./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version f4b24e32 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 --- Real Ultimate output --- This is Ultimate 0.2.2-?-f4b24e3 [2022-07-13 18:00:43,563 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-07-13 18:00:43,579 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-07-13 18:00:43,629 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-07-13 18:00:43,630 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-07-13 18:00:43,631 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-07-13 18:00:43,632 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-07-13 18:00:43,634 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-07-13 18:00:43,635 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-07-13 18:00:43,638 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-07-13 18:00:43,638 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-07-13 18:00:43,640 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-07-13 18:00:43,640 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-07-13 18:00:43,642 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-07-13 18:00:43,642 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-07-13 18:00:43,644 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-07-13 18:00:43,645 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-07-13 18:00:43,646 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-07-13 18:00:43,647 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-07-13 18:00:43,653 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-07-13 18:00:43,654 INFO L181 SettingsManager]: Resetting HornVerifier preferences to default values [2022-07-13 18:00:43,655 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-07-13 18:00:43,655 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-07-13 18:00:43,656 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-07-13 18:00:43,657 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-07-13 18:00:43,661 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-07-13 18:00:43,662 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-07-13 18:00:43,662 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-07-13 18:00:43,663 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-07-13 18:00:43,663 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-07-13 18:00:43,664 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-07-13 18:00:43,664 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-07-13 18:00:43,665 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-07-13 18:00:43,665 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-07-13 18:00:43,666 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-07-13 18:00:43,666 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-07-13 18:00:43,667 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-07-13 18:00:43,667 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-07-13 18:00:43,667 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-07-13 18:00:43,667 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-07-13 18:00:43,668 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-07-13 18:00:43,669 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-07-13 18:00:43,670 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-07-13 18:00:43,692 INFO L113 SettingsManager]: Loading preferences was successful [2022-07-13 18:00:43,692 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-07-13 18:00:43,693 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-07-13 18:00:43,693 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-07-13 18:00:43,693 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-07-13 18:00:43,693 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-07-13 18:00:43,694 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-07-13 18:00:43,694 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-07-13 18:00:43,694 INFO L138 SettingsManager]: * Use SBE=true [2022-07-13 18:00:43,695 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-07-13 18:00:43,695 INFO L138 SettingsManager]: * sizeof long=4 [2022-07-13 18:00:43,695 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-07-13 18:00:43,695 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-07-13 18:00:43,695 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-07-13 18:00:43,695 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-07-13 18:00:43,696 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-07-13 18:00:43,696 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-07-13 18:00:43,696 INFO L138 SettingsManager]: * sizeof long double=12 [2022-07-13 18:00:43,696 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-07-13 18:00:43,696 INFO L138 SettingsManager]: * Use constant arrays=true [2022-07-13 18:00:43,696 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-07-13 18:00:43,696 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-07-13 18:00:43,697 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-07-13 18:00:43,697 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-07-13 18:00:43,697 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-13 18:00:43,697 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-07-13 18:00:43,697 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-07-13 18:00:43,697 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-07-13 18:00:43,697 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-07-13 18:00:43,698 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-07-13 18:00:43,698 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-07-13 18:00:43,698 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-07-13 18:00:43,698 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-07-13 18:00:43,698 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 [2022-07-13 18:00:43,882 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-07-13 18:00:43,902 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-07-13 18:00:43,903 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-07-13 18:00:43,904 INFO L271 PluginConnector]: Initializing CDTParser... [2022-07-13 18:00:43,904 INFO L275 PluginConnector]: CDTParser initialized [2022-07-13 18:00:43,905 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2022-07-13 18:00:43,947 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/8589f2741/02febd85f7dc4fa399691a8e4ced6154/FLAG7c1c75d2c [2022-07-13 18:00:44,358 INFO L306 CDTParser]: Found 1 translation units. [2022-07-13 18:00:44,361 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2022-07-13 18:00:44,371 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/8589f2741/02febd85f7dc4fa399691a8e4ced6154/FLAG7c1c75d2c [2022-07-13 18:00:44,731 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/8589f2741/02febd85f7dc4fa399691a8e4ced6154 [2022-07-13 18:00:44,733 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-07-13 18:00:44,733 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-07-13 18:00:44,734 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-07-13 18:00:44,734 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-07-13 18:00:44,739 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-07-13 18:00:44,739 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 13.07 06:00:44" (1/1) ... [2022-07-13 18:00:44,740 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7953cb11 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:44, skipping insertion in model container [2022-07-13 18:00:44,741 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 13.07 06:00:44" (1/1) ... [2022-07-13 18:00:44,747 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-07-13 18:00:44,796 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-07-13 18:00:44,974 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2022-07-13 18:00:45,104 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-13 18:00:45,110 INFO L203 MainTranslator]: Completed pre-run [2022-07-13 18:00:45,124 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2022-07-13 18:00:45,166 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-13 18:00:45,177 INFO L208 MainTranslator]: Completed translation [2022-07-13 18:00:45,180 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45 WrapperNode [2022-07-13 18:00:45,181 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-07-13 18:00:45,182 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-07-13 18:00:45,182 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-07-13 18:00:45,182 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-07-13 18:00:45,186 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,199 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,222 INFO L137 Inliner]: procedures = 56, calls = 158, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 259 [2022-07-13 18:00:45,222 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-07-13 18:00:45,228 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-07-13 18:00:45,228 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-07-13 18:00:45,228 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-07-13 18:00:45,234 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,234 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,244 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,252 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,256 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,259 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,264 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,265 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-07-13 18:00:45,266 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-07-13 18:00:45,266 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-07-13 18:00:45,266 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-07-13 18:00:45,267 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (1/1) ... [2022-07-13 18:00:45,281 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-13 18:00:45,291 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-13 18:00:45,302 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-07-13 18:00:45,308 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-07-13 18:00:45,347 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-07-13 18:00:45,347 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-07-13 18:00:45,347 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-07-13 18:00:45,347 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-07-13 18:00:45,347 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-07-13 18:00:45,348 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-07-13 18:00:45,348 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-07-13 18:00:45,348 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-07-13 18:00:45,348 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-07-13 18:00:45,348 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-07-13 18:00:45,348 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-07-13 18:00:45,348 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-07-13 18:00:45,348 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-07-13 18:00:45,348 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-07-13 18:00:45,348 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-07-13 18:00:45,348 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-07-13 18:00:45,348 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-07-13 18:00:45,349 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-07-13 18:00:45,349 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-07-13 18:00:45,349 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-07-13 18:00:45,424 INFO L234 CfgBuilder]: Building ICFG [2022-07-13 18:00:45,426 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-07-13 18:00:45,696 INFO L275 CfgBuilder]: Performing block encoding [2022-07-13 18:00:45,701 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-07-13 18:00:45,701 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-07-13 18:00:45,703 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.07 06:00:45 BoogieIcfgContainer [2022-07-13 18:00:45,703 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-07-13 18:00:45,704 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-07-13 18:00:45,704 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-07-13 18:00:45,709 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-07-13 18:00:45,709 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 13.07 06:00:44" (1/3) ... [2022-07-13 18:00:45,710 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7c6feca5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 13.07 06:00:45, skipping insertion in model container [2022-07-13 18:00:45,710 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:00:45" (2/3) ... [2022-07-13 18:00:45,710 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7c6feca5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 13.07 06:00:45, skipping insertion in model container [2022-07-13 18:00:45,710 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.07 06:00:45" (3/3) ... [2022-07-13 18:00:45,711 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product39.cil.c [2022-07-13 18:00:45,721 INFO L201 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-07-13 18:00:45,721 INFO L160 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-07-13 18:00:45,767 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-07-13 18:00:45,774 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@4d90f411, mLbeIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@389fd4e0 [2022-07-13 18:00:45,774 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-07-13 18:00:45,781 INFO L276 IsEmpty]: Start isEmpty. Operand has 97 states, 73 states have (on average 1.36986301369863) internal successors, (100), 82 states have internal predecessors, (100), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2022-07-13 18:00:45,795 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-07-13 18:00:45,796 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:45,796 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:45,797 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:45,802 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:45,802 INFO L85 PathProgramCache]: Analyzing trace with hash -1244587252, now seen corresponding path program 1 times [2022-07-13 18:00:45,808 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:45,808 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1707339887] [2022-07-13 18:00:45,808 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:45,809 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:45,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:45,997 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-07-13 18:00:45,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-13 18:00:46,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,007 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:00:46,008 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:46,008 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1707339887] [2022-07-13 18:00:46,009 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1707339887] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:46,009 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:46,009 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-07-13 18:00:46,011 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2118825675] [2022-07-13 18:00:46,011 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:46,014 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-07-13 18:00:46,015 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:46,034 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-07-13 18:00:46,035 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-13 18:00:46,038 INFO L87 Difference]: Start difference. First operand has 97 states, 73 states have (on average 1.36986301369863) internal successors, (100), 82 states have internal predecessors, (100), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:00:46,074 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:46,075 INFO L93 Difference]: Finished difference Result 185 states and 250 transitions. [2022-07-13 18:00:46,076 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-07-13 18:00:46,077 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-07-13 18:00:46,078 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:46,086 INFO L225 Difference]: With dead ends: 185 [2022-07-13 18:00:46,087 INFO L226 Difference]: Without dead ends: 88 [2022-07-13 18:00:46,091 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-13 18:00:46,095 INFO L413 NwaCegarLoop]: 122 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 122 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:46,096 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 122 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:00:46,110 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2022-07-13 18:00:46,138 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 88. [2022-07-13 18:00:46,140 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 66 states have (on average 1.303030303030303) internal successors, (86), 74 states have internal predecessors, (86), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-07-13 18:00:46,156 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 113 transitions. [2022-07-13 18:00:46,157 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 113 transitions. Word has length 32 [2022-07-13 18:00:46,157 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:46,157 INFO L495 AbstractCegarLoop]: Abstraction has 88 states and 113 transitions. [2022-07-13 18:00:46,158 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:00:46,158 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 113 transitions. [2022-07-13 18:00:46,160 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-07-13 18:00:46,160 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:46,160 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:46,160 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-07-13 18:00:46,161 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:46,161 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:46,161 INFO L85 PathProgramCache]: Analyzing trace with hash 1577409017, now seen corresponding path program 1 times [2022-07-13 18:00:46,161 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:46,162 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1225044375] [2022-07-13 18:00:46,162 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:46,162 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:46,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-07-13 18:00:46,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-07-13 18:00:46,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,254 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:00:46,262 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:46,262 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1225044375] [2022-07-13 18:00:46,262 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1225044375] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:46,263 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:46,263 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-13 18:00:46,263 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [961702002] [2022-07-13 18:00:46,263 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:46,264 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-13 18:00:46,264 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:46,265 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-13 18:00:46,265 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:00:46,265 INFO L87 Difference]: Start difference. First operand 88 states and 113 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:00:46,277 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:46,277 INFO L93 Difference]: Finished difference Result 137 states and 175 transitions. [2022-07-13 18:00:46,281 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-13 18:00:46,282 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-07-13 18:00:46,282 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:46,283 INFO L225 Difference]: With dead ends: 137 [2022-07-13 18:00:46,283 INFO L226 Difference]: Without dead ends: 79 [2022-07-13 18:00:46,284 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:00:46,285 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 16 mSDsluCounter, 79 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 179 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:46,286 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 179 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:00:46,286 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-07-13 18:00:46,293 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-07-13 18:00:46,293 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 60 states have (on average 1.3166666666666667) internal successors, (79), 68 states have internal predecessors, (79), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-07-13 18:00:46,294 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 101 transitions. [2022-07-13 18:00:46,294 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 101 transitions. Word has length 33 [2022-07-13 18:00:46,294 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:46,294 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 101 transitions. [2022-07-13 18:00:46,294 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:00:46,295 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-07-13 18:00:46,301 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-07-13 18:00:46,302 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:46,302 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:46,302 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-07-13 18:00:46,302 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:46,302 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:46,303 INFO L85 PathProgramCache]: Analyzing trace with hash 1563484802, now seen corresponding path program 1 times [2022-07-13 18:00:46,303 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:46,303 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [901260102] [2022-07-13 18:00:46,303 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:46,304 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:46,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,368 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-07-13 18:00:46,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-07-13 18:00:46,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,374 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:00:46,374 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:46,374 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [901260102] [2022-07-13 18:00:46,374 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [901260102] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:46,374 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:46,374 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-13 18:00:46,374 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [998917529] [2022-07-13 18:00:46,374 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:46,375 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-13 18:00:46,375 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:46,375 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-13 18:00:46,375 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:00:46,375 INFO L87 Difference]: Start difference. First operand 79 states and 101 transitions. Second operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-13 18:00:46,409 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:46,409 INFO L93 Difference]: Finished difference Result 220 states and 287 transitions. [2022-07-13 18:00:46,412 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-13 18:00:46,413 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-07-13 18:00:46,413 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:46,416 INFO L225 Difference]: With dead ends: 220 [2022-07-13 18:00:46,416 INFO L226 Difference]: Without dead ends: 149 [2022-07-13 18:00:46,417 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:00:46,417 INFO L413 NwaCegarLoop]: 124 mSDtfsCounter, 76 mSDsluCounter, 90 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 76 SdHoareTripleChecker+Valid, 214 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:46,418 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [76 Valid, 214 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:00:46,418 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 149 states. [2022-07-13 18:00:46,445 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 149 to 146. [2022-07-13 18:00:46,447 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 146 states, 109 states have (on average 1.3394495412844036) internal successors, (146), 124 states have internal predecessors, (146), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2022-07-13 18:00:46,450 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 146 states to 146 states and 190 transitions. [2022-07-13 18:00:46,450 INFO L78 Accepts]: Start accepts. Automaton has 146 states and 190 transitions. Word has length 37 [2022-07-13 18:00:46,450 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:46,451 INFO L495 AbstractCegarLoop]: Abstraction has 146 states and 190 transitions. [2022-07-13 18:00:46,451 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-13 18:00:46,451 INFO L276 IsEmpty]: Start isEmpty. Operand 146 states and 190 transitions. [2022-07-13 18:00:46,452 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-07-13 18:00:46,452 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:46,452 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:46,452 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-07-13 18:00:46,453 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:46,453 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:46,453 INFO L85 PathProgramCache]: Analyzing trace with hash 209384056, now seen corresponding path program 1 times [2022-07-13 18:00:46,453 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:46,453 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [104270855] [2022-07-13 18:00:46,453 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:46,453 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:46,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,529 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-07-13 18:00:46,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,542 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-07-13 18:00:46,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,573 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-07-13 18:00:46,574 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:46,574 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [104270855] [2022-07-13 18:00:46,574 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [104270855] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:46,574 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:46,574 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-13 18:00:46,574 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1086763548] [2022-07-13 18:00:46,575 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:46,576 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-13 18:00:46,576 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:46,577 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-13 18:00:46,577 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-13 18:00:46,577 INFO L87 Difference]: Start difference. First operand 146 states and 190 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:00:46,692 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:46,693 INFO L93 Difference]: Finished difference Result 386 states and 515 transitions. [2022-07-13 18:00:46,693 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-07-13 18:00:46,693 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-07-13 18:00:46,694 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:46,703 INFO L225 Difference]: With dead ends: 386 [2022-07-13 18:00:46,703 INFO L226 Difference]: Without dead ends: 248 [2022-07-13 18:00:46,705 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-07-13 18:00:46,706 INFO L413 NwaCegarLoop]: 114 mSDtfsCounter, 49 mSDsluCounter, 369 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 50 SdHoareTripleChecker+Valid, 483 SdHoareTripleChecker+Invalid, 79 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:46,707 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [50 Valid, 483 Invalid, 79 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-13 18:00:46,707 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 248 states. [2022-07-13 18:00:46,726 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 248 to 235. [2022-07-13 18:00:46,727 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 235 states, 176 states have (on average 1.2954545454545454) internal successors, (228), 191 states have internal predecessors, (228), 32 states have call successors, (32), 26 states have call predecessors, (32), 26 states have return successors, (40), 29 states have call predecessors, (40), 32 states have call successors, (40) [2022-07-13 18:00:46,728 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 235 states to 235 states and 300 transitions. [2022-07-13 18:00:46,728 INFO L78 Accepts]: Start accepts. Automaton has 235 states and 300 transitions. Word has length 41 [2022-07-13 18:00:46,728 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:46,728 INFO L495 AbstractCegarLoop]: Abstraction has 235 states and 300 transitions. [2022-07-13 18:00:46,729 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:00:46,729 INFO L276 IsEmpty]: Start isEmpty. Operand 235 states and 300 transitions. [2022-07-13 18:00:46,730 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-07-13 18:00:46,730 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:46,730 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:46,730 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-07-13 18:00:46,730 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:46,730 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:46,731 INFO L85 PathProgramCache]: Analyzing trace with hash -1528927009, now seen corresponding path program 1 times [2022-07-13 18:00:46,731 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:46,731 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1175938692] [2022-07-13 18:00:46,731 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:46,731 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:46,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,756 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-07-13 18:00:46,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-07-13 18:00:46,762 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-07-13 18:00:46,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:46,784 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:00:46,784 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:46,784 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1175938692] [2022-07-13 18:00:46,784 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1175938692] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:46,784 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:46,784 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-13 18:00:46,784 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1326173688] [2022-07-13 18:00:46,784 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:46,785 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-13 18:00:46,785 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:46,785 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-13 18:00:46,785 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-13 18:00:46,785 INFO L87 Difference]: Start difference. First operand 235 states and 300 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:00:46,950 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:46,950 INFO L93 Difference]: Finished difference Result 522 states and 677 transitions. [2022-07-13 18:00:46,951 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-13 18:00:46,951 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-07-13 18:00:46,951 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:46,953 INFO L225 Difference]: With dead ends: 522 [2022-07-13 18:00:46,953 INFO L226 Difference]: Without dead ends: 295 [2022-07-13 18:00:46,953 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-07-13 18:00:46,954 INFO L413 NwaCegarLoop]: 95 mSDtfsCounter, 65 mSDsluCounter, 290 mSDsCounter, 0 mSdLazyCounter, 112 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 385 SdHoareTripleChecker+Invalid, 134 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 112 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:46,954 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [68 Valid, 385 Invalid, 134 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 112 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-13 18:00:46,955 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 295 states. [2022-07-13 18:00:46,990 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 295 to 287. [2022-07-13 18:00:46,991 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 287 states, 218 states have (on average 1.275229357798165) internal successors, (278), 233 states have internal predecessors, (278), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2022-07-13 18:00:46,992 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 287 states to 287 states and 364 transitions. [2022-07-13 18:00:46,992 INFO L78 Accepts]: Start accepts. Automaton has 287 states and 364 transitions. Word has length 51 [2022-07-13 18:00:46,992 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:46,993 INFO L495 AbstractCegarLoop]: Abstraction has 287 states and 364 transitions. [2022-07-13 18:00:46,993 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:00:46,993 INFO L276 IsEmpty]: Start isEmpty. Operand 287 states and 364 transitions. [2022-07-13 18:00:46,994 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-07-13 18:00:46,994 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:46,994 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:46,994 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-07-13 18:00:46,994 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:46,995 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:46,995 INFO L85 PathProgramCache]: Analyzing trace with hash 1077096545, now seen corresponding path program 1 times [2022-07-13 18:00:46,995 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:46,995 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1880140750] [2022-07-13 18:00:46,995 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:46,995 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:47,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-07-13 18:00:47,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-07-13 18:00:47,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,100 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-07-13 18:00:47,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,103 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:00:47,103 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:47,104 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1880140750] [2022-07-13 18:00:47,104 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1880140750] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:47,104 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:47,104 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-13 18:00:47,104 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [27900207] [2022-07-13 18:00:47,104 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:47,105 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-13 18:00:47,105 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:47,105 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-13 18:00:47,105 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-13 18:00:47,106 INFO L87 Difference]: Start difference. First operand 287 states and 364 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-13 18:00:47,355 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:47,355 INFO L93 Difference]: Finished difference Result 596 states and 773 transitions. [2022-07-13 18:00:47,355 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-07-13 18:00:47,356 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 51 [2022-07-13 18:00:47,356 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:47,357 INFO L225 Difference]: With dead ends: 596 [2022-07-13 18:00:47,358 INFO L226 Difference]: Without dead ends: 317 [2022-07-13 18:00:47,359 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 17 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=54, Invalid=102, Unknown=0, NotChecked=0, Total=156 [2022-07-13 18:00:47,359 INFO L413 NwaCegarLoop]: 117 mSDtfsCounter, 213 mSDsluCounter, 320 mSDsCounter, 0 mSdLazyCounter, 163 mSolverCounterSat, 62 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 220 SdHoareTripleChecker+Valid, 437 SdHoareTripleChecker+Invalid, 225 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 62 IncrementalHoareTripleChecker+Valid, 163 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:47,360 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [220 Valid, 437 Invalid, 225 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [62 Valid, 163 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-07-13 18:00:47,360 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 317 states. [2022-07-13 18:00:47,373 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 317 to 291. [2022-07-13 18:00:47,375 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 291 states, 222 states have (on average 1.2702702702702702) internal successors, (282), 237 states have internal predecessors, (282), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2022-07-13 18:00:47,377 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 291 states to 291 states and 368 transitions. [2022-07-13 18:00:47,377 INFO L78 Accepts]: Start accepts. Automaton has 291 states and 368 transitions. Word has length 51 [2022-07-13 18:00:47,377 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:47,377 INFO L495 AbstractCegarLoop]: Abstraction has 291 states and 368 transitions. [2022-07-13 18:00:47,378 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-13 18:00:47,378 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 368 transitions. [2022-07-13 18:00:47,388 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-07-13 18:00:47,388 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:47,388 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:47,388 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-07-13 18:00:47,389 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:47,389 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:47,389 INFO L85 PathProgramCache]: Analyzing trace with hash 1499798371, now seen corresponding path program 1 times [2022-07-13 18:00:47,389 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:47,389 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1423810148] [2022-07-13 18:00:47,390 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:47,390 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:47,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,456 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-07-13 18:00:47,457 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,462 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-07-13 18:00:47,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,479 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-07-13 18:00:47,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,481 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:00:47,483 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:47,483 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1423810148] [2022-07-13 18:00:47,483 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1423810148] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:47,483 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:47,484 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-07-13 18:00:47,484 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [141355340] [2022-07-13 18:00:47,484 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:47,484 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-07-13 18:00:47,485 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:47,485 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-07-13 18:00:47,486 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-07-13 18:00:47,486 INFO L87 Difference]: Start difference. First operand 291 states and 368 transitions. Second operand has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:00:47,693 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:47,693 INFO L93 Difference]: Finished difference Result 846 states and 1109 transitions. [2022-07-13 18:00:47,693 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-13 18:00:47,694 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-07-13 18:00:47,694 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:47,696 INFO L225 Difference]: With dead ends: 846 [2022-07-13 18:00:47,696 INFO L226 Difference]: Without dead ends: 563 [2022-07-13 18:00:47,697 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-07-13 18:00:47,698 INFO L413 NwaCegarLoop]: 149 mSDtfsCounter, 219 mSDsluCounter, 183 mSDsCounter, 0 mSdLazyCounter, 152 mSolverCounterSat, 67 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 226 SdHoareTripleChecker+Valid, 332 SdHoareTripleChecker+Invalid, 219 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 67 IncrementalHoareTripleChecker+Valid, 152 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:47,698 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [226 Valid, 332 Invalid, 219 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [67 Valid, 152 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-07-13 18:00:47,699 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 563 states. [2022-07-13 18:00:47,747 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 563 to 556. [2022-07-13 18:00:47,748 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 556 states, 421 states have (on average 1.2351543942992873) internal successors, (520), 445 states have internal predecessors, (520), 73 states have call successors, (73), 59 states have call predecessors, (73), 61 states have return successors, (111), 72 states have call predecessors, (111), 73 states have call successors, (111) [2022-07-13 18:00:47,750 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 556 states to 556 states and 704 transitions. [2022-07-13 18:00:47,750 INFO L78 Accepts]: Start accepts. Automaton has 556 states and 704 transitions. Word has length 51 [2022-07-13 18:00:47,751 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:47,751 INFO L495 AbstractCegarLoop]: Abstraction has 556 states and 704 transitions. [2022-07-13 18:00:47,751 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:00:47,751 INFO L276 IsEmpty]: Start isEmpty. Operand 556 states and 704 transitions. [2022-07-13 18:00:47,752 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2022-07-13 18:00:47,752 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:47,752 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:47,752 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-07-13 18:00:47,752 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:47,752 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:47,753 INFO L85 PathProgramCache]: Analyzing trace with hash -85847159, now seen corresponding path program 1 times [2022-07-13 18:00:47,753 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:47,753 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [163648913] [2022-07-13 18:00:47,753 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:47,753 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:47,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,866 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:00:47,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,881 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-07-13 18:00:47,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-07-13 18:00:47,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-07-13 18:00:47,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:47,916 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:00:47,916 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:47,917 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [163648913] [2022-07-13 18:00:47,917 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [163648913] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:47,917 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:47,917 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-07-13 18:00:47,917 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [73359586] [2022-07-13 18:00:47,917 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:47,917 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-07-13 18:00:47,917 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:47,918 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-07-13 18:00:47,918 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2022-07-13 18:00:47,918 INFO L87 Difference]: Start difference. First operand 556 states and 704 transitions. Second operand has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-07-13 18:00:48,671 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:48,672 INFO L93 Difference]: Finished difference Result 1787 states and 2374 transitions. [2022-07-13 18:00:48,672 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2022-07-13 18:00:48,672 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 55 [2022-07-13 18:00:48,673 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:48,680 INFO L225 Difference]: With dead ends: 1787 [2022-07-13 18:00:48,680 INFO L226 Difference]: Without dead ends: 1342 [2022-07-13 18:00:48,683 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 10 SyntacticMatches, 1 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 294 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=221, Invalid=969, Unknown=0, NotChecked=0, Total=1190 [2022-07-13 18:00:48,683 INFO L413 NwaCegarLoop]: 171 mSDtfsCounter, 519 mSDsluCounter, 747 mSDsCounter, 0 mSdLazyCounter, 862 mSolverCounterSat, 194 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 529 SdHoareTripleChecker+Valid, 918 SdHoareTripleChecker+Invalid, 1056 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 194 IncrementalHoareTripleChecker+Valid, 862 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:48,684 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [529 Valid, 918 Invalid, 1056 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [194 Valid, 862 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-07-13 18:00:48,685 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1342 states. [2022-07-13 18:00:48,767 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1342 to 1083. [2022-07-13 18:00:48,768 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1083 states, 820 states have (on average 1.2317073170731707) internal successors, (1010), 873 states have internal predecessors, (1010), 142 states have call successors, (142), 104 states have call predecessors, (142), 120 states have return successors, (220), 140 states have call predecessors, (220), 142 states have call successors, (220) [2022-07-13 18:00:48,772 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1083 states to 1083 states and 1372 transitions. [2022-07-13 18:00:48,772 INFO L78 Accepts]: Start accepts. Automaton has 1083 states and 1372 transitions. Word has length 55 [2022-07-13 18:00:48,773 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:48,773 INFO L495 AbstractCegarLoop]: Abstraction has 1083 states and 1372 transitions. [2022-07-13 18:00:48,773 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-07-13 18:00:48,773 INFO L276 IsEmpty]: Start isEmpty. Operand 1083 states and 1372 transitions. [2022-07-13 18:00:48,774 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-07-13 18:00:48,774 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:48,774 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:48,774 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-07-13 18:00:48,775 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:48,775 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:48,791 INFO L85 PathProgramCache]: Analyzing trace with hash 1602781584, now seen corresponding path program 1 times [2022-07-13 18:00:48,791 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:48,791 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1033603806] [2022-07-13 18:00:48,791 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:48,791 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:48,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:48,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:00:48,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:48,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-13 18:00:48,851 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:48,858 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:48,859 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:48,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-07-13 18:00:48,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:48,866 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-07-13 18:00:48,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:48,867 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-07-13 18:00:48,867 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:48,868 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 18 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-07-13 18:00:48,868 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:48,868 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1033603806] [2022-07-13 18:00:48,868 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1033603806] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:48,868 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:48,868 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-07-13 18:00:48,868 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1990299613] [2022-07-13 18:00:48,869 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:48,869 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-07-13 18:00:48,869 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:48,869 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-07-13 18:00:48,869 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2022-07-13 18:00:48,869 INFO L87 Difference]: Start difference. First operand 1083 states and 1372 transitions. Second operand has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-07-13 18:00:49,104 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:49,104 INFO L93 Difference]: Finished difference Result 1319 states and 1661 transitions. [2022-07-13 18:00:49,105 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-07-13 18:00:49,105 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) Word has length 85 [2022-07-13 18:00:49,106 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:49,109 INFO L225 Difference]: With dead ends: 1319 [2022-07-13 18:00:49,109 INFO L226 Difference]: Without dead ends: 556 [2022-07-13 18:00:49,112 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2022-07-13 18:00:49,114 INFO L413 NwaCegarLoop]: 136 mSDtfsCounter, 304 mSDsluCounter, 223 mSDsCounter, 0 mSdLazyCounter, 198 mSolverCounterSat, 108 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 313 SdHoareTripleChecker+Valid, 359 SdHoareTripleChecker+Invalid, 306 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 108 IncrementalHoareTripleChecker+Valid, 198 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:49,114 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [313 Valid, 359 Invalid, 306 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [108 Valid, 198 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-07-13 18:00:49,116 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 556 states. [2022-07-13 18:00:49,140 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 556 to 530. [2022-07-13 18:00:49,141 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 530 states, 402 states have (on average 1.1965174129353233) internal successors, (481), 426 states have internal predecessors, (481), 68 states have call successors, (68), 51 states have call predecessors, (68), 59 states have return successors, (107), 68 states have call predecessors, (107), 68 states have call successors, (107) [2022-07-13 18:00:49,144 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 530 states to 530 states and 656 transitions. [2022-07-13 18:00:49,144 INFO L78 Accepts]: Start accepts. Automaton has 530 states and 656 transitions. Word has length 85 [2022-07-13 18:00:49,144 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:49,144 INFO L495 AbstractCegarLoop]: Abstraction has 530 states and 656 transitions. [2022-07-13 18:00:49,145 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-07-13 18:00:49,145 INFO L276 IsEmpty]: Start isEmpty. Operand 530 states and 656 transitions. [2022-07-13 18:00:49,146 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 95 [2022-07-13 18:00:49,146 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:49,146 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:49,146 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-07-13 18:00:49,147 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:49,147 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:49,147 INFO L85 PathProgramCache]: Analyzing trace with hash 1627346287, now seen corresponding path program 1 times [2022-07-13 18:00:49,147 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:49,147 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [457914614] [2022-07-13 18:00:49,148 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:49,148 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:49,167 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:00:49,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,243 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-07-13 18:00:49,246 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:49,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-07-13 18:00:49,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-07-13 18:00:49,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,284 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-07-13 18:00:49,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-07-13 18:00:49,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-07-13 18:00:49,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,290 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 8 proven. 18 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-07-13 18:00:49,290 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:49,290 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [457914614] [2022-07-13 18:00:49,290 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [457914614] provided 0 perfect and 1 imperfect interpolant sequences [2022-07-13 18:00:49,290 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [935282461] [2022-07-13 18:00:49,291 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:49,291 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-07-13 18:00:49,291 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-13 18:00:49,292 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-07-13 18:00:49,293 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-07-13 18:00:49,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:49,434 INFO L263 TraceCheckSpWp]: Trace formula consists of 466 conjuncts, 8 conjunts are in the unsatisfiable core [2022-07-13 18:00:49,440 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-07-13 18:00:49,566 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 24 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-07-13 18:00:49,567 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-07-13 18:00:49,723 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 18 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-07-13 18:00:49,724 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [935282461] provided 0 perfect and 2 imperfect interpolant sequences [2022-07-13 18:00:49,724 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-07-13 18:00:49,724 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-07-13 18:00:49,724 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1731689129] [2022-07-13 18:00:49,724 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-07-13 18:00:49,725 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-07-13 18:00:49,725 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:49,725 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-07-13 18:00:49,726 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-07-13 18:00:49,726 INFO L87 Difference]: Start difference. First operand 530 states and 656 transitions. Second operand has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-07-13 18:00:50,515 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:50,516 INFO L93 Difference]: Finished difference Result 1149 states and 1458 transitions. [2022-07-13 18:00:50,516 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2022-07-13 18:00:50,516 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) Word has length 94 [2022-07-13 18:00:50,518 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:50,521 INFO L225 Difference]: With dead ends: 1149 [2022-07-13 18:00:50,521 INFO L226 Difference]: Without dead ends: 675 [2022-07-13 18:00:50,525 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 255 GetRequests, 212 SyntacticMatches, 1 SemanticMatches, 42 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 448 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=441, Invalid=1451, Unknown=0, NotChecked=0, Total=1892 [2022-07-13 18:00:50,526 INFO L413 NwaCegarLoop]: 206 mSDtfsCounter, 461 mSDsluCounter, 624 mSDsCounter, 0 mSdLazyCounter, 595 mSolverCounterSat, 257 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 465 SdHoareTripleChecker+Valid, 830 SdHoareTripleChecker+Invalid, 852 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 257 IncrementalHoareTripleChecker+Valid, 595 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:50,527 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [465 Valid, 830 Invalid, 852 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [257 Valid, 595 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-07-13 18:00:50,528 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 675 states. [2022-07-13 18:00:50,557 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 675 to 591. [2022-07-13 18:00:50,558 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 591 states, 442 states have (on average 1.1787330316742082) internal successors, (521), 474 states have internal predecessors, (521), 78 states have call successors, (78), 65 states have call predecessors, (78), 70 states have return successors, (103), 73 states have call predecessors, (103), 78 states have call successors, (103) [2022-07-13 18:00:50,560 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 591 states to 591 states and 702 transitions. [2022-07-13 18:00:50,561 INFO L78 Accepts]: Start accepts. Automaton has 591 states and 702 transitions. Word has length 94 [2022-07-13 18:00:50,562 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:50,562 INFO L495 AbstractCegarLoop]: Abstraction has 591 states and 702 transitions. [2022-07-13 18:00:50,562 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-07-13 18:00:50,562 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 702 transitions. [2022-07-13 18:00:50,566 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-07-13 18:00:50,566 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:50,566 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:50,602 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-07-13 18:00:50,783 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-07-13 18:00:50,784 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:50,784 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:50,784 INFO L85 PathProgramCache]: Analyzing trace with hash -299983089, now seen corresponding path program 1 times [2022-07-13 18:00:50,784 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:50,784 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2849555] [2022-07-13 18:00:50,785 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:50,785 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:50,815 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,846 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:00:50,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,853 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-07-13 18:00:50,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,858 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:50,859 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-07-13 18:00:50,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,865 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-07-13 18:00:50,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,870 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:50,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-07-13 18:00:50,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,873 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-07-13 18:00:50,873 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,874 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-07-13 18:00:50,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,917 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:50,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,919 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-07-13 18:00:50,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,920 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-07-13 18:00:50,921 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-07-13 18:00:50,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-07-13 18:00:50,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,926 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-07-13 18:00:50,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:50,927 INFO L134 CoverageAnalysis]: Checked inductivity of 188 backedges. 79 proven. 0 refuted. 0 times theorem prover too weak. 109 trivial. 0 not checked. [2022-07-13 18:00:50,927 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:50,927 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2849555] [2022-07-13 18:00:50,928 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2849555] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:50,928 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:00:50,928 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-07-13 18:00:50,928 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1019075261] [2022-07-13 18:00:50,928 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:50,929 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-07-13 18:00:50,929 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:50,929 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-07-13 18:00:50,929 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2022-07-13 18:00:50,930 INFO L87 Difference]: Start difference. First operand 591 states and 702 transitions. Second operand has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) [2022-07-13 18:00:51,463 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:51,463 INFO L93 Difference]: Finished difference Result 1686 states and 2029 transitions. [2022-07-13 18:00:51,464 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 22 states. [2022-07-13 18:00:51,464 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) Word has length 171 [2022-07-13 18:00:51,464 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:51,470 INFO L225 Difference]: With dead ends: 1686 [2022-07-13 18:00:51,470 INFO L226 Difference]: Without dead ends: 1103 [2022-07-13 18:00:51,472 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 40 SyntacticMatches, 0 SemanticMatches, 26 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 150 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=178, Invalid=578, Unknown=0, NotChecked=0, Total=756 [2022-07-13 18:00:51,473 INFO L413 NwaCegarLoop]: 207 mSDtfsCounter, 494 mSDsluCounter, 455 mSDsCounter, 0 mSdLazyCounter, 534 mSolverCounterSat, 192 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 498 SdHoareTripleChecker+Valid, 662 SdHoareTripleChecker+Invalid, 726 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 192 IncrementalHoareTripleChecker+Valid, 534 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:51,473 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [498 Valid, 662 Invalid, 726 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [192 Valid, 534 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-07-13 18:00:51,475 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1103 states. [2022-07-13 18:00:51,524 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1103 to 1101. [2022-07-13 18:00:51,526 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1101 states, 824 states have (on average 1.145631067961165) internal successors, (944), 879 states have internal predecessors, (944), 146 states have call successors, (146), 124 states have call predecessors, (146), 130 states have return successors, (189), 133 states have call predecessors, (189), 146 states have call successors, (189) [2022-07-13 18:00:51,535 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1101 states to 1101 states and 1279 transitions. [2022-07-13 18:00:51,535 INFO L78 Accepts]: Start accepts. Automaton has 1101 states and 1279 transitions. Word has length 171 [2022-07-13 18:00:51,536 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:51,536 INFO L495 AbstractCegarLoop]: Abstraction has 1101 states and 1279 transitions. [2022-07-13 18:00:51,536 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) [2022-07-13 18:00:51,536 INFO L276 IsEmpty]: Start isEmpty. Operand 1101 states and 1279 transitions. [2022-07-13 18:00:51,539 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-07-13 18:00:51,539 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:51,539 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:51,539 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-07-13 18:00:51,539 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:51,539 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:51,539 INFO L85 PathProgramCache]: Analyzing trace with hash -1382549873, now seen corresponding path program 1 times [2022-07-13 18:00:51,540 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:51,540 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1929408581] [2022-07-13 18:00:51,540 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:51,540 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:51,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,566 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:00:51,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-07-13 18:00:51,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-13 18:00:51,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:51,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-07-13 18:00:51,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,588 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-07-13 18:00:51,589 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:51,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-07-13 18:00:51,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-07-13 18:00:51,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-07-13 18:00:51,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,629 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:51,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-07-13 18:00:51,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-07-13 18:00:51,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-07-13 18:00:51,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-07-13 18:00:51,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,635 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 83 proven. 10 refuted. 0 times theorem prover too weak. 91 trivial. 0 not checked. [2022-07-13 18:00:51,635 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:51,635 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1929408581] [2022-07-13 18:00:51,635 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1929408581] provided 0 perfect and 1 imperfect interpolant sequences [2022-07-13 18:00:51,635 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1459740443] [2022-07-13 18:00:51,635 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:51,635 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-07-13 18:00:51,635 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-13 18:00:51,636 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-07-13 18:00:51,637 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-07-13 18:00:51,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:51,748 INFO L263 TraceCheckSpWp]: Trace formula consists of 671 conjuncts, 7 conjunts are in the unsatisfiable core [2022-07-13 18:00:51,760 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-07-13 18:00:51,856 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 127 proven. 0 refuted. 0 times theorem prover too weak. 57 trivial. 0 not checked. [2022-07-13 18:00:51,856 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-07-13 18:00:51,856 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1459740443] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:00:51,856 INFO L184 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-07-13 18:00:51,857 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [11] total 15 [2022-07-13 18:00:51,857 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1780275168] [2022-07-13 18:00:51,857 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:00:51,877 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-13 18:00:51,878 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:51,878 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-13 18:00:51,878 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=173, Unknown=0, NotChecked=0, Total=210 [2022-07-13 18:00:51,879 INFO L87 Difference]: Start difference. First operand 1101 states and 1279 transitions. Second operand has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-07-13 18:00:51,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:51,973 INFO L93 Difference]: Finished difference Result 2020 states and 2353 transitions. [2022-07-13 18:00:51,974 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-07-13 18:00:51,974 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 171 [2022-07-13 18:00:51,974 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:51,979 INFO L225 Difference]: With dead ends: 2020 [2022-07-13 18:00:51,987 INFO L226 Difference]: Without dead ends: 1023 [2022-07-13 18:00:51,990 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 209 GetRequests, 193 SyntacticMatches, 1 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 29 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=52, Invalid=220, Unknown=0, NotChecked=0, Total=272 [2022-07-13 18:00:51,990 INFO L413 NwaCegarLoop]: 162 mSDtfsCounter, 69 mSDsluCounter, 254 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 69 SdHoareTripleChecker+Valid, 416 SdHoareTripleChecker+Invalid, 75 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:51,991 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [69 Valid, 416 Invalid, 75 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:00:51,992 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1023 states. [2022-07-13 18:00:52,027 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1023 to 1008. [2022-07-13 18:00:52,028 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1008 states, 760 states have (on average 1.138157894736842) internal successors, (865), 806 states have internal predecessors, (865), 131 states have call successors, (131), 113 states have call predecessors, (131), 116 states have return successors, (167), 119 states have call predecessors, (167), 131 states have call successors, (167) [2022-07-13 18:00:52,031 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1008 states to 1008 states and 1163 transitions. [2022-07-13 18:00:52,031 INFO L78 Accepts]: Start accepts. Automaton has 1008 states and 1163 transitions. Word has length 171 [2022-07-13 18:00:52,032 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:52,032 INFO L495 AbstractCegarLoop]: Abstraction has 1008 states and 1163 transitions. [2022-07-13 18:00:52,032 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-07-13 18:00:52,032 INFO L276 IsEmpty]: Start isEmpty. Operand 1008 states and 1163 transitions. [2022-07-13 18:00:52,034 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-07-13 18:00:52,034 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:00:52,034 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:00:52,054 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-07-13 18:00:52,247 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2022-07-13 18:00:52,247 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:00:52,248 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:00:52,248 INFO L85 PathProgramCache]: Analyzing trace with hash 2106216135, now seen corresponding path program 2 times [2022-07-13 18:00:52,248 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:00:52,248 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [13550023] [2022-07-13 18:00:52,248 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:00:52,248 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:00:52,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:00:52,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-07-13 18:00:52,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:52,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-07-13 18:00:52,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,313 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-07-13 18:00:52,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:52,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-07-13 18:00:52,319 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-07-13 18:00:52,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-07-13 18:00:52,325 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,326 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-07-13 18:00:52,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,371 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:00:52,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-07-13 18:00:52,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,376 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-07-13 18:00:52,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-07-13 18:00:52,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-07-13 18:00:52,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:00:52,382 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 66 proven. 5 refuted. 0 times theorem prover too weak. 113 trivial. 0 not checked. [2022-07-13 18:00:52,382 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:00:52,382 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [13550023] [2022-07-13 18:00:52,382 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [13550023] provided 0 perfect and 1 imperfect interpolant sequences [2022-07-13 18:00:52,382 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [209287671] [2022-07-13 18:00:52,383 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-07-13 18:00:52,383 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-07-13 18:00:52,383 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-13 18:00:52,396 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-07-13 18:00:52,397 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-07-13 18:00:52,510 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-07-13 18:00:52,510 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-07-13 18:00:52,513 INFO L263 TraceCheckSpWp]: Trace formula consists of 671 conjuncts, 13 conjunts are in the unsatisfiable core [2022-07-13 18:00:52,522 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-07-13 18:00:52,667 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 134 proven. 4 refuted. 0 times theorem prover too weak. 46 trivial. 0 not checked. [2022-07-13 18:00:52,667 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-07-13 18:00:53,006 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 77 proven. 39 refuted. 0 times theorem prover too weak. 68 trivial. 0 not checked. [2022-07-13 18:00:53,006 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [209287671] provided 0 perfect and 2 imperfect interpolant sequences [2022-07-13 18:00:53,006 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-07-13 18:00:53,006 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 10, 11] total 26 [2022-07-13 18:00:53,009 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1430255897] [2022-07-13 18:00:53,009 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-07-13 18:00:53,010 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-07-13 18:00:53,010 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:00:53,010 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-07-13 18:00:53,011 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=121, Invalid=529, Unknown=0, NotChecked=0, Total=650 [2022-07-13 18:00:53,011 INFO L87 Difference]: Start difference. First operand 1008 states and 1163 transitions. Second operand has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) [2022-07-13 18:00:54,076 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:00:54,076 INFO L93 Difference]: Finished difference Result 2117 states and 2508 transitions. [2022-07-13 18:00:54,077 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 31 states. [2022-07-13 18:00:54,077 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) Word has length 171 [2022-07-13 18:00:54,077 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:00:54,078 INFO L225 Difference]: With dead ends: 2117 [2022-07-13 18:00:54,078 INFO L226 Difference]: Without dead ends: 0 [2022-07-13 18:00:54,084 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 416 GetRequests, 363 SyntacticMatches, 3 SemanticMatches, 50 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 510 ImplicationChecksByTransitivity, 0.5s TimeCoverageRelationStatistics Valid=557, Invalid=2095, Unknown=0, NotChecked=0, Total=2652 [2022-07-13 18:00:54,085 INFO L413 NwaCegarLoop]: 124 mSDtfsCounter, 658 mSDsluCounter, 421 mSDsCounter, 0 mSdLazyCounter, 1527 mSolverCounterSat, 290 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 661 SdHoareTripleChecker+Valid, 545 SdHoareTripleChecker+Invalid, 1817 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 290 IncrementalHoareTripleChecker+Valid, 1527 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-07-13 18:00:54,085 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [661 Valid, 545 Invalid, 1817 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [290 Valid, 1527 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-07-13 18:00:54,085 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-07-13 18:00:54,086 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-07-13 18:00:54,086 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-07-13 18:00:54,086 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-07-13 18:00:54,086 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 171 [2022-07-13 18:00:54,086 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:00:54,087 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-07-13 18:00:54,087 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) [2022-07-13 18:00:54,087 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-07-13 18:00:54,087 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-07-13 18:00:54,089 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-07-13 18:00:54,134 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-07-13 18:00:54,299 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-07-13 18:00:54,301 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-07-13 18:01:04,926 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 206 213) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|))) (and (or .cse0 (not (= 1 ~systemActive~0))) (or .cse0 (not (<= 2 ~waterLevel~0)) (= 0 ~systemActive~0)))) [2022-07-13 18:01:04,926 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 206 213) no Hoare annotation was computed. [2022-07-13 18:01:04,926 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 206 213) no Hoare annotation was computed. [2022-07-13 18:01:04,926 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 139 145) no Hoare annotation was computed. [2022-07-13 18:01:04,927 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 139 145) the Hoare annotation is: true [2022-07-13 18:01:04,927 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 915 926) the Hoare annotation is: (let ((.cse0 (not (< 1 ~waterLevel~0))) (.cse6 (not (<= 1 ~pumpRunning~0))) (.cse7 (not (<= 1 |old(~methaneLevelCritical~0)|))) (.cse5 (not (<= ~waterLevel~0 2))) (.cse1 (not (= |old(~methaneLevelCritical~0)| 0))) (.cse2 (not (= ~pumpRunning~0 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse4 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse8 (not (<= ~waterLevel~0 1)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse3 .cse4 .cse6 .cse5 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse1 .cse3 (not (= 2 ~waterLevel~0)) .cse4 .cse6) (or .cse0 .cse2 .cse3 .cse4 .cse7 .cse5) (or .cse2 .cse3 .cse4 .cse7 .cse8) (or .cse3 .cse4 (not (<= 2 ~waterLevel~0)) .cse6 .cse7 .cse5) (or .cse1 .cse2 .cse3 .cse4 .cse8))) [2022-07-13 18:01:04,927 INFO L899 garLoopResultBuilder]: For program point L919-1(lines 915 926) no Hoare annotation was computed. [2022-07-13 18:01:04,927 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 915 926) no Hoare annotation was computed. [2022-07-13 18:01:04,927 INFO L899 garLoopResultBuilder]: For program point L320(lines 320 324) no Hoare annotation was computed. [2022-07-13 18:01:04,927 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 306 335) no Hoare annotation was computed. [2022-07-13 18:01:04,927 INFO L902 garLoopResultBuilder]: At program point L320-1(lines 320 324) the Hoare annotation is: true [2022-07-13 18:01:04,927 INFO L899 garLoopResultBuilder]: For program point L317(line 317) no Hoare annotation was computed. [2022-07-13 18:01:04,928 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 306 335) the Hoare annotation is: true [2022-07-13 18:01:04,928 INFO L902 garLoopResultBuilder]: At program point L316-2(lines 316 330) the Hoare annotation is: true [2022-07-13 18:01:04,928 INFO L902 garLoopResultBuilder]: At program point L312(line 312) the Hoare annotation is: true [2022-07-13 18:01:04,928 INFO L899 garLoopResultBuilder]: For program point L312-1(line 312) no Hoare annotation was computed. [2022-07-13 18:01:04,928 INFO L902 garLoopResultBuilder]: At program point L331(lines 306 335) the Hoare annotation is: true [2022-07-13 18:01:04,928 INFO L899 garLoopResultBuilder]: For program point L327(line 327) no Hoare annotation was computed. [2022-07-13 18:01:04,928 INFO L895 garLoopResultBuilder]: At program point L192(line 192) the Hoare annotation is: (let ((.cse9 (not (< 1 |old(~waterLevel~0)|))) (.cse8 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse6 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (= ~methaneLevelCritical~0 0))) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse5 .cse6 .cse1 .cse7) (or .cse5 .cse6 .cse1 .cse7 .cse8) (or .cse1 .cse2 .cse9 .cse3 .cse10) (or .cse1 .cse2 .cse9 .cse7 .cse10) (or .cse5 .cse6 .cse1 .cse3 .cse8) (or .cse0 .cse5 .cse6 .cse1 .cse3) (or .cse1 .cse2 .cse7 .cse10 .cse4) (or .cse5 (not (= 0 ~systemActive~0))))) [2022-07-13 18:01:04,928 INFO L895 garLoopResultBuilder]: At program point L192-1(lines 173 197) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse25 (= 1 ~systemActive~0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse26 (<= 1 ~methaneLevelCritical~0)) (.cse9 (= ~pumpRunning~0 0)) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse18 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse27 (<= ~waterLevel~0 1)) (.cse19 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse28 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse20 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse21 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse22 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse4 (<= 1 ~pumpRunning~0)) (.cse17 (and .cse18 .cse10 .cse27 .cse19 .cse28 .cse20 .cse21 .cse11 .cse22)) (.cse1 (and .cse9 .cse5)) (.cse16 (not (= |old(~waterLevel~0)| 1))) (.cse3 (not .cse26)) (.cse13 (and .cse8 .cse9 .cse26 .cse10 .cse27 .cse25 .cse28 .cse11 .cse12)) (.cse14 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse24 (= ~waterLevel~0 1)) (.cse2 (not .cse25)) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse23 (not (< 1 |old(~waterLevel~0)|))) (.cse15 (not (= ~methaneLevelCritical~0 0))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5) .cse6) (or .cse2 .cse7 (and .cse8 .cse9 .cse10 .cse5 .cse11 .cse12) .cse3 .cse13 .cse6 .cse14) (or .cse0 .cse1 .cse2 .cse15 .cse6 (and .cse4 (= 2 ~waterLevel~0) .cse5)) (or .cse2 .cse7 .cse3 .cse13 (not (= |old(~waterLevel~0)| 2))) (or .cse16 .cse2 .cse17 .cse7 .cse15 .cse14) (or .cse2 .cse17 .cse7 .cse15 (and .cse18 .cse10 .cse19 .cse20 .cse21 .cse5 .cse11 .cse22) .cse6 .cse14) (or .cse2 .cse7 .cse23 .cse3 .cse24 .cse6) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3) (or .cse16 .cse2 .cse7 .cse3 .cse13 .cse14) (or (and .cse18 .cse10 .cse19 .cse20 .cse21 .cse24 .cse11 .cse22) .cse2 .cse7 .cse23 .cse15 .cse6) (or .cse0 (not (= 0 ~systemActive~0)))))) [2022-07-13 18:01:04,928 INFO L895 garLoopResultBuilder]: At program point L221(lines 214 224) the Hoare annotation is: (let ((.cse9 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse19 (<= 1 ~methaneLevelCritical~0)) (.cse21 (= 1 ~systemActive~0)) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse20 (<= ~waterLevel~0 1)) (.cse22 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse12 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse14 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (= ~waterLevel~0 1)) (.cse10 (and .cse5 .cse6 .cse20 .cse22 .cse12 .cse8 .cse14)) (.cse11 (not (= ~methaneLevelCritical~0 0))) (.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse17 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not .cse21)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not .cse19)) (.cse18 (and (<= 1 ~pumpRunning~0) .cse5 .cse19 .cse6 .cse20 .cse21 .cse22 .cse8 .cse9)) (.cse15 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse16 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 (and .cse5 .cse6 .cse7 .cse8 .cse9)) (or .cse0 .cse1 .cse10 .cse11 .cse4 (and .cse5 .cse6 .cse12 .cse13 .cse8 .cse14) .cse15) (or .cse16 .cse0 .cse11 (not (= |old(~waterLevel~0)| 2))) (or (not (<= |old(~waterLevel~0)| 1)) .cse16 .cse0 .cse11) (or .cse0 .cse1 .cse2 .cse11 (and .cse5 .cse6 .cse12 .cse7 .cse8 .cse14) .cse4) (or .cse17 .cse0 .cse1 .cse10 .cse11 .cse15) (or .cse16 .cse0 .cse3 .cse4) (or (and .cse5 .cse6 .cse13 .cse8 .cse9) .cse0 .cse1 .cse3 .cse4 .cse18 .cse15) (or .cse17 .cse0 .cse1 .cse3 .cse18 .cse15) (or .cse16 (not (= 0 ~systemActive~0)))))) [2022-07-13 18:01:04,928 INFO L899 garLoopResultBuilder]: For program point L126-1(lines 126 132) no Hoare annotation was computed. [2022-07-13 18:01:04,928 INFO L899 garLoopResultBuilder]: For program point L506(lines 506 512) no Hoare annotation was computed. [2022-07-13 18:01:04,929 INFO L895 garLoopResultBuilder]: At program point L490(lines 483 492) the Hoare annotation is: (let ((.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse12 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (= 1 ~systemActive~0)) (.cse14 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (and .cse13 (let ((.cse15 (<= 1 ~pumpRunning~0))) (or (and .cse15 .cse12 .cse11 (= ~waterLevel~0 1) .cse14) (and .cse15 .cse12 (<= 2 ~waterLevel~0) .cse11 .cse14))))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (and (= ~pumpRunning~0 0) .cse13)) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (and .cse12 .cse13 .cse14)) (.cse0 (not .cse11)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 (not (= 0 ~systemActive~0))) (or .cse7 .cse5 .cse6 .cse0 .cse2) (or .cse5 .cse6 .cse0 .cse2 .cse4) (or .cse0 .cse1 .cse8 .cse3 .cse4) (or .cse7 .cse9 .cse0 .cse1 .cse8 .cse10) (or .cse5 .cse6 .cse0 .cse8 .cse4) (or .cse7 .cse5 .cse6 .cse0 .cse8) (or .cse7 .cse9 .cse0 .cse1 .cse2 .cse10)))) [2022-07-13 18:01:04,929 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 112 138) no Hoare annotation was computed. [2022-07-13 18:01:04,929 INFO L895 garLoopResultBuilder]: At program point L932(lines 927 935) the Hoare annotation is: (let ((.cse14 (<= 1 ~methaneLevelCritical~0)) (.cse16 (<= 1 ~pumpRunning~0)) (.cse17 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse22 (= ~methaneLevelCritical~0 0)) (.cse18 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse19 (<= ~waterLevel~0 1)) (.cse15 (= 1 ~systemActive~0)) (.cse20 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse21 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse6 (not (= |old(~waterLevel~0)| 1))) (.cse8 (and .cse16 .cse17 .cse22 .cse18 .cse19 .cse15 .cse20 .cse21)) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (and .cse17 .cse18 (= ~waterLevel~0 1) .cse21)) (.cse7 (not .cse22)) (.cse12 (not (<= |old(~waterLevel~0)| 1))) (.cse13 (and .cse17 .cse18 (= |old(~waterLevel~0)| ~waterLevel~0) .cse21)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse11 (and .cse16 .cse17 .cse14 .cse18 .cse19 .cse15 .cse20 .cse21)) (.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse15)) (.cse3 (not .cse14)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse0 .cse1 .cse7 .cse8 .cse9) (or .cse10 .cse0 .cse7 (not (= |old(~waterLevel~0)| 2))) (or .cse6 .cse0 .cse1 .cse3 .cse11 .cse9) (or .cse12 .cse13 .cse0 .cse1 .cse7 .cse8 .cse9) (or .cse0 .cse1 .cse2 .cse7 .cse4 .cse5) (or .cse12 .cse10 .cse0 .cse7) (or .cse12 .cse13 .cse0 .cse1 .cse3 .cse11 .cse9) (or .cse10 .cse0 .cse3 .cse5) (or .cse10 (not (= 0 ~systemActive~0)))))) [2022-07-13 18:01:04,929 INFO L899 garLoopResultBuilder]: For program point L895(lines 895 899) no Hoare annotation was computed. [2022-07-13 18:01:04,929 INFO L895 garLoopResultBuilder]: At program point L895-2(lines 891 902) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse16 (<= 1 ~methaneLevelCritical~0)) (.cse18 (<= ~waterLevel~0 1)) (.cse17 (= 1 ~systemActive~0)) (.cse19 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse10 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse13 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse14 (and (<= 1 ~pumpRunning~0) .cse8 .cse16 .cse18 .cse17 .cse19 .cse10)) (.cse15 (and .cse8 (= |old(~waterLevel~0)| ~waterLevel~0) .cse10)) (.cse4 (and .cse8 .cse18 .cse17 .cse19 .cse10)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse9 (= ~waterLevel~0 1)) (.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse7 (not .cse16)) (.cse11 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse6 .cse7 (and .cse8 .cse9 .cse10) .cse11) (or .cse12 .cse1 .cse3 .cse13) (or .cse1 .cse2 .cse3 .cse13 .cse4) (or .cse0 .cse1 .cse2 .cse14 .cse7 .cse5) (or .cse15 .cse1 .cse2 .cse14 .cse7 .cse11 .cse5) (or .cse15 .cse1 .cse2 .cse3 .cse4 .cse11 .cse5) (or .cse1 .cse2 .cse6 .cse3 .cse9 .cse11) (or (not (<= |old(~waterLevel~0)| 1)) .cse12 .cse1 .cse3) (or .cse12 .cse1 .cse7 .cse11) (or .cse12 (not (= 0 ~systemActive~0)))))) [2022-07-13 18:01:04,929 INFO L899 garLoopResultBuilder]: For program point L119(lines 119 125) no Hoare annotation was computed. [2022-07-13 18:01:04,930 INFO L895 garLoopResultBuilder]: At program point L503(line 503) the Hoare annotation is: (let ((.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse24 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse25 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse26 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse27 (<= 0 |timeShift_isMethaneAlarm_#res#1|)) (.cse3 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse4 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse5 (= ~pumpRunning~0 0)) (.cse32 (<= 1 ~methaneLevelCritical~0)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse20 (<= ~waterLevel~0 1)) (.cse30 (= 1 ~systemActive~0)) (.cse31 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse7 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| ~waterLevel~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse10 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse22 (not (= 0 ~systemActive~0))) (.cse8 (= ~waterLevel~0 1)) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse12 (not (<= |old(~waterLevel~0)| 2))) (.cse19 (not (= |old(~pumpRunning~0)| 0))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse15 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse16 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse17 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (and .cse3 .cse4 .cse5 .cse32 .cse6 .cse20 .cse30 .cse31 .cse7 .cse9 .cse10)) (.cse11 (not .cse32)) (.cse29 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not .cse30)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse21 (not (= ~methaneLevelCritical~0 0))) (.cse28 (and .cse23 .cse3 .cse6 .cse20 .cse30 .cse24 .cse31 .cse25 .cse26 .cse7 .cse9 .cse27)) (.cse18 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5 .cse6 .cse7 .cse8 .cse9 .cse10) .cse11 .cse12) (or .cse13 .cse14 .cse0 .cse1 .cse11 (and .cse4 .cse5 .cse15 .cse6 .cse16 .cse17 .cse9 .cse10) .cse18) (or .cse19 .cse0 (and .cse5 .cse15 .cse20 .cse16 .cse17) .cse11 .cse12) (or .cse19 .cse0 .cse21 (not (= |old(~waterLevel~0)| 2))) (or .cse19 (and .cse5 .cse17) .cse22) (or .cse19 .cse2 .cse12 .cse22) (or (and .cse23 .cse3 .cse6 .cse24 .cse25 .cse26 .cse7 .cse8 .cse9 .cse27) .cse0 .cse1 .cse2 .cse21 .cse12) (or .cse13 .cse19 .cse0 .cse21 (and .cse5 .cse15 .cse16 .cse17)) (or .cse13 .cse0 .cse1 (and .cse23 .cse15 .cse6 .cse24 .cse25 .cse26 .cse16 .cse17 .cse9 .cse27) .cse21 .cse28 .cse18) (or .cse29 .cse14 .cse0 .cse1 .cse11 .cse18) (or .cse29 .cse0 .cse1 .cse21 .cse28 .cse18)))) [2022-07-13 18:01:04,930 INFO L899 garLoopResultBuilder]: For program point L503-1(line 503) no Hoare annotation was computed. [2022-07-13 18:01:04,930 INFO L899 garLoopResultBuilder]: For program point L119-2(lines 115 137) no Hoare annotation was computed. [2022-07-13 18:01:04,930 INFO L899 garLoopResultBuilder]: For program point L181(lines 181 189) no Hoare annotation was computed. [2022-07-13 18:01:04,930 INFO L899 garLoopResultBuilder]: For program point L177(lines 177 194) no Hoare annotation was computed. [2022-07-13 18:01:04,930 INFO L899 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-07-13 18:01:04,930 INFO L895 garLoopResultBuilder]: At program point L488(line 488) the Hoare annotation is: (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~pumpRunning~0 0)) (.cse15 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse19 (< 1 ~waterLevel~0)) (.cse17 (= 1 ~systemActive~0)) (.cse20 (<= ~waterLevel~0 2))) (let ((.cse4 (and .cse14 .cse18 .cse15 .cse19 .cse17 .cse20)) (.cse5 (not (<= 2 |old(~waterLevel~0)|))) (.cse10 (not (< 1 |old(~waterLevel~0)|))) (.cse11 (and (<= 1 ~pumpRunning~0) .cse14 .cse15 .cse19 .cse17 .cse20)) (.cse6 (and .cse18 .cse15 .cse16)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (and .cse14 .cse15 .cse16)) (.cse13 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse0 .cse1 .cse2) (or .cse6 .cse7 .cse0 .cse1 .cse8) (or .cse0 .cse1 .cse8 .cse3 .cse4 .cse5) (or .cse1 .cse9 .cse10 .cse11 .cse2 .cse3) (or .cse1 .cse9 .cse10 .cse11 .cse8 .cse3) (or .cse6 .cse0 (not (= 0 ~systemActive~0))) (or .cse7 .cse1 .cse9 .cse2 .cse12 .cse13) (or .cse1 .cse9 .cse8 .cse3 .cse12 .cse13)))) [2022-07-13 18:01:04,930 INFO L899 garLoopResultBuilder]: For program point L488-1(line 488) no Hoare annotation was computed. [2022-07-13 18:01:04,931 INFO L895 garLoopResultBuilder]: At program point L187(line 187) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse12 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse13 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse14 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse15 (<= 1 ~switchedOnBeforeTS~0)) (.cse16 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse9 (and .cse10 .cse11 (<= ~waterLevel~0 1) .cse12 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse13 .cse14 .cse15 .cse16)) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse1 .cse6 (not (= |old(~waterLevel~0)| 2))) (or .cse1 .cse2 .cse7 .cse3 .cse8) (or (not (= |old(~waterLevel~0)| 1)) .cse1 .cse9 .cse2 .cse6 .cse4) (or .cse1 .cse9 .cse2 .cse6 (and .cse10 .cse11 .cse12 .cse13 .cse14 (= |old(~waterLevel~0)| ~waterLevel~0) .cse15 .cse16) .cse8 .cse4) (or .cse0 .cse5 .cse1 .cse6) (or .cse5 .cse1 .cse3 .cse8) (or (and .cse10 .cse11 .cse12 .cse13 .cse14 (= ~waterLevel~0 1) .cse15 .cse16) .cse1 .cse2 .cse7 .cse6 .cse8) (or .cse5 (not (= 0 ~systemActive~0)))))) [2022-07-13 18:01:04,931 INFO L899 garLoopResultBuilder]: For program point L505(lines 505 515) no Hoare annotation was computed. [2022-07-13 18:01:04,931 INFO L895 garLoopResultBuilder]: At program point L183(line 183) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse17 (<= 1 ~methaneLevelCritical~0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse16 (= 1 ~systemActive~0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse7 (not (= |old(~waterLevel~0)| 2))) (.cse2 (and (<= 1 ~pumpRunning~0) .cse8 .cse9 .cse17 .cse10 (<= ~waterLevel~0 1) .cse16 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse11 .cse12)) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not .cse17)) (.cse0 (not .cse16)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse15 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse3 .cse7) (or (and .cse8 .cse9 .cse10 (= |old(~waterLevel~0)| ~waterLevel~0) .cse11 .cse12) .cse13 .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse1 .cse14 .cse6 .cse15) (or .cse0 .cse1 .cse14 .cse3 (= ~waterLevel~0 1) .cse15) (or .cse13 .cse5 .cse0 .cse6) (or .cse5 .cse0 .cse3 .cse15) (or .cse0 .cse1 .cse6 .cse15 .cse4) (or .cse5 (not (= 0 ~systemActive~0)))))) [2022-07-13 18:01:04,931 INFO L895 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (let ((.cse7 (not (< 1 |old(~waterLevel~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse1 .cse6 (not (= |old(~waterLevel~0)| 2))) (or .cse1 .cse2 .cse7 .cse3 .cse8) (or .cse1 .cse2 .cse7 .cse6 .cse8) (or .cse0 .cse5 .cse1 .cse6) (or .cse5 .cse1 .cse3 .cse8) (or .cse1 .cse2 .cse6 .cse8 .cse4) (or .cse5 (not (= 0 ~systemActive~0))))) [2022-07-13 18:01:04,931 INFO L899 garLoopResultBuilder]: For program point L501(lines 501 518) no Hoare annotation was computed. [2022-07-13 18:01:04,932 INFO L895 garLoopResultBuilder]: At program point L501-1(lines 493 521) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse9 (= ~pumpRunning~0 0)) (.cse34 (<= 1 ~methaneLevelCritical~0)) (.cse14 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse32 (<= 1 ~pumpRunning~0)) (.cse22 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse36 (= ~methaneLevelCritical~0 0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse33 (<= ~waterLevel~0 1)) (.cse29 (= 1 ~systemActive~0)) (.cse23 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse35 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse24 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse25 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| ~waterLevel~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0)) (.cse26 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse2 (and .cse32 .cse22 .cse7 .cse36 .cse10 .cse33 .cse29 .cse23 .cse35 .cse24 .cse25 .cse11 .cse13 .cse26)) (.cse17 (not (<= |old(~waterLevel~0)| 1))) (.cse12 (= ~waterLevel~0 1)) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse28 (not (= 0 ~systemActive~0))) (.cse4 (not .cse36)) (.cse27 (not (= |old(~pumpRunning~0)| 0))) (.cse19 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse20 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse30 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse21 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse31 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse18 (and .cse7 .cse8 .cse9 .cse34 .cse10 .cse33 .cse29 .cse35 .cse11 .cse13 .cse14)) (.cse1 (not .cse29)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse15 (not .cse34)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse3 .cse6 (and .cse7 .cse8 .cse9 .cse10 .cse11 .cse12 .cse13 .cse14) .cse15 .cse16) (or .cse17 .cse18 .cse1 .cse3 .cse15 (and .cse8 .cse9 .cse19 .cse10 .cse20 .cse21 .cse13 .cse14) .cse5) (or .cse17 .cse1 .cse2 .cse3 (and .cse22 .cse19 .cse10 .cse23 .cse24 .cse25 .cse20 .cse21 .cse13 .cse26) .cse4 .cse5) (or .cse27 (and .cse9 .cse21) .cse28) (or .cse17 .cse27 .cse1 .cse4 (and .cse22 .cse9 .cse19 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1|)) .cse29 .cse21)) (or (and .cse22 .cse7 .cse10 .cse23 .cse24 .cse25 .cse11 .cse12 .cse13 .cse26) .cse1 .cse3 .cse6 .cse4 .cse16) (or .cse27 .cse6 (and .cse30 .cse31) .cse16 .cse28) (or .cse27 .cse1 .cse4 (and .cse9 .cse30 .cse21 .cse31) .cse16 (and .cse32 .cse30 .cse21 .cse31) (not (<= 2 |old(~waterLevel~0)|))) (or .cse27 (and .cse32 .cse30 (<= 2 ~waterLevel~0) .cse21 .cse31) .cse1 (and .cse22 .cse9 .cse19 .cse33 .cse29 .cse20 .cse21) .cse15 .cse16 (and .cse22 .cse9 (= 2 ~waterLevel~0) .cse30 .cse29 .cse21 .cse31)) (or .cse0 .cse18 .cse1 .cse3 .cse15 .cse5)))) [2022-07-13 18:01:04,932 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 112 138) the Hoare annotation is: (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~pumpRunning~0 0)) (.cse15 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse19 (< 1 ~waterLevel~0)) (.cse17 (= 1 ~systemActive~0)) (.cse20 (<= ~waterLevel~0 2))) (let ((.cse4 (and .cse14 .cse18 .cse15 .cse19 .cse17 .cse20)) (.cse5 (not (<= 2 |old(~waterLevel~0)|))) (.cse10 (not (< 1 |old(~waterLevel~0)|))) (.cse11 (and (<= 1 ~pumpRunning~0) .cse14 .cse15 .cse19 .cse17 .cse20)) (.cse6 (and .cse18 .cse15 .cse16)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (and .cse14 .cse15 .cse16)) (.cse13 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse0 .cse1 .cse2) (or .cse6 .cse7 .cse0 .cse1 .cse8) (or .cse0 .cse1 .cse8 .cse3 .cse4 .cse5) (or .cse1 .cse9 .cse10 .cse11 .cse2 .cse3) (or .cse1 .cse9 .cse10 .cse11 .cse8 .cse3) (or .cse6 .cse0 (not (= 0 ~systemActive~0))) (or .cse7 .cse1 .cse9 .cse2 .cse12 .cse13) (or .cse1 .cse9 .cse8 .cse3 .cse12 .cse13)))) [2022-07-13 18:01:04,932 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 112 138) no Hoare annotation was computed. [2022-07-13 18:01:04,932 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-07-13 18:01:04,932 INFO L895 garLoopResultBuilder]: At program point L964(lines 959 967) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse4 (= ~pumpRunning~0 0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse31 (<= 1 ~methaneLevelCritical~0)) (.cse20 (<= 1 ~pumpRunning~0)) (.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse34 (= ~methaneLevelCritical~0 0)) (.cse9 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse17 (<= ~waterLevel~0 1)) (.cse32 (= 1 ~systemActive~0)) (.cse24 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse33 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse25 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse26 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse27 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse21 (not (= 0 ~systemActive~0))) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse10 (= ~waterLevel~0 1)) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse5 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse22 (and .cse20 .cse23 .cse7 .cse34 .cse9 .cse17 .cse32 .cse24 .cse33 .cse25 .cse26 .cse11 .cse27)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not .cse34)) (.cse19 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse30 (not (= |old(~waterLevel~0)| 1))) (.cse2 (not .cse32)) (.cse13 (not (<= 1 |old(~pumpRunning~0)|))) (.cse15 (not .cse31)) (.cse29 (and .cse7 .cse8 .cse4 .cse31 .cse9 .cse17 .cse32 .cse33 .cse11 .cse12)) (.cse28 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5 .cse6)) (or (and .cse7 .cse8 .cse4 .cse9 .cse10 .cse11 .cse12) .cse2 .cse13 .cse14 .cse15 .cse16) (let ((.cse18 (= 2 ~waterLevel~0))) (or .cse1 .cse2 .cse15 (and .cse4 .cse5 .cse17 .cse6) (and .cse4 .cse18 .cse19 .cse6) .cse16 (and .cse20 .cse18 .cse19 .cse6))) (or .cse1 (and .cse4 .cse6) .cse21) (or .cse1 .cse19 .cse14 .cse16 .cse21) (or .cse0 .cse2 .cse13 .cse3 .cse22 (and .cse23 .cse5 .cse9 .cse24 .cse25 .cse26 .cse6 .cse11 .cse27) .cse28) (or .cse2 .cse13 .cse14 .cse3 .cse16 (and .cse23 .cse7 .cse9 .cse24 .cse25 .cse26 .cse10 .cse11 .cse27)) (or .cse0 (and .cse8 .cse4 .cse5 .cse9 .cse6 .cse11 .cse12) .cse2 .cse13 .cse15 .cse29 .cse28) (or .cse30 .cse2 .cse13 .cse3 .cse22 .cse28) (or (and .cse4 .cse19 .cse6) .cse1 .cse2 .cse3 (and .cse20 .cse19 .cse6) .cse16 (not (<= 2 |old(~waterLevel~0)|))) (or .cse30 .cse2 .cse13 .cse15 .cse29 .cse28)))) [2022-07-13 18:01:04,932 INFO L899 garLoopResultBuilder]: For program point L436(lines 436 442) no Hoare annotation was computed. [2022-07-13 18:01:04,933 INFO L899 garLoopResultBuilder]: For program point L436-1(lines 436 442) no Hoare annotation was computed. [2022-07-13 18:01:04,933 INFO L895 garLoopResultBuilder]: At program point L366(lines 362 368) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:04,933 INFO L895 garLoopResultBuilder]: At program point L77(lines 73 79) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:04,933 INFO L895 garLoopResultBuilder]: At program point L461(lines 416 463) the Hoare annotation is: (let ((.cse6 (<= 1 ~methaneLevelCritical~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse6 .cse7 .cse3 .cse4) (and .cse0 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse4 (= 0 ~systemActive~0)) (and .cse5 .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse2 .cse7 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse5 .cse2 .cse7 .cse3 .cse4))) [2022-07-13 18:01:04,933 INFO L895 garLoopResultBuilder]: At program point L428(line 428) the Hoare annotation is: (let ((.cse6 (<= 1 ~methaneLevelCritical~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse6 .cse7 .cse3 .cse4) (and .cse0 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse4 (= 0 ~systemActive~0)) (and .cse5 .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse2 .cse7 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse5 .cse2 .cse7 .cse3 .cse4))) [2022-07-13 18:01:04,933 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-07-13 18:01:04,933 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-07-13 18:01:04,933 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L902 garLoopResultBuilder]: At program point L379(lines 371 381) the Hoare annotation is: true [2022-07-13 18:01:04,934 INFO L895 garLoopResultBuilder]: At program point L301(lines 289 303) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= 0 ~systemActive~0)) [2022-07-13 18:01:04,934 INFO L899 garLoopResultBuilder]: For program point L392(lines 392 399) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L899 garLoopResultBuilder]: For program point L392-2(lines 392 399) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L899 garLoopResultBuilder]: For program point L293(lines 293 299) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L899 garLoopResultBuilder]: For program point L293-1(lines 293 299) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L899 garLoopResultBuilder]: For program point L417(lines 416 463) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L899 garLoopResultBuilder]: For program point L446(lines 446 459) no Hoare annotation was computed. [2022-07-13 18:01:04,934 INFO L895 garLoopResultBuilder]: At program point L438(line 438) the Hoare annotation is: (let ((.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse2 (< 1 ~waterLevel~0)) (.cse5 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse8 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse1 .cse3 .cse4 .cse5) (and .cse0 .cse7 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse4 (= 0 ~systemActive~0)) (and .cse6 (= 2 ~waterLevel~0) .cse7 .cse3 .cse4) (and .cse0 .cse7 .cse8 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse6 .cse7 .cse8 .cse3 .cse4))) [2022-07-13 18:01:04,935 INFO L902 garLoopResultBuilder]: At program point L467(lines 406 471) the Hoare annotation is: true [2022-07-13 18:01:04,935 INFO L902 garLoopResultBuilder]: At program point L401(lines 382 404) the Hoare annotation is: true [2022-07-13 18:01:04,935 INFO L899 garLoopResultBuilder]: For program point L426(lines 426 432) no Hoare annotation was computed. [2022-07-13 18:01:04,936 INFO L899 garLoopResultBuilder]: For program point L426-1(lines 426 432) no Hoare annotation was computed. [2022-07-13 18:01:04,936 INFO L899 garLoopResultBuilder]: For program point L418(lines 418 422) no Hoare annotation was computed. [2022-07-13 18:01:04,936 INFO L895 garLoopResultBuilder]: At program point L480(lines 475 482) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:04,936 INFO L895 garLoopResultBuilder]: At program point L92(lines 87 95) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:04,936 INFO L895 garLoopResultBuilder]: At program point L84(lines 80 86) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:04,938 INFO L895 garLoopResultBuilder]: At program point L464(lines 415 465) the Hoare annotation is: false [2022-07-13 18:01:04,938 INFO L895 garLoopResultBuilder]: At program point L295(line 295) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (= 1 ~systemActive~0) .cse0) (and (<= 2 ~waterLevel~0) .cse0 (not (= 0 ~systemActive~0))))) [2022-07-13 18:01:04,938 INFO L899 garLoopResultBuilder]: For program point L452(lines 452 458) no Hoare annotation was computed. [2022-07-13 18:01:04,939 INFO L895 garLoopResultBuilder]: At program point L452-2(lines 446 459) the Hoare annotation is: (let ((.cse2 (< 1 ~waterLevel~0)) (.cse5 (<= ~waterLevel~0 2)) (.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse8 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse1 .cse3 .cse4 .cse5) (and .cse0 .cse7 .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse8 .cse3 .cse4 .cse9) (and .cse6 .cse4 (= 0 ~systemActive~0)) (and .cse6 (= 2 ~waterLevel~0) .cse7 .cse3 .cse4) (and .cse0 .cse7 .cse8 .cse3 .cse4 .cse9) (and .cse6 .cse7 .cse8 .cse3 .cse4))) [2022-07-13 18:01:04,939 INFO L895 garLoopResultBuilder]: At program point L161(line 161) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) .cse2 .cse3) (or .cse0 .cse1 .cse4 .cse2 .cse3) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:04,939 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 147 171) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse3 (not (<= 2 ~waterLevel~0))) (.cse7 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse6 (not (<= ~waterLevel~0 1)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse1 .cse2 .cse4 .cse6) (or .cse0 .cse1 .cse2 .cse7 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse7 .cse5) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 .cse6 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:04,939 INFO L895 garLoopResultBuilder]: At program point L285(lines 270 288) the Hoare annotation is: (let ((.cse5 (= ~pumpRunning~0 0)) (.cse7 (<= ~waterLevel~0 1))) (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse3 (not .cse7)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse6 (not (<= ~waterLevel~0 2))) (.cse4 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~2#1| 0)) .cse5 .cse7 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse5 .cse1 .cse2 .cse6) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 (and .cse5 (= 2 ~waterLevel~0)) (not (<= 1 ~methaneLevelCritical~0)) .cse6 .cse4)))) [2022-07-13 18:01:04,939 INFO L899 garLoopResultBuilder]: For program point L155(lines 155 163) no Hoare annotation was computed. [2022-07-13 18:01:04,939 INFO L899 garLoopResultBuilder]: For program point L151(lines 151 168) no Hoare annotation was computed. [2022-07-13 18:01:04,940 INFO L899 garLoopResultBuilder]: For program point L279(lines 279 283) no Hoare annotation was computed. [2022-07-13 18:01:04,940 INFO L899 garLoopResultBuilder]: For program point L279-2(lines 279 283) no Hoare annotation was computed. [2022-07-13 18:01:04,940 INFO L895 garLoopResultBuilder]: At program point L977(lines 968 981) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0))) (let ((.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse6 (and .cse1 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)))) (.cse7 (not (<= ~waterLevel~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 2 ~waterLevel~0))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse6 .cse4 .cse7) (or .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 .cse7 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse2 .cse6 .cse8 .cse7) (or .cse0 .cse1 .cse2 .cse3 .cse8 .cse5)))) [2022-07-13 18:01:04,940 INFO L895 garLoopResultBuilder]: At program point L203(lines 198 205) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse3 (not (<= ~waterLevel~0 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 ~methaneLevelCritical~0)) .cse3) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse2 .cse4 .cse3))) [2022-07-13 18:01:04,940 INFO L895 garLoopResultBuilder]: At program point L166(line 166) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) .cse2) (or .cse0 .cse1 .cse3 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse3 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:04,940 INFO L899 garLoopResultBuilder]: For program point L166-1(lines 147 171) no Hoare annotation was computed. [2022-07-13 18:01:04,940 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 147 171) no Hoare annotation was computed. [2022-07-13 18:01:04,940 INFO L899 garLoopResultBuilder]: For program point L972(lines 972 978) no Hoare annotation was computed. [2022-07-13 18:01:04,941 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 903 914) no Hoare annotation was computed. [2022-07-13 18:01:04,941 INFO L899 garLoopResultBuilder]: For program point L907-1(lines 903 914) no Hoare annotation was computed. [2022-07-13 18:01:04,941 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 903 914) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~methaneLevelCritical~0))) (.cse6 (not (= ~pumpRunning~0 0))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 ~pumpRunning~0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 (not (= |old(~waterLevel~0)| 2)) .cse3) (or .cse0 .cse4 .cse2 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse6 .cse0 .cse1 .cse3 .cse5) (or .cse6 .cse3 (not (= 0 ~systemActive~0))) (or .cse6 .cse0 .cse4 .cse3 .cse5) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse4 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:04,941 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 225 233) no Hoare annotation was computed. [2022-07-13 18:01:04,941 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 225 233) the Hoare annotation is: true [2022-07-13 18:01:04,941 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 225 233) no Hoare annotation was computed. [2022-07-13 18:01:04,944 INFO L356 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:04,945 INFO L176 ceAbstractionStarter]: Computing trace abstraction results [2022-07-13 18:01:05,000 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 13.07 06:01:05 BoogieIcfgContainer [2022-07-13 18:01:05,001 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-07-13 18:01:05,001 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-07-13 18:01:05,001 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-07-13 18:01:05,001 INFO L275 PluginConnector]: Witness Printer initialized [2022-07-13 18:01:05,002 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.07 06:00:45" (3/4) ... [2022-07-13 18:01:05,004 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-07-13 18:01:05,019 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-07-13 18:01:05,019 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-07-13 18:01:05,019 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-07-13 18:01:05,019 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-07-13 18:01:05,019 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-07-13 18:01:05,020 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-07-13 18:01:05,020 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-07-13 18:01:05,020 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-07-13 18:01:05,041 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 52 nodes and edges [2022-07-13 18:01:05,042 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-07-13 18:01:05,042 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-07-13 18:01:05,042 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-07-13 18:01:05,043 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-07-13 18:01:05,043 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-13 18:01:05,043 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-13 18:01:05,060 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-13 18:01:05,061 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-07-13 18:01:05,061 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || (((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && !(2 <= tmp)) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 < \old(waterLevel))) || (2 == \result && tmp == 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || ((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(1 == systemActive)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && waterLevel <= 1) && 1 == systemActive) && tmp < 2) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2))) && (((((!(\old(waterLevel) == 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-13 18:01:05,062 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-07-13 18:01:05,062 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-07-13 18:01:05,062 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel)) && (((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || ((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result))) && ((((((!(\old(waterLevel) <= 1) || ((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-13 18:01:05,062 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-07-13 18:01:05,063 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-07-13 18:01:05,063 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1))) && (((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) [2022-07-13 18:01:05,063 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && waterLevel <= 1) && \result == 0) && tmp___0 == 0)) && ((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && waterLevel <= 1) && \result == 0) && tmp___0 == 0)) [2022-07-13 18:01:05,063 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) [2022-07-13 18:01:05,085 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-07-13 18:01:05,085 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-07-13 18:01:05,086 INFO L158 Benchmark]: Toolchain (without parser) took 20352.51ms. Allocated memory was 107.0MB in the beginning and 293.6MB in the end (delta: 186.6MB). Free memory was 80.5MB in the beginning and 146.7MB in the end (delta: -66.2MB). Peak memory consumption was 121.5MB. Max. memory is 16.1GB. [2022-07-13 18:01:05,086 INFO L158 Benchmark]: CDTParser took 0.17ms. Allocated memory is still 107.0MB. Free memory is still 65.3MB. There was no memory consumed. Max. memory is 16.1GB. [2022-07-13 18:01:05,086 INFO L158 Benchmark]: CACSL2BoogieTranslator took 446.77ms. Allocated memory was 107.0MB in the beginning and 132.1MB in the end (delta: 25.2MB). Free memory was 80.3MB in the beginning and 98.2MB in the end (delta: -17.9MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-07-13 18:01:05,087 INFO L158 Benchmark]: Boogie Procedure Inliner took 45.61ms. Allocated memory is still 132.1MB. Free memory was 98.0MB in the beginning and 95.7MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-13 18:01:05,087 INFO L158 Benchmark]: Boogie Preprocessor took 37.84ms. Allocated memory is still 132.1MB. Free memory was 95.7MB in the beginning and 94.1MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-13 18:01:05,087 INFO L158 Benchmark]: RCFGBuilder took 436.92ms. Allocated memory is still 132.1MB. Free memory was 94.1MB in the beginning and 77.5MB in the end (delta: 16.5MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2022-07-13 18:01:05,087 INFO L158 Benchmark]: TraceAbstraction took 19296.58ms. Allocated memory was 132.1MB in the beginning and 293.6MB in the end (delta: 161.5MB). Free memory was 76.8MB in the beginning and 153.0MB in the end (delta: -76.1MB). Peak memory consumption was 150.5MB. Max. memory is 16.1GB. [2022-07-13 18:01:05,088 INFO L158 Benchmark]: Witness Printer took 84.50ms. Allocated memory is still 293.6MB. Free memory was 153.0MB in the beginning and 146.7MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-07-13 18:01:05,089 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.17ms. Allocated memory is still 107.0MB. Free memory is still 65.3MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 446.77ms. Allocated memory was 107.0MB in the beginning and 132.1MB in the end (delta: 25.2MB). Free memory was 80.3MB in the beginning and 98.2MB in the end (delta: -17.9MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 45.61ms. Allocated memory is still 132.1MB. Free memory was 98.0MB in the beginning and 95.7MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 37.84ms. Allocated memory is still 132.1MB. Free memory was 95.7MB in the beginning and 94.1MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 436.92ms. Allocated memory is still 132.1MB. Free memory was 94.1MB in the beginning and 77.5MB in the end (delta: 16.5MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 19296.58ms. Allocated memory was 132.1MB in the beginning and 293.6MB in the end (delta: 161.5MB). Free memory was 76.8MB in the beginning and 153.0MB in the end (delta: -76.1MB). Peak memory consumption was 150.5MB. Max. memory is 16.1GB. * Witness Printer took 84.50ms. Allocated memory is still 293.6MB. Free memory was 153.0MB in the beginning and 146.7MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 97 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 19.2s, OverallIterations: 13, TraceHistogramMax: 5, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.1s, AutomataDifference: 4.5s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 10.6s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 3195 SdHoareTripleChecker+Valid, 2.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 3143 mSDsluCounter, 5882 SdHoareTripleChecker+Invalid, 2.0s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4055 mSDsCounter, 1210 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 4284 IncrementalHoareTripleChecker+Invalid, 5494 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1210 mSolverCounterUnsat, 1827 mSDtfsCounter, 4284 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1101 GetRequests, 883 SyntacticMatches, 7 SemanticMatches, 211 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1479 ImplicationChecksByTransitivity, 1.7s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1101occurred in iteration=11, InterpolantAutomatonStates: 176, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 13 MinimizatonAttempts, 443 StatesRemovedByMinimization, 10 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 45 LocationsWithAnnotation, 3262 PreInvPairs, 3716 NumberOfFragments, 6453 HoareAnnotationTreeSize, 3262 FomulaSimplifications, 8247 FormulaSimplificationTreeSizeReduction, 0.9s HoareSimplificationTime, 45 FomulaSimplificationsInter, 48946 FormulaSimplificationTreeSizeReductionInter, 9.6s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 2.0s InterpolantComputationTime, 1479 NumberOfCodeBlocks, 1479 NumberOfCodeBlocksAsserted, 17 NumberOfCheckSat, 1726 ConstructedInterpolants, 0 QuantifiedInterpolants, 3499 SizeOfPredicates, 11 NumberOfNonLiveVariables, 1808 ConjunctsInSsa, 28 ConjunctsInUnsatCore, 18 InterpolantComputations, 11 PerfectInterpolantSequences, 1165/1258 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 80]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 416]: Loop Invariant Derived loop invariant: ((((((((((1 <= pumpRunning && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0)) || ((((1 <= pumpRunning && 1 <= methaneLevelCritical) && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || ((pumpRunning == 0 && splverifierCounter == 0) && 0 == systemActive)) || ((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0)) || (((((1 <= pumpRunning && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS)) || ((((pumpRunning == 0 && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 371]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 493]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || (((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && !(2 <= tmp)) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 < \old(waterLevel))) || (2 == \result && tmp == 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || ((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(1 == systemActive)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && waterLevel <= 1) && 1 == systemActive) && tmp < 2) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2))) && (((((!(\old(waterLevel) == 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 289]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && splverifierCounter == 0) && 0 == systemActive - InvariantResult [Line: 927]: Loop Invariant Derived loop invariant: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 415]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 968]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1))) && (((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) - InvariantResult [Line: 198]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) - InvariantResult [Line: 959]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel)) && (((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || ((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result))) && ((((((!(\old(waterLevel) <= 1) || ((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 382]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 316]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 73]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 362]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 214]: Loop Invariant Derived loop invariant: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 87]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: ((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 406]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 483]: Loop Invariant Derived loop invariant: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 475]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 891]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 173]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 306]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 270]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && waterLevel <= 1) && \result == 0) && tmp___0 == 0)) && ((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && waterLevel <= 1) && \result == 0) && tmp___0 == 0)) RESULT: Ultimate proved your program to be correct! [2022-07-13 18:01:05,138 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE