022-07-19 17:25:59,664 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-07-19 17:25:59,665 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-07-19 17:25:59,666 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-07-19 17:25:59,669 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-07-19 17:25:59,669 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 19.07 05:25:58" (1/3) ... [2022-07-19 17:25:59,669 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@64d55127 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 19.07 05:25:59, skipping insertion in model container [2022-07-19 17:25:59,670 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.07 05:25:59" (2/3) ... [2022-07-19 17:25:59,670 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@64d55127 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 19.07 05:25:59, skipping insertion in model container [2022-07-19 17:25:59,670 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.07 05:25:59" (3/3) ... [2022-07-19 17:25:59,671 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product44.cil.c [2022-07-19 17:25:59,680 INFO L201 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-07-19 17:25:59,680 INFO L160 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-07-19 17:25:59,726 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-07-19 17:25:59,731 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@2c7ee3b8, mLbeIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@6b16952f [2022-07-19 17:25:59,731 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-07-19 17:25:59,734 INFO L276 IsEmpty]: Start isEmpty. Operand has 89 states, 71 states have (on average 1.3661971830985915) internal successors, (97), 77 states have internal predecessors, (97), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2022-07-19 17:25:59,742 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-07-19 17:25:59,742 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:25:59,742 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:25:59,743 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:25:59,746 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:25:59,747 INFO L85 PathProgramCache]: Analyzing trace with hash -1684151890, now seen corresponding path program 1 times [2022-07-19 17:25:59,753 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:25:59,754 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1172029029] [2022-07-19 17:25:59,754 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:25:59,754 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:25:59,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:25:59,909 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-07-19 17:25:59,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:25:59,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-19 17:25:59,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:25:59,927 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-19 17:25:59,927 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:25:59,927 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1172029029] [2022-07-19 17:25:59,928 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1172029029] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:25:59,928 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:25:59,928 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-07-19 17:25:59,930 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1128953924] [2022-07-19 17:25:59,930 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:25:59,934 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-07-19 17:25:59,934 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:25:59,955 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-07-19 17:25:59,956 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-19 17:25:59,958 INFO L87 Difference]: Start difference. First operand has 89 states, 71 states have (on average 1.3661971830985915) internal successors, (97), 77 states have internal predecessors, (97), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-19 17:25:59,985 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:25:59,985 INFO L93 Difference]: Finished difference Result 169 states and 228 transitions. [2022-07-19 17:25:59,988 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-07-19 17:25:59,990 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-07-19 17:25:59,990 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:25:59,998 INFO L225 Difference]: With dead ends: 169 [2022-07-19 17:25:59,999 INFO L226 Difference]: Without dead ends: 80 [2022-07-19 17:26:00,004 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-19 17:26:00,009 INFO L413 NwaCegarLoop]: 111 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 111 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:00,010 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 111 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-19 17:26:00,024 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2022-07-19 17:26:00,041 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 80. [2022-07-19 17:26:00,042 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 80 states, 64 states have (on average 1.296875) internal successors, (83), 69 states have internal predecessors, (83), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-07-19 17:26:00,044 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 80 states to 80 states and 102 transitions. [2022-07-19 17:26:00,045 INFO L78 Accepts]: Start accepts. Automaton has 80 states and 102 transitions. Word has length 32 [2022-07-19 17:26:00,045 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:00,045 INFO L495 AbstractCegarLoop]: Abstraction has 80 states and 102 transitions. [2022-07-19 17:26:00,046 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-19 17:26:00,046 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 102 transitions. [2022-07-19 17:26:00,048 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-07-19 17:26:00,048 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:00,048 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:00,049 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-07-19 17:26:00,049 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:00,050 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:00,050 INFO L85 PathProgramCache]: Analyzing trace with hash 1709273223, now seen corresponding path program 1 times [2022-07-19 17:26:00,050 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:00,050 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1934940861] [2022-07-19 17:26:00,051 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:00,051 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:00,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,116 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-07-19 17:26:00,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-07-19 17:26:00,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,122 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-19 17:26:00,122 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:00,123 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1934940861] [2022-07-19 17:26:00,123 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1934940861] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:00,123 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:00,123 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-19 17:26:00,124 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [745382937] [2022-07-19 17:26:00,124 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:00,125 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-19 17:26:00,125 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:00,125 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-19 17:26:00,126 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-19 17:26:00,126 INFO L87 Difference]: Start difference. First operand 80 states and 102 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-19 17:26:00,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:00,139 INFO L93 Difference]: Finished difference Result 120 states and 153 transitions. [2022-07-19 17:26:00,139 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-19 17:26:00,139 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-07-19 17:26:00,140 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:00,141 INFO L225 Difference]: With dead ends: 120 [2022-07-19 17:26:00,141 INFO L226 Difference]: Without dead ends: 71 [2022-07-19 17:26:00,142 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-19 17:26:00,143 INFO L413 NwaCegarLoop]: 89 mSDtfsCounter, 18 mSDsluCounter, 67 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 156 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:00,143 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 156 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-19 17:26:00,145 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 71 states. [2022-07-19 17:26:00,150 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 71 to 71. [2022-07-19 17:26:00,151 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 71 states, 58 states have (on average 1.3103448275862069) internal successors, (76), 63 states have internal predecessors, (76), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-07-19 17:26:00,152 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 71 states to 71 states and 90 transitions. [2022-07-19 17:26:00,152 INFO L78 Accepts]: Start accepts. Automaton has 71 states and 90 transitions. Word has length 33 [2022-07-19 17:26:00,152 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:00,152 INFO L495 AbstractCegarLoop]: Abstraction has 71 states and 90 transitions. [2022-07-19 17:26:00,153 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-19 17:26:00,153 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 90 transitions. [2022-07-19 17:26:00,154 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-07-19 17:26:00,154 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:00,154 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:00,155 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-07-19 17:26:00,155 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:00,155 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:00,156 INFO L85 PathProgramCache]: Analyzing trace with hash 1502879027, now seen corresponding path program 1 times [2022-07-19 17:26:00,156 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:00,156 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019147484] [2022-07-19 17:26:00,156 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:00,156 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:00,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,224 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-19 17:26:00,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-07-19 17:26:00,229 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,231 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-19 17:26:00,231 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:00,232 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019147484] [2022-07-19 17:26:00,232 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2019147484] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:00,232 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:00,232 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-19 17:26:00,232 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1088565756] [2022-07-19 17:26:00,233 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:00,233 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-19 17:26:00,233 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:00,234 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-19 17:26:00,234 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-19 17:26:00,234 INFO L87 Difference]: Start difference. First operand 71 states and 90 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:00,262 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:00,262 INFO L93 Difference]: Finished difference Result 195 states and 253 transitions. [2022-07-19 17:26:00,262 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-19 17:26:00,263 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-07-19 17:26:00,263 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:00,264 INFO L225 Difference]: With dead ends: 195 [2022-07-19 17:26:00,264 INFO L226 Difference]: Without dead ends: 132 [2022-07-19 17:26:00,265 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-19 17:26:00,266 INFO L413 NwaCegarLoop]: 109 mSDtfsCounter, 78 mSDsluCounter, 77 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 78 SdHoareTripleChecker+Valid, 186 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:00,267 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [78 Valid, 186 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-19 17:26:00,268 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 132 states. [2022-07-19 17:26:00,281 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 132 to 127. [2022-07-19 17:26:00,281 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 127 states, 102 states have (on average 1.3333333333333333) internal successors, (136), 111 states have internal predecessors, (136), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2022-07-19 17:26:00,283 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 127 states to 127 states and 164 transitions. [2022-07-19 17:26:00,286 INFO L78 Accepts]: Start accepts. Automaton has 127 states and 164 transitions. Word has length 38 [2022-07-19 17:26:00,286 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:00,286 INFO L495 AbstractCegarLoop]: Abstraction has 127 states and 164 transitions. [2022-07-19 17:26:00,287 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:00,287 INFO L276 IsEmpty]: Start isEmpty. Operand 127 states and 164 transitions. [2022-07-19 17:26:00,288 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-07-19 17:26:00,290 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:00,290 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:00,290 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-07-19 17:26:00,290 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:00,291 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:00,291 INFO L85 PathProgramCache]: Analyzing trace with hash -793445015, now seen corresponding path program 1 times [2022-07-19 17:26:00,291 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:00,291 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1219457738] [2022-07-19 17:26:00,292 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:00,292 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:00,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-07-19 17:26:00,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-07-19 17:26:00,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,404 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-07-19 17:26:00,405 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:00,405 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1219457738] [2022-07-19 17:26:00,405 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1219457738] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:00,405 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:00,405 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-19 17:26:00,406 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [341044295] [2022-07-19 17:26:00,406 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:00,406 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-19 17:26:00,407 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:00,407 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-19 17:26:00,407 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-19 17:26:00,408 INFO L87 Difference]: Start difference. First operand 127 states and 164 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-19 17:26:00,516 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:00,516 INFO L93 Difference]: Finished difference Result 342 states and 450 transitions. [2022-07-19 17:26:00,517 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-07-19 17:26:00,517 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-07-19 17:26:00,518 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:00,519 INFO L225 Difference]: With dead ends: 342 [2022-07-19 17:26:00,521 INFO L226 Difference]: Without dead ends: 223 [2022-07-19 17:26:00,522 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-07-19 17:26:00,528 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 47 mSDsluCounter, 325 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 48 SdHoareTripleChecker+Valid, 425 SdHoareTripleChecker+Invalid, 64 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:00,529 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [48 Valid, 425 Invalid, 64 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 55 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-19 17:26:00,531 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 223 states. [2022-07-19 17:26:00,558 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 223 to 211. [2022-07-19 17:26:00,560 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 211 states, 166 states have (on average 1.2951807228915662) internal successors, (215), 179 states have internal predecessors, (215), 24 states have call successors, (24), 20 states have call predecessors, (24), 20 states have return successors, (28), 24 states have call predecessors, (28), 24 states have call successors, (28) [2022-07-19 17:26:00,568 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 211 states to 211 states and 267 transitions. [2022-07-19 17:26:00,570 INFO L78 Accepts]: Start accepts. Automaton has 211 states and 267 transitions. Word has length 41 [2022-07-19 17:26:00,570 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:00,570 INFO L495 AbstractCegarLoop]: Abstraction has 211 states and 267 transitions. [2022-07-19 17:26:00,571 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-19 17:26:00,571 INFO L276 IsEmpty]: Start isEmpty. Operand 211 states and 267 transitions. [2022-07-19 17:26:00,573 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-07-19 17:26:00,575 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:00,575 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:00,576 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-07-19 17:26:00,576 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:00,577 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:00,577 INFO L85 PathProgramCache]: Analyzing trace with hash 855988844, now seen corresponding path program 1 times [2022-07-19 17:26:00,577 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:00,577 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1219054468] [2022-07-19 17:26:00,577 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:00,578 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:00,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-19 17:26:00,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-07-19 17:26:00,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,709 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-19 17:26:00,710 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:00,710 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1219054468] [2022-07-19 17:26:00,710 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1219054468] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:00,710 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:00,711 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-07-19 17:26:00,712 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [258035360] [2022-07-19 17:26:00,712 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:00,716 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-07-19 17:26:00,716 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:00,716 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-07-19 17:26:00,716 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-07-19 17:26:00,717 INFO L87 Difference]: Start difference. First operand 211 states and 267 transitions. Second operand has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:00,756 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:00,757 INFO L93 Difference]: Finished difference Result 462 states and 598 transitions. [2022-07-19 17:26:00,757 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-07-19 17:26:00,757 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 51 [2022-07-19 17:26:00,759 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:00,761 INFO L225 Difference]: With dead ends: 462 [2022-07-19 17:26:00,761 INFO L226 Difference]: Without dead ends: 259 [2022-07-19 17:26:00,762 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-07-19 17:26:00,763 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 42 mSDsluCounter, 281 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 44 SdHoareTripleChecker+Valid, 381 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:00,766 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [44 Valid, 381 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-19 17:26:00,767 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 259 states. [2022-07-19 17:26:00,788 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 259 to 217. [2022-07-19 17:26:00,788 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 217 states, 172 states have (on average 1.2848837209302326) internal successors, (221), 185 states have internal predecessors, (221), 24 states have call successors, (24), 20 states have call predecessors, (24), 20 states have return successors, (28), 24 states have call predecessors, (28), 24 states have call successors, (28) [2022-07-19 17:26:00,790 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 217 states to 217 states and 273 transitions. [2022-07-19 17:26:00,790 INFO L78 Accepts]: Start accepts. Automaton has 217 states and 273 transitions. Word has length 51 [2022-07-19 17:26:00,790 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:00,790 INFO L495 AbstractCegarLoop]: Abstraction has 217 states and 273 transitions. [2022-07-19 17:26:00,791 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:00,791 INFO L276 IsEmpty]: Start isEmpty. Operand 217 states and 273 transitions. [2022-07-19 17:26:00,792 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-07-19 17:26:00,792 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:00,793 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:00,793 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-07-19 17:26:00,793 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:00,793 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:00,794 INFO L85 PathProgramCache]: Analyzing trace with hash 1278690670, now seen corresponding path program 1 times [2022-07-19 17:26:00,794 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:00,794 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [116659286] [2022-07-19 17:26:00,794 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:00,794 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:00,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-19 17:26:00,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-07-19 17:26:00,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:00,889 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-19 17:26:00,891 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:00,891 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [116659286] [2022-07-19 17:26:00,891 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [116659286] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:00,891 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:00,891 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-07-19 17:26:00,892 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1869050832] [2022-07-19 17:26:00,892 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:00,892 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-07-19 17:26:00,892 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:00,893 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-07-19 17:26:00,893 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-07-19 17:26:00,893 INFO L87 Difference]: Start difference. First operand 217 states and 273 transitions. Second operand has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:00,993 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:00,993 INFO L93 Difference]: Finished difference Result 486 states and 624 transitions. [2022-07-19 17:26:00,993 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-07-19 17:26:00,994 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 51 [2022-07-19 17:26:00,994 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:00,999 INFO L225 Difference]: With dead ends: 486 [2022-07-19 17:26:00,999 INFO L226 Difference]: Without dead ends: 277 [2022-07-19 17:26:01,000 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-07-19 17:26:01,001 INFO L413 NwaCegarLoop]: 120 mSDtfsCounter, 155 mSDsluCounter, 317 mSDsCounter, 0 mSdLazyCounter, 22 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 157 SdHoareTripleChecker+Valid, 437 SdHoareTripleChecker+Invalid, 37 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 22 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:01,003 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [157 Valid, 437 Invalid, 37 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 22 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-19 17:26:01,004 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 277 states. [2022-07-19 17:26:01,028 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 277 to 221. [2022-07-19 17:26:01,029 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 221 states, 176 states have (on average 1.2784090909090908) internal successors, (225), 189 states have internal predecessors, (225), 24 states have call successors, (24), 20 states have call predecessors, (24), 20 states have return successors, (28), 24 states have call predecessors, (28), 24 states have call successors, (28) [2022-07-19 17:26:01,030 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 221 states to 221 states and 277 transitions. [2022-07-19 17:26:01,031 INFO L78 Accepts]: Start accepts. Automaton has 221 states and 277 transitions. Word has length 51 [2022-07-19 17:26:01,032 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:01,032 INFO L495 AbstractCegarLoop]: Abstraction has 221 states and 277 transitions. [2022-07-19 17:26:01,032 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:01,032 INFO L276 IsEmpty]: Start isEmpty. Operand 221 states and 277 transitions. [2022-07-19 17:26:01,033 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-07-19 17:26:01,038 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:01,038 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:01,038 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-07-19 17:26:01,038 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:01,039 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:01,039 INFO L85 PathProgramCache]: Analyzing trace with hash -526747664, now seen corresponding path program 1 times [2022-07-19 17:26:01,039 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:01,039 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1568108355] [2022-07-19 17:26:01,039 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:01,040 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:01,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-19 17:26:01,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-07-19 17:26:01,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,133 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-19 17:26:01,133 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:01,133 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1568108355] [2022-07-19 17:26:01,133 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1568108355] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:01,133 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:01,133 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-19 17:26:01,133 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [874810684] [2022-07-19 17:26:01,134 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:01,135 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-19 17:26:01,135 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:01,136 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-19 17:26:01,136 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-19 17:26:01,136 INFO L87 Difference]: Start difference. First operand 221 states and 277 transitions. Second operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:01,163 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:01,163 INFO L93 Difference]: Finished difference Result 528 states and 667 transitions. [2022-07-19 17:26:01,164 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-19 17:26:01,164 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 51 [2022-07-19 17:26:01,164 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:01,166 INFO L225 Difference]: With dead ends: 528 [2022-07-19 17:26:01,166 INFO L226 Difference]: Without dead ends: 315 [2022-07-19 17:26:01,167 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 6 SyntacticMatches, 1 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-19 17:26:01,170 INFO L413 NwaCegarLoop]: 95 mSDtfsCounter, 39 mSDsluCounter, 76 mSDsCounter, 0 mSdLazyCounter, 10 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 171 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 10 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:01,170 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [39 Valid, 171 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 10 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-19 17:26:01,171 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 315 states. [2022-07-19 17:26:01,187 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 315 to 315. [2022-07-19 17:26:01,188 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 315 states, 250 states have (on average 1.248) internal successors, (312), 265 states have internal predecessors, (312), 36 states have call successors, (36), 30 states have call predecessors, (36), 28 states have return successors, (40), 34 states have call predecessors, (40), 36 states have call successors, (40) [2022-07-19 17:26:01,190 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 315 states to 315 states and 388 transitions. [2022-07-19 17:26:01,190 INFO L78 Accepts]: Start accepts. Automaton has 315 states and 388 transitions. Word has length 51 [2022-07-19 17:26:01,192 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:01,192 INFO L495 AbstractCegarLoop]: Abstraction has 315 states and 388 transitions. [2022-07-19 17:26:01,192 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-19 17:26:01,194 INFO L276 IsEmpty]: Start isEmpty. Operand 315 states and 388 transitions. [2022-07-19 17:26:01,196 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2022-07-19 17:26:01,196 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:01,196 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:01,197 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-07-19 17:26:01,197 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:01,198 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:01,198 INFO L85 PathProgramCache]: Analyzing trace with hash -1427287338, now seen corresponding path program 1 times [2022-07-19 17:26:01,199 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:01,201 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1176233303] [2022-07-19 17:26:01,201 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:01,201 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:01,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,324 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-19 17:26:01,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,331 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-07-19 17:26:01,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-07-19 17:26:01,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,338 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-19 17:26:01,338 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:01,338 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1176233303] [2022-07-19 17:26:01,338 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1176233303] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:01,339 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:01,339 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-07-19 17:26:01,339 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [271599561] [2022-07-19 17:26:01,339 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:01,340 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-07-19 17:26:01,340 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:01,340 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-07-19 17:26:01,340 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2022-07-19 17:26:01,341 INFO L87 Difference]: Start difference. First operand 315 states and 388 transitions. Second operand has 8 states, 8 states have (on average 5.75) internal successors, (46), 7 states have internal predecessors, (46), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-19 17:26:01,712 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:01,713 INFO L93 Difference]: Finished difference Result 1084 states and 1399 transitions. [2022-07-19 17:26:01,713 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2022-07-19 17:26:01,713 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.75) internal successors, (46), 7 states have internal predecessors, (46), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 55 [2022-07-19 17:26:01,714 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:01,719 INFO L225 Difference]: With dead ends: 1084 [2022-07-19 17:26:01,719 INFO L226 Difference]: Without dead ends: 871 [2022-07-19 17:26:01,723 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 58 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=95, Invalid=247, Unknown=0, NotChecked=0, Total=342 [2022-07-19 17:26:01,723 INFO L413 NwaCegarLoop]: 136 mSDtfsCounter, 341 mSDsluCounter, 451 mSDsCounter, 0 mSdLazyCounter, 246 mSolverCounterSat, 71 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 351 SdHoareTripleChecker+Valid, 587 SdHoareTripleChecker+Invalid, 317 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 71 IncrementalHoareTripleChecker+Valid, 246 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:01,724 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [351 Valid, 587 Invalid, 317 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [71 Valid, 246 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-07-19 17:26:01,725 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 871 states. [2022-07-19 17:26:01,773 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 871 to 815. [2022-07-19 17:26:01,775 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 815 states, 648 states have (on average 1.2191358024691359) internal successors, (790), 689 states have internal predecessors, (790), 90 states have call successors, (90), 66 states have call predecessors, (90), 76 states have return successors, (128), 86 states have call predecessors, (128), 90 states have call successors, (128) [2022-07-19 17:26:01,780 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 815 states to 815 states and 1008 transitions. [2022-07-19 17:26:01,781 INFO L78 Accepts]: Start accepts. Automaton has 815 states and 1008 transitions. Word has length 55 [2022-07-19 17:26:01,781 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:01,781 INFO L495 AbstractCegarLoop]: Abstraction has 815 states and 1008 transitions. [2022-07-19 17:26:01,781 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.75) internal successors, (46), 7 states have internal predecessors, (46), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-19 17:26:01,781 INFO L276 IsEmpty]: Start isEmpty. Operand 815 states and 1008 transitions. [2022-07-19 17:26:01,784 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-07-19 17:26:01,784 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:01,784 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:01,784 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-07-19 17:26:01,784 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:01,785 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:01,785 INFO L85 PathProgramCache]: Analyzing trace with hash -616604212, now seen corresponding path program 1 times [2022-07-19 17:26:01,785 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:01,785 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [180450770] [2022-07-19 17:26:01,785 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:01,786 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:01,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,818 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-19 17:26:01,819 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-19 17:26:01,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,847 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-19 17:26:01,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-07-19 17:26:01,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,853 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-07-19 17:26:01,853 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:01,855 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-07-19 17:26:01,855 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:01,855 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [180450770] [2022-07-19 17:26:01,855 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [180450770] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-19 17:26:01,855 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-19 17:26:01,856 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-19 17:26:01,856 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1963302551] [2022-07-19 17:26:01,856 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-19 17:26:01,857 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-19 17:26:01,857 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:01,857 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-19 17:26:01,858 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-07-19 17:26:01,858 INFO L87 Difference]: Start difference. First operand 815 states and 1008 transitions. Second operand has 6 states, 6 states have (on average 11.666666666666666) internal successors, (70), 4 states have internal predecessors, (70), 3 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2022-07-19 17:26:02,035 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:02,035 INFO L93 Difference]: Finished difference Result 1379 states and 1704 transitions. [2022-07-19 17:26:02,036 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-07-19 17:26:02,036 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.666666666666666) internal successors, (70), 4 states have internal predecessors, (70), 3 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) Word has length 85 [2022-07-19 17:26:02,037 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:02,040 INFO L225 Difference]: With dead ends: 1379 [2022-07-19 17:26:02,040 INFO L226 Difference]: Without dead ends: 572 [2022-07-19 17:26:02,042 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 14 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=30, Invalid=60, Unknown=0, NotChecked=0, Total=90 [2022-07-19 17:26:02,044 INFO L413 NwaCegarLoop]: 131 mSDtfsCounter, 183 mSDsluCounter, 196 mSDsCounter, 0 mSdLazyCounter, 118 mSolverCounterSat, 51 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 190 SdHoareTripleChecker+Valid, 327 SdHoareTripleChecker+Invalid, 169 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 51 IncrementalHoareTripleChecker+Valid, 118 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:02,044 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [190 Valid, 327 Invalid, 169 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [51 Valid, 118 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-19 17:26:02,045 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 572 states. [2022-07-19 17:26:02,077 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 572 to 562. [2022-07-19 17:26:02,078 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 562 states, 445 states have (on average 1.208988764044944) internal successors, (538), 473 states have internal predecessors, (538), 63 states have call successors, (63), 48 states have call predecessors, (63), 53 states have return successors, (83), 60 states have call predecessors, (83), 63 states have call successors, (83) [2022-07-19 17:26:02,081 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 562 states to 562 states and 684 transitions. [2022-07-19 17:26:02,082 INFO L78 Accepts]: Start accepts. Automaton has 562 states and 684 transitions. Word has length 85 [2022-07-19 17:26:02,082 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:02,082 INFO L495 AbstractCegarLoop]: Abstraction has 562 states and 684 transitions. [2022-07-19 17:26:02,082 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.666666666666666) internal successors, (70), 4 states have internal predecessors, (70), 3 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2022-07-19 17:26:02,083 INFO L276 IsEmpty]: Start isEmpty. Operand 562 states and 684 transitions. [2022-07-19 17:26:02,083 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 88 [2022-07-19 17:26:02,084 INFO L187 NwaCegarLoop]: Found error trace [2022-07-19 17:26:02,084 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:02,084 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-07-19 17:26:02,084 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-19 17:26:02,085 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-19 17:26:02,085 INFO L85 PathProgramCache]: Analyzing trace with hash 1396479385, now seen corresponding path program 1 times [2022-07-19 17:26:02,085 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-19 17:26:02,085 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1889827091] [2022-07-19 17:26:02,085 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:02,086 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-19 17:26:02,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-19 17:26:02,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,185 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-07-19 17:26:02,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,202 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-19 17:26:02,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-07-19 17:26:02,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-07-19 17:26:02,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-07-19 17:26:02,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,224 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 16 proven. 9 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-07-19 17:26:02,224 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-19 17:26:02,224 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1889827091] [2022-07-19 17:26:02,224 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1889827091] provided 0 perfect and 1 imperfect interpolant sequences [2022-07-19 17:26:02,224 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1354753890] [2022-07-19 17:26:02,224 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-19 17:26:02,225 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-07-19 17:26:02,225 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-19 17:26:02,231 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-07-19 17:26:02,259 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-07-19 17:26:02,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-19 17:26:02,339 INFO L263 TraceCheckSpWp]: Trace formula consists of 454 conjuncts, 8 conjunts are in the unsatisfiable core [2022-07-19 17:26:02,347 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-07-19 17:26:02,508 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 23 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-07-19 17:26:02,511 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-07-19 17:26:02,642 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 6 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-07-19 17:26:02,642 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1354753890] provided 0 perfect and 2 imperfect interpolant sequences [2022-07-19 17:26:02,643 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-07-19 17:26:02,643 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 6, 6] total 14 [2022-07-19 17:26:02,643 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [700067378] [2022-07-19 17:26:02,643 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-07-19 17:26:02,644 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-07-19 17:26:02,644 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-19 17:26:02,644 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-07-19 17:26:02,644 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=149, Unknown=0, NotChecked=0, Total=182 [2022-07-19 17:26:02,645 INFO L87 Difference]: Start difference. First operand 562 states and 684 transitions. Second operand has 14 states, 14 states have (on average 7.642857142857143) internal successors, (107), 10 states have internal predecessors, (107), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 6 states have call successors, (13) [2022-07-19 17:26:03,303 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-19 17:26:03,303 INFO L93 Difference]: Finished difference Result 1073 states and 1331 transitions. [2022-07-19 17:26:03,304 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 27 states. [2022-07-19 17:26:03,304 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 7.642857142857143) internal successors, (107), 10 states have internal predecessors, (107), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 6 states have call successors, (13) Word has length 87 [2022-07-19 17:26:03,304 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-19 17:26:03,305 INFO L225 Difference]: With dead ends: 1073 [2022-07-19 17:26:03,305 INFO L226 Difference]: Without dead ends: 0 [2022-07-19 17:26:03,308 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 223 GetRequests, 189 SyntacticMatches, 1 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 250 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=256, Invalid=934, Unknown=0, NotChecked=0, Total=1190 [2022-07-19 17:26:03,309 INFO L413 NwaCegarLoop]: 174 mSDtfsCounter, 315 mSDsluCounter, 1040 mSDsCounter, 0 mSdLazyCounter, 692 mSolverCounterSat, 117 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 320 SdHoareTripleChecker+Valid, 1214 SdHoareTripleChecker+Invalid, 809 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 117 IncrementalHoareTripleChecker+Valid, 692 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-07-19 17:26:03,309 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [320 Valid, 1214 Invalid, 809 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [117 Valid, 692 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-07-19 17:26:03,310 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-07-19 17:26:03,310 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-07-19 17:26:03,310 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-07-19 17:26:03,310 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-07-19 17:26:03,310 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 87 [2022-07-19 17:26:03,310 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-19 17:26:03,311 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-07-19 17:26:03,311 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 7.642857142857143) internal successors, (107), 10 states have internal predecessors, (107), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 6 states have call successors, (13) [2022-07-19 17:26:03,311 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-07-19 17:26:03,311 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-07-19 17:26:03,313 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-07-19 17:26:03,340 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-07-19 17:26:03,533 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-07-19 17:26:03,535 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-07-19 17:26:07,106 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 556 562) no Hoare annotation was computed. [2022-07-19 17:26:07,107 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 556 562) the Hoare annotation is: true [2022-07-19 17:26:07,107 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 83 94) the Hoare annotation is: true [2022-07-19 17:26:07,107 INFO L899 garLoopResultBuilder]: For program point L87-1(lines 83 94) no Hoare annotation was computed. [2022-07-19 17:26:07,107 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 83 94) no Hoare annotation was computed. [2022-07-19 17:26:07,107 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 831 860) no Hoare annotation was computed. [2022-07-19 17:26:07,107 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 831 860) the Hoare annotation is: true [2022-07-19 17:26:07,107 INFO L902 garLoopResultBuilder]: At program point L856(lines 831 860) the Hoare annotation is: true [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L852(line 852) no Hoare annotation was computed. [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L845(lines 845 849) no Hoare annotation was computed. [2022-07-19 17:26:07,108 INFO L902 garLoopResultBuilder]: At program point L845-1(lines 845 849) the Hoare annotation is: true [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L842(line 842) no Hoare annotation was computed. [2022-07-19 17:26:07,108 INFO L902 garLoopResultBuilder]: At program point L841-2(lines 841 855) the Hoare annotation is: true [2022-07-19 17:26:07,108 INFO L902 garLoopResultBuilder]: At program point L837(line 837) the Hoare annotation is: true [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L837-1(line 837) no Hoare annotation was computed. [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L543-1(lines 543 549) no Hoare annotation was computed. [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L605(lines 605 611) no Hoare annotation was computed. [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L572(lines 572 580) no Hoare annotation was computed. [2022-07-19 17:26:07,108 INFO L895 garLoopResultBuilder]: At program point L605-2(lines 598 614) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (<= |old(~waterLevel~0)| 2)))) (and (let ((.cse2 (<= 2 ~waterLevel~0)) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 .cse1 (and (= ~pumpRunning~0 0) .cse2 .cse3) (and (<= 1 ~pumpRunning~0) .cse2 .cse3) .cse4)) (or .cse1 .cse5 .cse4 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse5 .cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse4 (not (= 0 ~systemActive~0))))) [2022-07-19 17:26:07,108 INFO L899 garLoopResultBuilder]: For program point L568(lines 568 585) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L895 garLoopResultBuilder]: At program point L630(lines 623 633) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse0 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse2))) [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point L688(lines 688 692) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point L688-2(lines 688 692) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point L969(lines 969 975) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 529 555) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point L932(line 932) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L895 garLoopResultBuilder]: At program point L953(lines 946 955) the Hoare annotation is: (let ((.cse6 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (and (= ~pumpRunning~0 0) .cse6)) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (and (<= 1 ~pumpRunning~0) .cse6 (<= 1 ~switchedOnBeforeTS~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse5 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse3 (not (= 0 ~systemActive~0))) (or .cse2 .cse4 .cse5 .cse3 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point L536(lines 536 542) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point L536-2(lines 532 554) no Hoare annotation was computed. [2022-07-19 17:26:07,109 INFO L895 garLoopResultBuilder]: At program point L594(lines 589 596) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse2))) [2022-07-19 17:26:07,109 INFO L899 garLoopResultBuilder]: For program point L140(lines 140 146) no Hoare annotation was computed. [2022-07-19 17:26:07,110 INFO L895 garLoopResultBuilder]: At program point L966(line 966) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse8 (not (= 0 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse3 (and .cse5 (= ~waterLevel~0 1) .cse6) .cse7) (or .cse2 .cse4 .cse3 (and .cse5 (<= ~waterLevel~0 2) .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse3 .cse8 .cse7) (or .cse0 .cse1 .cse3 .cse8) (or .cse0 .cse2 .cse3 .cse7))) [2022-07-19 17:26:07,110 INFO L899 garLoopResultBuilder]: For program point L966-1(line 966) no Hoare annotation was computed. [2022-07-19 17:26:07,110 INFO L895 garLoopResultBuilder]: At program point L933(lines 928 935) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse0 .cse2))) [2022-07-19 17:26:07,110 INFO L895 garLoopResultBuilder]: At program point L132(lines 127 135) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse8 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (<= 1 ~pumpRunning~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (and (= ~pumpRunning~0 0) .cse4)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (= 0 ~systemActive~0))) (.cse6 (and (<= |timeShift_getWaterLevel_#res#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|))) (.cse7 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= 2 ~waterLevel~0) .cse4) .cse5) (or .cse0 .cse2 .cse5 .cse6 .cse7) (or .cse2 .cse8 .cse5 (and .cse3 (= ~waterLevel~0 1) .cse9) .cse7) (or .cse2 .cse8 .cse5 (and .cse3 (<= ~waterLevel~0 2) .cse9) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse5 .cse10) (or .cse0 .cse5 .cse10 .cse6 .cse7)))) [2022-07-19 17:26:07,110 INFO L895 garLoopResultBuilder]: At program point L578(line 578) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse0 .cse2 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0) (= |timeShift_processEnvironment_~tmp~3#1| 0))))) [2022-07-19 17:26:07,110 INFO L895 garLoopResultBuilder]: At program point L694(lines 679 697) the Hoare annotation is: (let ((.cse3 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (<= |old(~waterLevel~0)| 2)))) (and (let ((.cse1 (= ~pumpRunning~0 0)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse1 (= |timeShift_isHighWaterLevel_~tmp___0~0#1| 0) (= |timeShift_isHighWaterLevel_#res#1| 0) (not (= |timeShift_isHighWaterLevel_~tmp~5#1| 0)) .cse2) .cse3 (and .cse1 (<= 2 ~waterLevel~0) .cse2) .cse4)) (or .cse3 .cse5 .cse4 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse5 .cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse4 (not (= 0 ~systemActive~0))))) [2022-07-19 17:26:07,110 INFO L895 garLoopResultBuilder]: At program point L145(lines 136 149) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse2 (not (= 0 ~systemActive~0))) (let ((.cse4 (= ~pumpRunning~0 0)) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse3 (and .cse4 (not (= |timeShift_isHighWaterSensorDry_#res#1| 0)) .cse5) .cse0 (and .cse4 (<= 2 ~waterLevel~0) .cse5) .cse2)))) [2022-07-19 17:26:07,110 INFO L895 garLoopResultBuilder]: At program point L583(line 583) the Hoare annotation is: (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (<= 1 ~pumpRunning~0)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse1 (and .cse4 (= ~waterLevel~0 1) .cse5) (not (<= 2 |old(~waterLevel~0)|))) (or .cse2 .cse3 .cse1 (and .cse4 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse1))) [2022-07-19 17:26:07,111 INFO L895 garLoopResultBuilder]: At program point L583-1(lines 564 588) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and (= ~pumpRunning~0 0) .cse1) .cse2 (and .cse3 (<= 2 ~waterLevel~0) .cse1) .cse4)) (or .cse0 .cse4 (not (= 0 ~systemActive~0))) (or .cse2 .cse5 .cse4 (and .cse3 (= ~waterLevel~0 1) .cse6) (not (<= 2 |old(~waterLevel~0)|))) (or .cse2 .cse5 .cse4 (and .cse3 (<= ~waterLevel~0 2) .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-07-19 17:26:07,111 INFO L895 garLoopResultBuilder]: At program point L100(lines 95 103) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse0 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse2))) [2022-07-19 17:26:07,111 INFO L899 garLoopResultBuilder]: For program point L63(lines 63 67) no Hoare annotation was computed. [2022-07-19 17:26:07,111 INFO L895 garLoopResultBuilder]: At program point L63-2(lines 59 70) the Hoare annotation is: (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (<= 1 ~pumpRunning~0)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse1 (and .cse4 (= ~waterLevel~0 1) .cse5) (not (<= 2 |old(~waterLevel~0)|))) (or .cse2 .cse3 .cse1 (and .cse4 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse1))) [2022-07-19 17:26:07,111 INFO L895 garLoopResultBuilder]: At program point L951(line 951) the Hoare annotation is: (let ((.cse6 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and (= ~pumpRunning~0 0) .cse6 .cse7)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6 .cse7))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse3 (not (= 0 ~systemActive~0))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-07-19 17:26:07,111 INFO L899 garLoopResultBuilder]: For program point L951-1(line 951) no Hoare annotation was computed. [2022-07-19 17:26:07,112 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 529 555) the Hoare annotation is: (let ((.cse6 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and (= ~pumpRunning~0 0) .cse6 .cse7)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6 .cse7))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse3 (not (= 0 ~systemActive~0))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-07-19 17:26:07,112 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 529 555) no Hoare annotation was computed. [2022-07-19 17:26:07,112 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 932) no Hoare annotation was computed. [2022-07-19 17:26:07,112 INFO L899 garLoopResultBuilder]: For program point L968(lines 968 978) no Hoare annotation was computed. [2022-07-19 17:26:07,112 INFO L899 garLoopResultBuilder]: For program point L964(lines 964 981) no Hoare annotation was computed. [2022-07-19 17:26:07,113 INFO L895 garLoopResultBuilder]: At program point L964-1(lines 956 984) the Hoare annotation is: (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse8 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (<= 1 ~pumpRunning~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (and (<= |timeShift_getWaterLevel_#res#1| 2) (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1|) (<= 2 |timeShift_getWaterLevel_#res#1|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| 2))) (.cse4 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (and (= ~pumpRunning~0 0) .cse7)) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse5 .cse1 (and .cse6 (<= 2 ~waterLevel~0) .cse7) .cse3) (or .cse1 .cse8 .cse3 (and .cse6 (= ~waterLevel~0 1) .cse9) .cse4) (or .cse1 .cse8 .cse3 (and .cse6 (<= ~waterLevel~0 2) .cse9) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse3 .cse10 .cse4) (or .cse0 .cse5 .cse3 .cse10)))) [2022-07-19 17:26:07,113 INFO L902 garLoopResultBuilder]: At program point L923(lines 904 926) the Hoare annotation is: true [2022-07-19 17:26:07,113 INFO L895 garLoopResultBuilder]: At program point L783(lines 732 784) the Hoare annotation is: false [2022-07-19 17:26:07,113 INFO L899 garLoopResultBuilder]: For program point L771(lines 771 777) no Hoare annotation was computed. [2022-07-19 17:26:07,113 INFO L895 garLoopResultBuilder]: At program point L771-2(lines 763 778) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-19 17:26:07,113 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-07-19 17:26:07,114 INFO L899 garLoopResultBuilder]: For program point L734(lines 733 782) no Hoare annotation was computed. [2022-07-19 17:26:07,114 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-07-19 17:26:07,114 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-07-19 17:26:07,114 INFO L899 garLoopResultBuilder]: For program point L763(lines 763 778) no Hoare annotation was computed. [2022-07-19 17:26:07,114 INFO L895 garLoopResultBuilder]: At program point L825(lines 820 828) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-19 17:26:07,114 INFO L895 garLoopResultBuilder]: At program point L755(line 755) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-19 17:26:07,114 INFO L895 garLoopResultBuilder]: At program point L817(lines 813 819) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-19 17:26:07,115 INFO L895 garLoopResultBuilder]: At program point L718(lines 713 720) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-19 17:26:07,115 INFO L895 garLoopResultBuilder]: At program point L780(lines 733 782) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-19 17:26:07,115 INFO L899 garLoopResultBuilder]: For program point L743(lines 743 749) no Hoare annotation was computed. [2022-07-19 17:26:07,115 INFO L899 garLoopResultBuilder]: For program point L743-1(lines 743 749) no Hoare annotation was computed. [2022-07-19 17:26:07,116 INFO L895 garLoopResultBuilder]: At program point L710(lines 698 712) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (<= ~waterLevel~0 2) (= 0 ~systemActive~0)) [2022-07-19 17:26:07,116 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-07-19 17:26:07,116 INFO L899 garLoopResultBuilder]: For program point L735(lines 735 739) no Hoare annotation was computed. [2022-07-19 17:26:07,116 INFO L899 garLoopResultBuilder]: For program point L702(lines 702 708) no Hoare annotation was computed. [2022-07-19 17:26:07,116 INFO L899 garLoopResultBuilder]: For program point L702-2(lines 702 708) no Hoare annotation was computed. [2022-07-19 17:26:07,116 INFO L895 garLoopResultBuilder]: At program point L620(lines 615 622) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3))) [2022-07-19 17:26:07,117 INFO L895 garLoopResultBuilder]: At program point L810(lines 806 812) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-19 17:26:07,117 INFO L902 garLoopResultBuilder]: At program point L901(lines 893 903) the Hoare annotation is: true [2022-07-19 17:26:07,117 INFO L895 garLoopResultBuilder]: At program point L889(lines 885 891) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-19 17:26:07,118 INFO L899 garLoopResultBuilder]: For program point L914(lines 914 921) no Hoare annotation was computed. [2022-07-19 17:26:07,118 INFO L902 garLoopResultBuilder]: At program point L786(lines 723 790) the Hoare annotation is: true [2022-07-19 17:26:07,118 INFO L899 garLoopResultBuilder]: For program point L753(lines 753 759) no Hoare annotation was computed. [2022-07-19 17:26:07,119 INFO L899 garLoopResultBuilder]: For program point L753-1(lines 753 759) no Hoare annotation was computed. [2022-07-19 17:26:07,119 INFO L899 garLoopResultBuilder]: For program point L914-2(lines 914 921) no Hoare annotation was computed. [2022-07-19 17:26:07,120 INFO L895 garLoopResultBuilder]: At program point L943(lines 938 945) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-19 17:26:07,120 INFO L895 garLoopResultBuilder]: At program point L745(line 745) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-19 17:26:07,120 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 71 82) no Hoare annotation was computed. [2022-07-19 17:26:07,120 INFO L899 garLoopResultBuilder]: For program point L75-1(lines 71 82) no Hoare annotation was computed. [2022-07-19 17:26:07,120 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 71 82) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~pumpRunning~0))) (.cse4 (not (= ~pumpRunning~0 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 .cse2 .cse3 (not (= 0 ~systemActive~0))) (or .cse4 .cse0 .cse2 .cse3))) [2022-07-19 17:26:07,120 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 634 642) no Hoare annotation was computed. [2022-07-19 17:26:07,121 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 634 642) the Hoare annotation is: true [2022-07-19 17:26:07,121 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 634 642) no Hoare annotation was computed. [2022-07-19 17:26:07,123 INFO L356 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-19 17:26:07,125 INFO L176 ceAbstractionStarter]: Computing trace abstraction results [2022-07-19 17:26:07,181 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 19.07 05:26:07 BoogieIcfgContainer [2022-07-19 17:26:07,185 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-07-19 17:26:07,186 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-07-19 17:26:07,186 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-07-19 17:26:07,186 INFO L275 PluginConnector]: Witness Printer initialized [2022-07-19 17:26:07,187 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.07 05:25:59" (3/4) ... [2022-07-19 17:26:07,189 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-07-19 17:26:07,194 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-07-19 17:26:07,194 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-07-19 17:26:07,194 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-07-19 17:26:07,194 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-07-19 17:26:07,195 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-07-19 17:26:07,195 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-07-19 17:26:07,205 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 50 nodes and edges [2022-07-19 17:26:07,206 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-07-19 17:26:07,206 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-07-19 17:26:07,207 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-07-19 17:26:07,207 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-07-19 17:26:07,207 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-19 17:26:07,208 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-19 17:26:07,230 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-19 17:26:07,231 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-07-19 17:26:07,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((\result <= 2 && 1 < tmp) && 2 <= \result) && tmp <= 2)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (((\result <= 2 && 1 < tmp) && 2 <= \result) && tmp <= 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) [2022-07-19 17:26:07,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-19 17:26:07,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-07-19 17:26:07,233 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel))) [2022-07-19 17:26:07,233 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-07-19 17:26:07,233 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && tmp___0 == 0) && \result == 0) && !(tmp == 0)) && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) [2022-07-19 17:26:07,233 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-07-19 17:26:07,234 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-07-19 17:26:07,234 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) [2022-07-19 17:26:07,234 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-07-19 17:26:07,265 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-07-19 17:26:07,266 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-07-19 17:26:07,266 INFO L158 Benchmark]: Toolchain (without parser) took 8618.04ms. Allocated memory was 79.7MB in the beginning and 151.0MB in the end (delta: 71.3MB). Free memory was 48.1MB in the beginning and 65.8MB in the end (delta: -17.7MB). Peak memory consumption was 53.4MB. Max. memory is 16.1GB. [2022-07-19 17:26:07,266 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 79.7MB. Free memory was 48.3MB in the beginning and 48.3MB in the end (delta: 26.6kB). There was no memory consumed. Max. memory is 16.1GB. [2022-07-19 17:26:07,267 INFO L158 Benchmark]: CACSL2BoogieTranslator took 500.39ms. Allocated memory was 79.7MB in the beginning and 96.5MB in the end (delta: 16.8MB). Free memory was 47.9MB in the beginning and 64.4MB in the end (delta: -16.6MB). Peak memory consumption was 10.2MB. Max. memory is 16.1GB. [2022-07-19 17:26:07,267 INFO L158 Benchmark]: Boogie Procedure Inliner took 55.04ms. Allocated memory is still 96.5MB. Free memory was 64.4MB in the beginning and 61.9MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-19 17:26:07,267 INFO L158 Benchmark]: Boogie Preprocessor took 37.94ms. Allocated memory is still 96.5MB. Free memory was 61.9MB in the beginning and 60.2MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-19 17:26:07,268 INFO L158 Benchmark]: RCFGBuilder took 416.39ms. Allocated memory is still 96.5MB. Free memory was 60.2MB in the beginning and 44.0MB in the end (delta: 16.3MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. [2022-07-19 17:26:07,268 INFO L158 Benchmark]: TraceAbstraction took 7520.28ms. Allocated memory was 96.5MB in the beginning and 151.0MB in the end (delta: 54.5MB). Free memory was 43.5MB in the beginning and 71.0MB in the end (delta: -27.6MB). Peak memory consumption was 58.9MB. Max. memory is 16.1GB. [2022-07-19 17:26:07,269 INFO L158 Benchmark]: Witness Printer took 80.04ms. Allocated memory is still 151.0MB. Free memory was 71.0MB in the beginning and 65.8MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-07-19 17:26:07,271 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 79.7MB. Free memory was 48.3MB in the beginning and 48.3MB in the end (delta: 26.6kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 500.39ms. Allocated memory was 79.7MB in the beginning and 96.5MB in the end (delta: 16.8MB). Free memory was 47.9MB in the beginning and 64.4MB in the end (delta: -16.6MB). Peak memory consumption was 10.2MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 55.04ms. Allocated memory is still 96.5MB. Free memory was 64.4MB in the beginning and 61.9MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 37.94ms. Allocated memory is still 96.5MB. Free memory was 61.9MB in the beginning and 60.2MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 416.39ms. Allocated memory is still 96.5MB. Free memory was 60.2MB in the beginning and 44.0MB in the end (delta: 16.3MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. * TraceAbstraction took 7520.28ms. Allocated memory was 96.5MB in the beginning and 151.0MB in the end (delta: 54.5MB). Free memory was 43.5MB in the beginning and 71.0MB in the end (delta: -27.6MB). Peak memory consumption was 58.9MB. Max. memory is 16.1GB. * Witness Printer took 80.04ms. Allocated memory is still 151.0MB. Free memory was 71.0MB in the beginning and 65.8MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 932]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 7 procedures, 89 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 7.4s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 1.7s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 3.6s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1248 SdHoareTripleChecker+Valid, 0.8s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1218 mSDsluCounter, 3995 SdHoareTripleChecker+Invalid, 0.7s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2830 mSDsCounter, 272 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1161 IncrementalHoareTripleChecker+Invalid, 1433 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 272 mSolverCounterUnsat, 1165 mSDtfsCounter, 1161 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 337 GetRequests, 255 SyntacticMatches, 2 SemanticMatches, 80 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 323 ImplicationChecksByTransitivity, 0.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=815occurred in iteration=8, InterpolantAutomatonStates: 85, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 10 MinimizatonAttempts, 181 StatesRemovedByMinimization, 6 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 42 LocationsWithAnnotation, 1466 PreInvPairs, 1683 NumberOfFragments, 2063 HoareAnnotationTreeSize, 1466 FomulaSimplifications, 8687 FormulaSimplificationTreeSizeReduction, 0.5s HoareSimplificationTime, 42 FomulaSimplificationsInter, 10955 FormulaSimplificationTreeSizeReductionInter, 3.0s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 1.0s InterpolantComputationTime, 611 NumberOfCodeBlocks, 611 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 686 ConstructedInterpolants, 0 QuantifiedInterpolants, 1373 SizeOfPredicates, 3 NumberOfNonLiveVariables, 454 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 120/142 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 698]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive - InvariantResult [Line: 136]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 806]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 733]: Loop Invariant Derived loop invariant: ((((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive)) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 904]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 831]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 938]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 564]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 928]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 885]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 732]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 956]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((\result <= 2 && 1 < tmp) && 2 <= \result) && tmp <= 2)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (((\result <= 2 && 1 < tmp) && 2 <= \result) && tmp <= 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) - InvariantResult [Line: 59]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 723]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 598]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) - InvariantResult [Line: 95]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 615]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) || ((((pumpRunning == 0 && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) - InvariantResult [Line: 713]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 820]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 623]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 813]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 127]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 679]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && tmp___0 == 0) && \result == 0) && !(tmp == 0)) && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((pumpRunning == 0 && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) - InvariantResult [Line: 893]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 589]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 946]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 841]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-07-19 17:26:07,331 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE