./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version f4b24e32 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash db9cad3d4bb6f197e1ca94da7e6c4fb3038f74aed96fd168a277cfa6f57caad2 --- Real Ultimate output --- This is Ultimate 0.2.2-?-f4b24e3 [2022-07-13 18:01:11,072 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-07-13 18:01:11,075 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-07-13 18:01:11,125 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-07-13 18:01:11,125 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-07-13 18:01:11,126 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-07-13 18:01:11,128 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-07-13 18:01:11,130 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-07-13 18:01:11,131 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-07-13 18:01:11,134 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-07-13 18:01:11,135 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-07-13 18:01:11,137 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-07-13 18:01:11,137 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-07-13 18:01:11,139 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-07-13 18:01:11,139 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-07-13 18:01:11,142 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-07-13 18:01:11,143 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-07-13 18:01:11,144 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-07-13 18:01:11,145 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-07-13 18:01:11,152 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-07-13 18:01:11,153 INFO L181 SettingsManager]: Resetting HornVerifier preferences to default values [2022-07-13 18:01:11,154 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-07-13 18:01:11,155 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-07-13 18:01:11,155 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-07-13 18:01:11,156 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-07-13 18:01:11,161 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-07-13 18:01:11,162 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-07-13 18:01:11,162 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-07-13 18:01:11,163 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-07-13 18:01:11,164 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-07-13 18:01:11,165 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-07-13 18:01:11,165 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-07-13 18:01:11,166 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-07-13 18:01:11,167 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-07-13 18:01:11,167 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-07-13 18:01:11,168 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-07-13 18:01:11,168 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-07-13 18:01:11,168 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-07-13 18:01:11,168 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-07-13 18:01:11,169 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-07-13 18:01:11,169 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-07-13 18:01:11,171 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-07-13 18:01:11,171 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-07-13 18:01:11,194 INFO L113 SettingsManager]: Loading preferences was successful [2022-07-13 18:01:11,195 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-07-13 18:01:11,195 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-07-13 18:01:11,195 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-07-13 18:01:11,197 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-07-13 18:01:11,197 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-07-13 18:01:11,197 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-07-13 18:01:11,197 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-07-13 18:01:11,198 INFO L138 SettingsManager]: * Use SBE=true [2022-07-13 18:01:11,198 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-07-13 18:01:11,198 INFO L138 SettingsManager]: * sizeof long=4 [2022-07-13 18:01:11,199 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-07-13 18:01:11,199 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-07-13 18:01:11,199 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-07-13 18:01:11,199 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-07-13 18:01:11,199 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-07-13 18:01:11,199 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-07-13 18:01:11,200 INFO L138 SettingsManager]: * sizeof long double=12 [2022-07-13 18:01:11,200 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-07-13 18:01:11,200 INFO L138 SettingsManager]: * Use constant arrays=true [2022-07-13 18:01:11,200 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-07-13 18:01:11,200 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-07-13 18:01:11,200 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-07-13 18:01:11,200 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-07-13 18:01:11,201 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-13 18:01:11,201 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-07-13 18:01:11,201 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-07-13 18:01:11,201 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-07-13 18:01:11,201 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-07-13 18:01:11,201 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-07-13 18:01:11,202 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-07-13 18:01:11,202 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-07-13 18:01:11,202 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-07-13 18:01:11,202 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> db9cad3d4bb6f197e1ca94da7e6c4fb3038f74aed96fd168a277cfa6f57caad2 [2022-07-13 18:01:11,400 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-07-13 18:01:11,430 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-07-13 18:01:11,432 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-07-13 18:01:11,432 INFO L271 PluginConnector]: Initializing CDTParser... [2022-07-13 18:01:11,433 INFO L275 PluginConnector]: CDTParser initialized [2022-07-13 18:01:11,434 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c [2022-07-13 18:01:11,483 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/659a95caf/571f137c9aa34c75808a06c37b0c7b72/FLAG2c75e5d20 [2022-07-13 18:01:11,897 INFO L306 CDTParser]: Found 1 translation units. [2022-07-13 18:01:11,897 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c [2022-07-13 18:01:11,904 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/659a95caf/571f137c9aa34c75808a06c37b0c7b72/FLAG2c75e5d20 [2022-07-13 18:01:11,913 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/659a95caf/571f137c9aa34c75808a06c37b0c7b72 [2022-07-13 18:01:11,915 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-07-13 18:01:11,916 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-07-13 18:01:11,928 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-07-13 18:01:11,928 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-07-13 18:01:11,930 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-07-13 18:01:11,931 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 13.07 06:01:11" (1/1) ... [2022-07-13 18:01:11,932 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@310e227a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:11, skipping insertion in model container [2022-07-13 18:01:11,932 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 13.07 06:01:11" (1/1) ... [2022-07-13 18:01:11,937 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-07-13 18:01:11,960 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-07-13 18:01:12,146 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c[14935,14948] [2022-07-13 18:01:12,163 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-13 18:01:12,178 INFO L203 MainTranslator]: Completed pre-run [2022-07-13 18:01:12,217 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product58.cil.c[14935,14948] [2022-07-13 18:01:12,227 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-07-13 18:01:12,246 INFO L208 MainTranslator]: Completed translation [2022-07-13 18:01:12,247 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12 WrapperNode [2022-07-13 18:01:12,247 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-07-13 18:01:12,248 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-07-13 18:01:12,248 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-07-13 18:01:12,248 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-07-13 18:01:12,254 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,272 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,293 INFO L137 Inliner]: procedures = 59, calls = 160, calls flagged for inlining = 28, calls inlined = 25, statements flattened = 288 [2022-07-13 18:01:12,296 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-07-13 18:01:12,297 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-07-13 18:01:12,297 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-07-13 18:01:12,298 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-07-13 18:01:12,303 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,303 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,307 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,308 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,312 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,316 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,319 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,321 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-07-13 18:01:12,322 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-07-13 18:01:12,322 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-07-13 18:01:12,322 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-07-13 18:01:12,323 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (1/1) ... [2022-07-13 18:01:12,336 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-07-13 18:01:12,343 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-13 18:01:12,353 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-07-13 18:01:12,359 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-07-13 18:01:12,380 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-07-13 18:01:12,381 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-07-13 18:01:12,381 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-07-13 18:01:12,381 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-07-13 18:01:12,381 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-07-13 18:01:12,381 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-07-13 18:01:12,382 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-07-13 18:01:12,384 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-07-13 18:01:12,384 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-07-13 18:01:12,384 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-07-13 18:01:12,384 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-07-13 18:01:12,384 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-07-13 18:01:12,385 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-07-13 18:01:12,385 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-07-13 18:01:12,385 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-07-13 18:01:12,385 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-07-13 18:01:12,385 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-07-13 18:01:12,385 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-07-13 18:01:12,468 INFO L234 CfgBuilder]: Building ICFG [2022-07-13 18:01:12,477 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-07-13 18:01:12,752 INFO L275 CfgBuilder]: Performing block encoding [2022-07-13 18:01:12,763 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-07-13 18:01:12,764 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-07-13 18:01:12,765 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.07 06:01:12 BoogieIcfgContainer [2022-07-13 18:01:12,765 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-07-13 18:01:12,766 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-07-13 18:01:12,766 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-07-13 18:01:12,772 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-07-13 18:01:12,772 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 13.07 06:01:11" (1/3) ... [2022-07-13 18:01:12,773 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@33874fb and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 13.07 06:01:12, skipping insertion in model container [2022-07-13 18:01:12,773 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.07 06:01:12" (2/3) ... [2022-07-13 18:01:12,773 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@33874fb and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 13.07 06:01:12, skipping insertion in model container [2022-07-13 18:01:12,774 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.07 06:01:12" (3/3) ... [2022-07-13 18:01:12,775 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product58.cil.c [2022-07-13 18:01:12,786 INFO L201 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-07-13 18:01:12,786 INFO L160 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-07-13 18:01:12,827 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-07-13 18:01:12,832 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@9b2b2f7, mLbeIndependenceSettings=de.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings@2c3135b1 [2022-07-13 18:01:12,832 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-07-13 18:01:12,835 INFO L276 IsEmpty]: Start isEmpty. Operand has 97 states, 76 states have (on average 1.368421052631579) internal successors, (104), 84 states have internal predecessors, (104), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-07-13 18:01:12,841 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-07-13 18:01:12,843 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:12,844 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:12,844 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:12,849 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:12,850 INFO L85 PathProgramCache]: Analyzing trace with hash -716350399, now seen corresponding path program 1 times [2022-07-13 18:01:12,856 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:12,856 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1379098649] [2022-07-13 18:01:12,856 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:12,857 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:12,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-07-13 18:01:13,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-07-13 18:01:13,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,063 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:13,063 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:13,064 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1379098649] [2022-07-13 18:01:13,065 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1379098649] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:13,065 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:13,065 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-07-13 18:01:13,067 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [775267516] [2022-07-13 18:01:13,067 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:13,070 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-07-13 18:01:13,070 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:13,094 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-07-13 18:01:13,095 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-13 18:01:13,098 INFO L87 Difference]: Start difference. First operand has 97 states, 76 states have (on average 1.368421052631579) internal successors, (104), 84 states have internal predecessors, (104), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:01:13,127 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:13,128 INFO L93 Difference]: Finished difference Result 185 states and 250 transitions. [2022-07-13 18:01:13,129 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-07-13 18:01:13,129 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-07-13 18:01:13,130 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:13,145 INFO L225 Difference]: With dead ends: 185 [2022-07-13 18:01:13,145 INFO L226 Difference]: Without dead ends: 88 [2022-07-13 18:01:13,149 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-07-13 18:01:13,152 INFO L413 NwaCegarLoop]: 122 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 122 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:13,152 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 122 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:01:13,163 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2022-07-13 18:01:13,190 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 88. [2022-07-13 18:01:13,192 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 69 states have (on average 1.3043478260869565) internal successors, (90), 76 states have internal predecessors, (90), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-07-13 18:01:13,193 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 113 transitions. [2022-07-13 18:01:13,195 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 113 transitions. Word has length 32 [2022-07-13 18:01:13,195 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:13,195 INFO L495 AbstractCegarLoop]: Abstraction has 88 states and 113 transitions. [2022-07-13 18:01:13,195 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:01:13,196 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 113 transitions. [2022-07-13 18:01:13,197 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-07-13 18:01:13,197 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:13,198 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:13,198 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-07-13 18:01:13,198 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:13,199 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:13,199 INFO L85 PathProgramCache]: Analyzing trace with hash 407802526, now seen corresponding path program 1 times [2022-07-13 18:01:13,199 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:13,199 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [711731089] [2022-07-13 18:01:13,199 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:13,200 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:13,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-07-13 18:01:13,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-07-13 18:01:13,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,297 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:13,301 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:13,302 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [711731089] [2022-07-13 18:01:13,302 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [711731089] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:13,302 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:13,302 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-13 18:01:13,302 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1203250807] [2022-07-13 18:01:13,302 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:13,303 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-13 18:01:13,304 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:13,304 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-13 18:01:13,304 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:01:13,304 INFO L87 Difference]: Start difference. First operand 88 states and 113 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:01:13,344 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:13,345 INFO L93 Difference]: Finished difference Result 140 states and 180 transitions. [2022-07-13 18:01:13,345 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-13 18:01:13,345 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-07-13 18:01:13,346 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:13,346 INFO L225 Difference]: With dead ends: 140 [2022-07-13 18:01:13,347 INFO L226 Difference]: Without dead ends: 79 [2022-07-13 18:01:13,347 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:01:13,348 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 13 mSDsluCounter, 83 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 183 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:13,348 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [16 Valid, 183 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:01:13,349 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-07-13 18:01:13,356 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-07-13 18:01:13,359 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 63 states have (on average 1.3174603174603174) internal successors, (83), 70 states have internal predecessors, (83), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-07-13 18:01:13,360 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 101 transitions. [2022-07-13 18:01:13,360 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 101 transitions. Word has length 33 [2022-07-13 18:01:13,360 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:13,360 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 101 transitions. [2022-07-13 18:01:13,361 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-07-13 18:01:13,361 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-07-13 18:01:13,363 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-07-13 18:01:13,363 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:13,363 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:13,363 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-07-13 18:01:13,364 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:13,364 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:13,364 INFO L85 PathProgramCache]: Analyzing trace with hash -1999351370, now seen corresponding path program 1 times [2022-07-13 18:01:13,364 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:13,365 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2075266302] [2022-07-13 18:01:13,365 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:13,365 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:13,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-13 18:01:13,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-07-13 18:01:13,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,411 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:13,411 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:13,411 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2075266302] [2022-07-13 18:01:13,411 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2075266302] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:13,411 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:13,411 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-13 18:01:13,411 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1113093661] [2022-07-13 18:01:13,411 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:13,412 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-13 18:01:13,412 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:13,412 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-13 18:01:13,412 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:01:13,412 INFO L87 Difference]: Start difference. First operand 79 states and 101 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-13 18:01:13,425 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:13,425 INFO L93 Difference]: Finished difference Result 150 states and 195 transitions. [2022-07-13 18:01:13,425 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-13 18:01:13,425 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-07-13 18:01:13,426 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:13,426 INFO L225 Difference]: With dead ends: 150 [2022-07-13 18:01:13,426 INFO L226 Difference]: Without dead ends: 79 [2022-07-13 18:01:13,427 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:01:13,428 INFO L413 NwaCegarLoop]: 99 mSDtfsCounter, 91 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 91 SdHoareTripleChecker+Valid, 99 SdHoareTripleChecker+Invalid, 2 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:13,428 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [91 Valid, 99 Invalid, 2 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:01:13,429 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-07-13 18:01:13,434 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-07-13 18:01:13,436 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 70 states have internal predecessors, (82), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-07-13 18:01:13,437 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 100 transitions. [2022-07-13 18:01:13,437 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 100 transitions. Word has length 38 [2022-07-13 18:01:13,438 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:13,438 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 100 transitions. [2022-07-13 18:01:13,438 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-13 18:01:13,438 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 100 transitions. [2022-07-13 18:01:13,440 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 47 [2022-07-13 18:01:13,441 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:13,441 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:13,442 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-07-13 18:01:13,442 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:13,442 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:13,443 INFO L85 PathProgramCache]: Analyzing trace with hash 879947394, now seen corresponding path program 1 times [2022-07-13 18:01:13,443 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:13,444 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [69280090] [2022-07-13 18:01:13,444 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:13,444 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:13,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,515 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-13 18:01:13,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-07-13 18:01:13,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,520 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:13,521 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:13,521 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [69280090] [2022-07-13 18:01:13,521 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [69280090] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:13,521 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:13,521 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-07-13 18:01:13,521 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1687431052] [2022-07-13 18:01:13,521 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:13,521 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-07-13 18:01:13,521 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:13,522 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-07-13 18:01:13,522 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:01:13,522 INFO L87 Difference]: Start difference. First operand 79 states and 100 transitions. Second operand has 3 states, 3 states have (on average 13.0) internal successors, (39), 3 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-13 18:01:13,554 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:13,554 INFO L93 Difference]: Finished difference Result 199 states and 258 transitions. [2022-07-13 18:01:13,556 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-07-13 18:01:13,557 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 13.0) internal successors, (39), 3 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 46 [2022-07-13 18:01:13,557 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:13,558 INFO L225 Difference]: With dead ends: 199 [2022-07-13 18:01:13,559 INFO L226 Difference]: Without dead ends: 128 [2022-07-13 18:01:13,559 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-07-13 18:01:13,560 INFO L413 NwaCegarLoop]: 108 mSDtfsCounter, 59 mSDsluCounter, 68 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 59 SdHoareTripleChecker+Valid, 176 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:13,560 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [59 Valid, 176 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-07-13 18:01:13,561 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 128 states. [2022-07-13 18:01:13,569 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 128 to 126. [2022-07-13 18:01:13,569 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 126 states, 99 states have (on average 1.2828282828282829) internal successors, (127), 107 states have internal predecessors, (127), 14 states have call successors, (14), 12 states have call predecessors, (14), 12 states have return successors, (18), 14 states have call predecessors, (18), 14 states have call successors, (18) [2022-07-13 18:01:13,570 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 126 states to 126 states and 159 transitions. [2022-07-13 18:01:13,570 INFO L78 Accepts]: Start accepts. Automaton has 126 states and 159 transitions. Word has length 46 [2022-07-13 18:01:13,570 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:13,570 INFO L495 AbstractCegarLoop]: Abstraction has 126 states and 159 transitions. [2022-07-13 18:01:13,571 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 13.0) internal successors, (39), 3 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-07-13 18:01:13,571 INFO L276 IsEmpty]: Start isEmpty. Operand 126 states and 159 transitions. [2022-07-13 18:01:13,571 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2022-07-13 18:01:13,571 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:13,572 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:13,572 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-07-13 18:01:13,572 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:13,572 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:13,572 INFO L85 PathProgramCache]: Analyzing trace with hash -2106872253, now seen corresponding path program 1 times [2022-07-13 18:01:13,572 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:13,572 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1615867514] [2022-07-13 18:01:13,573 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:13,573 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:13,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-13 18:01:13,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-13 18:01:13,644 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,649 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-07-13 18:01:13,650 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2022-07-13 18:01:13,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,659 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-07-13 18:01:13,659 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:13,659 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1615867514] [2022-07-13 18:01:13,660 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1615867514] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:13,660 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:13,660 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-07-13 18:01:13,660 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [800874861] [2022-07-13 18:01:13,660 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:13,661 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-07-13 18:01:13,661 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:13,661 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-07-13 18:01:13,661 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-07-13 18:01:13,662 INFO L87 Difference]: Start difference. First operand 126 states and 159 transitions. Second operand has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) [2022-07-13 18:01:13,858 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:13,858 INFO L93 Difference]: Finished difference Result 280 states and 355 transitions. [2022-07-13 18:01:13,859 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-07-13 18:01:13,859 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) Word has length 54 [2022-07-13 18:01:13,861 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:13,864 INFO L225 Difference]: With dead ends: 280 [2022-07-13 18:01:13,864 INFO L226 Difference]: Without dead ends: 162 [2022-07-13 18:01:13,866 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2022-07-13 18:01:13,873 INFO L413 NwaCegarLoop]: 102 mSDtfsCounter, 119 mSDsluCounter, 363 mSDsCounter, 0 mSdLazyCounter, 191 mSolverCounterSat, 32 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 125 SdHoareTripleChecker+Valid, 465 SdHoareTripleChecker+Invalid, 223 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 32 IncrementalHoareTripleChecker+Valid, 191 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:13,874 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [125 Valid, 465 Invalid, 223 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [32 Valid, 191 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-13 18:01:13,877 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 162 states. [2022-07-13 18:01:13,895 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 162 to 148. [2022-07-13 18:01:13,903 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 148 states, 116 states have (on average 1.2586206896551724) internal successors, (146), 124 states have internal predecessors, (146), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-07-13 18:01:13,905 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 148 states to 148 states and 185 transitions. [2022-07-13 18:01:13,905 INFO L78 Accepts]: Start accepts. Automaton has 148 states and 185 transitions. Word has length 54 [2022-07-13 18:01:13,906 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:13,906 INFO L495 AbstractCegarLoop]: Abstraction has 148 states and 185 transitions. [2022-07-13 18:01:13,906 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) [2022-07-13 18:01:13,906 INFO L276 IsEmpty]: Start isEmpty. Operand 148 states and 185 transitions. [2022-07-13 18:01:13,907 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-07-13 18:01:13,907 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:13,907 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:13,907 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-07-13 18:01:13,908 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:13,908 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:13,908 INFO L85 PathProgramCache]: Analyzing trace with hash 1055316791, now seen corresponding path program 1 times [2022-07-13 18:01:13,908 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:13,908 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1014609802] [2022-07-13 18:01:13,909 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:13,909 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:13,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-13 18:01:13,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,943 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-13 18:01:13,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-07-13 18:01:13,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:13,973 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:13,973 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:13,974 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1014609802] [2022-07-13 18:01:13,974 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1014609802] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:13,974 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:13,974 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-13 18:01:13,974 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [87284238] [2022-07-13 18:01:13,974 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:13,975 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-13 18:01:13,976 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:13,976 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-13 18:01:13,977 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-13 18:01:13,977 INFO L87 Difference]: Start difference. First operand 148 states and 185 transitions. Second operand has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:01:14,098 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:14,098 INFO L93 Difference]: Finished difference Result 298 states and 383 transitions. [2022-07-13 18:01:14,099 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-13 18:01:14,099 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-07-13 18:01:14,100 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:14,104 INFO L225 Difference]: With dead ends: 298 [2022-07-13 18:01:14,104 INFO L226 Difference]: Without dead ends: 158 [2022-07-13 18:01:14,106 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-07-13 18:01:14,108 INFO L413 NwaCegarLoop]: 91 mSDtfsCounter, 71 mSDsluCounter, 277 mSDsCounter, 0 mSdLazyCounter, 109 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 74 SdHoareTripleChecker+Valid, 368 SdHoareTripleChecker+Invalid, 130 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 109 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:14,109 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [74 Valid, 368 Invalid, 130 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 109 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-13 18:01:14,109 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 158 states. [2022-07-13 18:01:14,123 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 158 to 151. [2022-07-13 18:01:14,124 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 151 states, 119 states have (on average 1.2521008403361344) internal successors, (149), 127 states have internal predecessors, (149), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-07-13 18:01:14,125 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 151 states to 151 states and 188 transitions. [2022-07-13 18:01:14,125 INFO L78 Accepts]: Start accepts. Automaton has 151 states and 188 transitions. Word has length 56 [2022-07-13 18:01:14,125 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:14,126 INFO L495 AbstractCegarLoop]: Abstraction has 151 states and 188 transitions. [2022-07-13 18:01:14,126 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:01:14,126 INFO L276 IsEmpty]: Start isEmpty. Operand 151 states and 188 transitions. [2022-07-13 18:01:14,127 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-07-13 18:01:14,127 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:14,127 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:14,127 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-07-13 18:01:14,127 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:14,128 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:14,128 INFO L85 PathProgramCache]: Analyzing trace with hash -750121543, now seen corresponding path program 1 times [2022-07-13 18:01:14,128 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:14,128 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1402260389] [2022-07-13 18:01:14,128 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:14,129 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:14,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-13 18:01:14,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,159 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-13 18:01:14,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,181 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-07-13 18:01:14,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,184 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:14,185 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:14,185 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1402260389] [2022-07-13 18:01:14,185 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1402260389] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:14,186 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:14,186 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-07-13 18:01:14,186 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [851293352] [2022-07-13 18:01:14,186 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:14,186 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-07-13 18:01:14,187 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:14,187 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-07-13 18:01:14,187 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-07-13 18:01:14,187 INFO L87 Difference]: Start difference. First operand 151 states and 188 transitions. Second operand has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-13 18:01:14,292 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:14,292 INFO L93 Difference]: Finished difference Result 307 states and 393 transitions. [2022-07-13 18:01:14,293 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-13 18:01:14,293 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 56 [2022-07-13 18:01:14,294 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:14,295 INFO L225 Difference]: With dead ends: 307 [2022-07-13 18:01:14,296 INFO L226 Difference]: Without dead ends: 164 [2022-07-13 18:01:14,297 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=34, Invalid=56, Unknown=0, NotChecked=0, Total=90 [2022-07-13 18:01:14,299 INFO L413 NwaCegarLoop]: 92 mSDtfsCounter, 178 mSDsluCounter, 196 mSDsCounter, 0 mSdLazyCounter, 88 mSolverCounterSat, 41 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 182 SdHoareTripleChecker+Valid, 288 SdHoareTripleChecker+Invalid, 129 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 41 IncrementalHoareTripleChecker+Valid, 88 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:14,299 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [182 Valid, 288 Invalid, 129 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [41 Valid, 88 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-13 18:01:14,300 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 164 states. [2022-07-13 18:01:14,322 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 164 to 153. [2022-07-13 18:01:14,322 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 153 states, 121 states have (on average 1.2479338842975207) internal successors, (151), 129 states have internal predecessors, (151), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-07-13 18:01:14,323 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 153 states to 153 states and 190 transitions. [2022-07-13 18:01:14,323 INFO L78 Accepts]: Start accepts. Automaton has 153 states and 190 transitions. Word has length 56 [2022-07-13 18:01:14,323 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:14,324 INFO L495 AbstractCegarLoop]: Abstraction has 153 states and 190 transitions. [2022-07-13 18:01:14,326 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.833333333333333) internal successors, (47), 5 states have internal predecessors, (47), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-07-13 18:01:14,326 INFO L276 IsEmpty]: Start isEmpty. Operand 153 states and 190 transitions. [2022-07-13 18:01:14,327 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-07-13 18:01:14,327 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:14,327 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:14,327 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-07-13 18:01:14,327 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:14,327 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:14,328 INFO L85 PathProgramCache]: Analyzing trace with hash -609572933, now seen corresponding path program 1 times [2022-07-13 18:01:14,328 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:14,328 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1080089927] [2022-07-13 18:01:14,328 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:14,328 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:14,339 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,362 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-07-13 18:01:14,363 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,368 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-07-13 18:01:14,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-07-13 18:01:14,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,381 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:14,381 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:14,381 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1080089927] [2022-07-13 18:01:14,381 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1080089927] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:14,381 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:14,381 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-07-13 18:01:14,381 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [879826172] [2022-07-13 18:01:14,381 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:14,381 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-07-13 18:01:14,382 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:14,382 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-07-13 18:01:14,382 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-07-13 18:01:14,382 INFO L87 Difference]: Start difference. First operand 153 states and 190 transitions. Second operand has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:01:14,551 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:14,552 INFO L93 Difference]: Finished difference Result 430 states and 556 transitions. [2022-07-13 18:01:14,552 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-07-13 18:01:14,552 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 56 [2022-07-13 18:01:14,552 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:14,553 INFO L225 Difference]: With dead ends: 430 [2022-07-13 18:01:14,553 INFO L226 Difference]: Without dead ends: 285 [2022-07-13 18:01:14,554 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-07-13 18:01:14,554 INFO L413 NwaCegarLoop]: 142 mSDtfsCounter, 213 mSDsluCounter, 172 mSDsCounter, 0 mSdLazyCounter, 144 mSolverCounterSat, 65 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 220 SdHoareTripleChecker+Valid, 314 SdHoareTripleChecker+Invalid, 209 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 65 IncrementalHoareTripleChecker+Valid, 144 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:14,554 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [220 Valid, 314 Invalid, 209 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [65 Valid, 144 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-07-13 18:01:14,555 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 285 states. [2022-07-13 18:01:14,564 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 285 to 283. [2022-07-13 18:01:14,565 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 283 states, 219 states have (on average 1.2191780821917808) internal successors, (267), 231 states have internal predecessors, (267), 34 states have call successors, (34), 28 states have call predecessors, (34), 29 states have return successors, (53), 34 states have call predecessors, (53), 34 states have call successors, (53) [2022-07-13 18:01:14,566 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 283 states to 283 states and 354 transitions. [2022-07-13 18:01:14,566 INFO L78 Accepts]: Start accepts. Automaton has 283 states and 354 transitions. Word has length 56 [2022-07-13 18:01:14,566 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:14,567 INFO L495 AbstractCegarLoop]: Abstraction has 283 states and 354 transitions. [2022-07-13 18:01:14,567 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.4) internal successors, (47), 4 states have internal predecessors, (47), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-07-13 18:01:14,567 INFO L276 IsEmpty]: Start isEmpty. Operand 283 states and 354 transitions. [2022-07-13 18:01:14,568 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 61 [2022-07-13 18:01:14,568 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:14,568 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:14,569 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-07-13 18:01:14,569 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:14,569 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:14,569 INFO L85 PathProgramCache]: Analyzing trace with hash 1449050389, now seen corresponding path program 1 times [2022-07-13 18:01:14,569 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:14,569 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2043490615] [2022-07-13 18:01:14,570 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:14,570 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:14,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:01:14,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-07-13 18:01:14,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-07-13 18:01:14,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-07-13 18:01:14,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:14,712 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-07-13 18:01:14,712 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:14,712 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2043490615] [2022-07-13 18:01:14,712 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2043490615] provided 1 perfect and 0 imperfect interpolant sequences [2022-07-13 18:01:14,713 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-07-13 18:01:14,713 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-07-13 18:01:14,713 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [795225750] [2022-07-13 18:01:14,713 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-07-13 18:01:14,713 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-07-13 18:01:14,713 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:14,714 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-07-13 18:01:14,715 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2022-07-13 18:01:14,715 INFO L87 Difference]: Start difference. First operand 283 states and 354 transitions. Second operand has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-07-13 18:01:15,290 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:15,291 INFO L93 Difference]: Finished difference Result 770 states and 1011 transitions. [2022-07-13 18:01:15,291 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2022-07-13 18:01:15,291 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 60 [2022-07-13 18:01:15,293 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:15,296 INFO L225 Difference]: With dead ends: 770 [2022-07-13 18:01:15,296 INFO L226 Difference]: Without dead ends: 546 [2022-07-13 18:01:15,298 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 31 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 255 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=250, Invalid=806, Unknown=0, NotChecked=0, Total=1056 [2022-07-13 18:01:15,299 INFO L413 NwaCegarLoop]: 141 mSDtfsCounter, 619 mSDsluCounter, 442 mSDsCounter, 0 mSdLazyCounter, 481 mSolverCounterSat, 210 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 624 SdHoareTripleChecker+Valid, 583 SdHoareTripleChecker+Invalid, 691 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 210 IncrementalHoareTripleChecker+Valid, 481 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:15,299 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [624 Valid, 583 Invalid, 691 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [210 Valid, 481 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-07-13 18:01:15,300 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 546 states. [2022-07-13 18:01:15,322 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 546 to 440. [2022-07-13 18:01:15,324 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 440 states, 342 states have (on average 1.2076023391812865) internal successors, (413), 363 states have internal predecessors, (413), 51 states have call successors, (51), 39 states have call predecessors, (51), 46 states have return successors, (83), 52 states have call predecessors, (83), 51 states have call successors, (83) [2022-07-13 18:01:15,326 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 440 states to 440 states and 547 transitions. [2022-07-13 18:01:15,326 INFO L78 Accepts]: Start accepts. Automaton has 440 states and 547 transitions. Word has length 60 [2022-07-13 18:01:15,326 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:15,326 INFO L495 AbstractCegarLoop]: Abstraction has 440 states and 547 transitions. [2022-07-13 18:01:15,327 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.9) internal successors, (49), 8 states have internal predecessors, (49), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-07-13 18:01:15,327 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 547 transitions. [2022-07-13 18:01:15,328 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-07-13 18:01:15,328 INFO L187 NwaCegarLoop]: Found error trace [2022-07-13 18:01:15,328 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:15,328 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-07-13 18:01:15,328 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-07-13 18:01:15,329 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-07-13 18:01:15,329 INFO L85 PathProgramCache]: Analyzing trace with hash -1477759876, now seen corresponding path program 1 times [2022-07-13 18:01:15,329 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-07-13 18:01:15,329 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2010237850] [2022-07-13 18:01:15,329 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:15,329 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-07-13 18:01:15,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,384 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-07-13 18:01:15,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,395 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-07-13 18:01:15,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,408 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-07-13 18:01:15,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,415 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-07-13 18:01:15,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-07-13 18:01:15,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-07-13 18:01:15,433 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,435 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-07-13 18:01:15,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,436 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-07-13 18:01:15,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,438 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 16 proven. 11 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-07-13 18:01:15,438 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-07-13 18:01:15,438 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2010237850] [2022-07-13 18:01:15,438 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2010237850] provided 0 perfect and 1 imperfect interpolant sequences [2022-07-13 18:01:15,438 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [115426647] [2022-07-13 18:01:15,438 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-07-13 18:01:15,439 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-07-13 18:01:15,439 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-07-13 18:01:15,440 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-07-13 18:01:15,443 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-07-13 18:01:15,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-07-13 18:01:15,532 INFO L263 TraceCheckSpWp]: Trace formula consists of 494 conjuncts, 8 conjunts are in the unsatisfiable core [2022-07-13 18:01:15,537 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-07-13 18:01:15,699 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 25 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-07-13 18:01:15,699 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-07-13 18:01:15,812 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-07-13 18:01:15,812 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [115426647] provided 0 perfect and 2 imperfect interpolant sequences [2022-07-13 18:01:15,813 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-07-13 18:01:15,813 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-07-13 18:01:15,813 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [101816776] [2022-07-13 18:01:15,813 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-07-13 18:01:15,814 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-07-13 18:01:15,814 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-07-13 18:01:15,814 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-07-13 18:01:15,814 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-07-13 18:01:15,814 INFO L87 Difference]: Start difference. First operand 440 states and 547 transitions. Second operand has 15 states, 15 states have (on average 8.4) internal successors, (126), 10 states have internal predecessors, (126), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 6 states have call successors, (16) [2022-07-13 18:01:16,574 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-07-13 18:01:16,574 INFO L93 Difference]: Finished difference Result 925 states and 1176 transitions. [2022-07-13 18:01:16,575 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2022-07-13 18:01:16,575 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 8.4) internal successors, (126), 10 states have internal predecessors, (126), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 6 states have call successors, (16) Word has length 102 [2022-07-13 18:01:16,575 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-07-13 18:01:16,576 INFO L225 Difference]: With dead ends: 925 [2022-07-13 18:01:16,576 INFO L226 Difference]: Without dead ends: 0 [2022-07-13 18:01:16,578 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 266 GetRequests, 227 SyntacticMatches, 1 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 354 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=356, Invalid=1204, Unknown=0, NotChecked=0, Total=1560 [2022-07-13 18:01:16,579 INFO L413 NwaCegarLoop]: 215 mSDtfsCounter, 450 mSDsluCounter, 1022 mSDsCounter, 0 mSdLazyCounter, 937 mSolverCounterSat, 190 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 455 SdHoareTripleChecker+Valid, 1237 SdHoareTripleChecker+Invalid, 1127 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 190 IncrementalHoareTripleChecker+Valid, 937 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-07-13 18:01:16,579 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [455 Valid, 1237 Invalid, 1127 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [190 Valid, 937 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-07-13 18:01:16,580 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-07-13 18:01:16,580 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-07-13 18:01:16,580 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-07-13 18:01:16,580 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-07-13 18:01:16,581 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 102 [2022-07-13 18:01:16,581 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-07-13 18:01:16,581 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-07-13 18:01:16,581 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 8.4) internal successors, (126), 10 states have internal predecessors, (126), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 6 states have call successors, (16) [2022-07-13 18:01:16,581 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-07-13 18:01:16,581 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-07-13 18:01:16,583 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-07-13 18:01:16,603 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-07-13 18:01:16,799 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-07-13 18:01:16,801 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-07-13 18:01:20,016 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 790 796) no Hoare annotation was computed. [2022-07-13 18:01:20,016 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 790 796) the Hoare annotation is: true [2022-07-13 18:01:20,016 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 84 95) the Hoare annotation is: true [2022-07-13 18:01:20,016 INFO L899 garLoopResultBuilder]: For program point L88-1(lines 84 95) no Hoare annotation was computed. [2022-07-13 18:01:20,016 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 84 95) no Hoare annotation was computed. [2022-07-13 18:01:20,016 INFO L899 garLoopResultBuilder]: For program point L64(lines 64 68) no Hoare annotation was computed. [2022-07-13 18:01:20,016 INFO L899 garLoopResultBuilder]: For program point L770-2(lines 766 788) no Hoare annotation was computed. [2022-07-13 18:01:20,017 INFO L899 garLoopResultBuilder]: For program point L832(lines 832 840) no Hoare annotation was computed. [2022-07-13 18:01:20,017 INFO L895 garLoopResultBuilder]: At program point L192(line 192) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (= ~pumpRunning~0 0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse3 .cse4))) (or .cse8 (and .cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse5) (or .cse8 .cse0 .cse5 .cse6) (let ((.cse9 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse7 .cse9 .cse4) .cse5 (and .cse2 .cse9 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-13 18:01:20,017 INFO L899 garLoopResultBuilder]: For program point L192-1(line 192) no Hoare annotation was computed. [2022-07-13 18:01:20,017 INFO L895 garLoopResultBuilder]: At program point L64-2(lines 60 71) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-13 18:01:20,017 INFO L899 garLoopResultBuilder]: For program point L828(lines 828 845) no Hoare annotation was computed. [2022-07-13 18:01:20,018 INFO L895 garLoopResultBuilder]: At program point L973(lines 958 976) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-13 18:01:20,018 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 763 789) no Hoare annotation was computed. [2022-07-13 18:01:20,018 INFO L895 garLoopResultBuilder]: At program point L156(lines 151 159) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-13 18:01:20,018 INFO L895 garLoopResultBuilder]: At program point L177(line 177) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-07-13 18:01:20,018 INFO L899 garLoopResultBuilder]: For program point L177-1(line 177) no Hoare annotation was computed. [2022-07-13 18:01:20,018 INFO L899 garLoopResultBuilder]: For program point L685(line 685) no Hoare annotation was computed. [2022-07-13 18:01:20,019 INFO L895 garLoopResultBuilder]: At program point L838(line 838) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2) (or .cse0 .cse1 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse2 (not (<= 2 |old(~waterLevel~0)|))))) [2022-07-13 18:01:20,019 INFO L899 garLoopResultBuilder]: For program point L194(lines 194 204) no Hoare annotation was computed. [2022-07-13 18:01:20,019 INFO L899 garLoopResultBuilder]: For program point L190(lines 190 207) no Hoare annotation was computed. [2022-07-13 18:01:20,019 INFO L895 garLoopResultBuilder]: At program point L190-1(lines 182 210) the Hoare annotation is: (let ((.cse6 (= 1 ~systemActive~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse3 (not .cse6)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse9 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (<= 2 |old(~waterLevel~0)|)))) (and (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (and .cse1 .cse2) .cse3 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse2) .cse4)) (let ((.cse7 (<= ~waterLevel~0 2))) (or .cse3 .cse5 (and .cse1 .cse6 .cse7 .cse8) .cse4 (and .cse9 .cse7 .cse8) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (or .cse0 .cse3 (and (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1|) (<= |timeShift_getWaterLevel_#res#1| 2) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|)) .cse4 .cse10) (let ((.cse11 (= ~waterLevel~0 1))) (or (and .cse1 .cse6 .cse11 .cse8) .cse3 .cse5 (and .cse9 .cse11 .cse8) .cse4 .cse10))))) [2022-07-13 18:01:20,019 INFO L895 garLoopResultBuilder]: At program point L880(lines 875 882) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= ~pumpRunning~0 0)) (.cse3 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (and .cse2 (<= ~waterLevel~0 2) .cse3) .cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse4 (not (<= 2 |old(~waterLevel~0)|)) (and .cse2 (= ~waterLevel~0 1) .cse3)) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse4))) [2022-07-13 18:01:20,020 INFO L895 garLoopResultBuilder]: At program point L686(lines 681 688) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2))) [2022-07-13 18:01:20,020 INFO L895 garLoopResultBuilder]: At program point L843(line 843) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse1) (or .cse0 .cse2 .cse1 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse2 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-07-13 18:01:20,020 INFO L895 garLoopResultBuilder]: At program point L843-1(lines 824 848) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= ~pumpRunning~0 0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 (not (<= 2 |old(~waterLevel~0)|)) (and .cse6 .cse3 .cse4))) (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse6 .cse7) .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse7) .cse5)) (let ((.cse8 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse6 .cse8 .cse4) .cse5 (and .cse2 .cse8 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-13 18:01:20,020 INFO L899 garLoopResultBuilder]: For program point L777-1(lines 777 783) no Hoare annotation was computed. [2022-07-13 18:01:20,020 INFO L899 garLoopResultBuilder]: For program point L967(lines 967 971) no Hoare annotation was computed. [2022-07-13 18:01:20,020 INFO L899 garLoopResultBuilder]: For program point L967-2(lines 967 971) no Hoare annotation was computed. [2022-07-13 18:01:20,021 INFO L895 garLoopResultBuilder]: At program point L133(lines 128 136) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (= ~pumpRunning~0 0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse3 .cse4))) (let ((.cse9 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse8 (and .cse7 .cse9) .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse9) .cse5)) (or .cse8 .cse0 .cse5 (and (<= |timeShift_getWaterLevel_#res#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|)) .cse6) (let ((.cse10 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse7 .cse10 .cse4) .cse5 (and .cse2 .cse10 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-13 18:01:20,021 INFO L899 garLoopResultBuilder]: For program point L195(lines 195 201) no Hoare annotation was computed. [2022-07-13 18:01:20,021 INFO L895 garLoopResultBuilder]: At program point L179(lines 172 181) the Hoare annotation is: (let ((.cse0 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse0) .cse1 .cse2) (or .cse3 .cse1 .cse4 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse1 .cse4 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-07-13 18:01:20,021 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 763 789) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-07-13 18:01:20,021 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 763 789) no Hoare annotation was computed. [2022-07-13 18:01:20,021 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 685) no Hoare annotation was computed. [2022-07-13 18:01:20,022 INFO L899 garLoopResultBuilder]: For program point L770(lines 770 776) no Hoare annotation was computed. [2022-07-13 18:01:20,022 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 580 609) no Hoare annotation was computed. [2022-07-13 18:01:20,022 INFO L902 garLoopResultBuilder]: At program point L605(lines 580 609) the Hoare annotation is: true [2022-07-13 18:01:20,022 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 580 609) the Hoare annotation is: true [2022-07-13 18:01:20,022 INFO L899 garLoopResultBuilder]: For program point L601(line 601) no Hoare annotation was computed. [2022-07-13 18:01:20,022 INFO L899 garLoopResultBuilder]: For program point L594(lines 594 598) no Hoare annotation was computed. [2022-07-13 18:01:20,023 INFO L902 garLoopResultBuilder]: At program point L594-1(lines 594 598) the Hoare annotation is: true [2022-07-13 18:01:20,023 INFO L899 garLoopResultBuilder]: For program point L591(line 591) no Hoare annotation was computed. [2022-07-13 18:01:20,023 INFO L902 garLoopResultBuilder]: At program point L590-2(lines 590 604) the Hoare annotation is: true [2022-07-13 18:01:20,023 INFO L902 garLoopResultBuilder]: At program point L586(line 586) the Hoare annotation is: true [2022-07-13 18:01:20,023 INFO L899 garLoopResultBuilder]: For program point L586-1(line 586) no Hoare annotation was computed. [2022-07-13 18:01:20,023 INFO L899 garLoopResultBuilder]: For program point L667(lines 667 674) no Hoare annotation was computed. [2022-07-13 18:01:20,023 INFO L899 garLoopResultBuilder]: For program point L667-2(lines 667 674) no Hoare annotation was computed. [2022-07-13 18:01:20,024 INFO L899 garLoopResultBuilder]: For program point L721(lines 721 727) no Hoare annotation was computed. [2022-07-13 18:01:20,024 INFO L899 garLoopResultBuilder]: For program point L721-1(lines 721 727) no Hoare annotation was computed. [2022-07-13 18:01:20,024 INFO L902 garLoopResultBuilder]: At program point L651(lines 643 653) the Hoare annotation is: true [2022-07-13 18:01:20,024 INFO L895 garLoopResultBuilder]: At program point L746(lines 701 748) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-13 18:01:20,024 INFO L895 garLoopResultBuilder]: At program point L713(line 713) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-13 18:01:20,025 INFO L902 garLoopResultBuilder]: At program point L676(lines 657 679) the Hoare annotation is: true [2022-07-13 18:01:20,025 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-07-13 18:01:20,025 INFO L895 garLoopResultBuilder]: At program point L639(lines 635 641) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:20,025 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-07-13 18:01:20,025 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-07-13 18:01:20,025 INFO L895 garLoopResultBuilder]: At program point L982(lines 977 984) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-13 18:01:20,025 INFO L895 garLoopResultBuilder]: At program point L169(lines 164 171) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:20,026 INFO L899 garLoopResultBuilder]: For program point L739(lines 739 743) no Hoare annotation was computed. [2022-07-13 18:01:20,026 INFO L895 garLoopResultBuilder]: At program point L739-2(lines 731 744) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-13 18:01:20,026 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-07-13 18:01:20,026 INFO L899 garLoopResultBuilder]: For program point L702(lines 701 748) no Hoare annotation was computed. [2022-07-13 18:01:20,026 INFO L899 garLoopResultBuilder]: For program point L731(lines 731 744) no Hoare annotation was computed. [2022-07-13 18:01:20,026 INFO L895 garLoopResultBuilder]: At program point L1016(lines 1011 1019) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:20,027 INFO L895 garLoopResultBuilder]: At program point L723(line 723) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-07-13 18:01:20,027 INFO L895 garLoopResultBuilder]: At program point L1008(lines 1004 1010) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:20,027 INFO L902 garLoopResultBuilder]: At program point L752(lines 691 756) the Hoare annotation is: true [2022-07-13 18:01:20,027 INFO L899 garLoopResultBuilder]: For program point L711(lines 711 717) no Hoare annotation was computed. [2022-07-13 18:01:20,027 INFO L899 garLoopResultBuilder]: For program point L711-1(lines 711 717) no Hoare annotation was computed. [2022-07-13 18:01:20,027 INFO L899 garLoopResultBuilder]: For program point L703(lines 703 707) no Hoare annotation was computed. [2022-07-13 18:01:20,028 INFO L895 garLoopResultBuilder]: At program point L749(lines 700 750) the Hoare annotation is: false [2022-07-13 18:01:20,028 INFO L895 garLoopResultBuilder]: At program point L1001(lines 997 1003) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-07-13 18:01:20,028 INFO L899 garLoopResultBuilder]: For program point L865(lines 865 871) no Hoare annotation was computed. [2022-07-13 18:01:20,028 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 798 822) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 .cse1))) [2022-07-13 18:01:20,028 INFO L895 garLoopResultBuilder]: At program point L865-2(lines 858 874) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2)))) (and (let ((.cse0 (<= 2 ~waterLevel~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) .cse0) .cse1 .cse2 (and (= ~pumpRunning~0 0) .cse0))) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:20,028 INFO L895 garLoopResultBuilder]: At program point L954(lines 939 957) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2)))) (and (let ((.cse0 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse0 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~9#1| 0))) .cse1 .cse2 (and .cse0 (<= 2 ~waterLevel~0)))) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:20,029 INFO L895 garLoopResultBuilder]: At program point L890(lines 883 893) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0))))) [2022-07-13 18:01:20,029 INFO L899 garLoopResultBuilder]: For program point L948(lines 948 952) no Hoare annotation was computed. [2022-07-13 18:01:20,029 INFO L899 garLoopResultBuilder]: For program point L948-2(lines 948 952) no Hoare annotation was computed. [2022-07-13 18:01:20,029 INFO L899 garLoopResultBuilder]: For program point L141(lines 141 147) no Hoare annotation was computed. [2022-07-13 18:01:20,029 INFO L895 garLoopResultBuilder]: At program point L812(line 812) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~6#1| 0)) (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:20,029 INFO L899 garLoopResultBuilder]: For program point L806(lines 806 814) no Hoare annotation was computed. [2022-07-13 18:01:20,030 INFO L899 garLoopResultBuilder]: For program point L802(lines 802 819) no Hoare annotation was computed. [2022-07-13 18:01:20,030 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 798 822) no Hoare annotation was computed. [2022-07-13 18:01:20,030 INFO L895 garLoopResultBuilder]: At program point L854(lines 849 856) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0)) .cse0 .cse1))) [2022-07-13 18:01:20,030 INFO L895 garLoopResultBuilder]: At program point L146(lines 137 150) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2)))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))) .cse2 (and .cse1 (<= 2 ~waterLevel~0)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-07-13 18:01:20,030 INFO L895 garLoopResultBuilder]: At program point L817(line 817) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2022-07-13 18:01:20,030 INFO L899 garLoopResultBuilder]: For program point L817-1(lines 798 822) no Hoare annotation was computed. [2022-07-13 18:01:20,031 INFO L895 garLoopResultBuilder]: At program point L101(lines 96 104) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (and (= ~pumpRunning~0 0) (<= 2 ~waterLevel~0))))) [2022-07-13 18:01:20,031 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 72 83) no Hoare annotation was computed. [2022-07-13 18:01:20,031 INFO L899 garLoopResultBuilder]: For program point L76-1(lines 72 83) no Hoare annotation was computed. [2022-07-13 18:01:20,031 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 72 83) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or (not (= ~pumpRunning~0 0)) .cse0 .cse2 .cse3))) [2022-07-13 18:01:20,031 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 894 902) no Hoare annotation was computed. [2022-07-13 18:01:20,031 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 894 902) the Hoare annotation is: true [2022-07-13 18:01:20,032 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 894 902) no Hoare annotation was computed. [2022-07-13 18:01:20,034 INFO L356 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-07-13 18:01:20,036 INFO L176 ceAbstractionStarter]: Computing trace abstraction results [2022-07-13 18:01:20,064 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 13.07 06:01:20 BoogieIcfgContainer [2022-07-13 18:01:20,064 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-07-13 18:01:20,065 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-07-13 18:01:20,065 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-07-13 18:01:20,065 INFO L275 PluginConnector]: Witness Printer initialized [2022-07-13 18:01:20,066 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.07 06:01:12" (3/4) ... [2022-07-13 18:01:20,068 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-07-13 18:01:20,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-07-13 18:01:20,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-07-13 18:01:20,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-07-13 18:01:20,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-07-13 18:01:20,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-07-13 18:01:20,075 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-07-13 18:01:20,075 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-07-13 18:01:20,081 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 54 nodes and edges [2022-07-13 18:01:20,082 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-07-13 18:01:20,082 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-07-13 18:01:20,083 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-07-13 18:01:20,083 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-07-13 18:01:20,083 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-13 18:01:20,084 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-07-13 18:01:20,106 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-13 18:01:20,106 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-13 18:01:20,106 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((pumpRunning == 0 && 1 == systemActive) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((1 < tmp && \result <= 2) && tmp <= 2) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-13 18:01:20,107 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-13 18:01:20,107 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-07-13 18:01:20,107 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-07-13 18:01:20,108 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-13 18:01:20,108 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) [2022-07-13 18:01:20,108 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-07-13 18:01:20,108 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (((pumpRunning == 0 && tmp___0 == 0) && \result == 0) && !(tmp == 0))) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) [2022-07-13 18:01:20,109 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-07-13 18:01:20,109 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) [2022-07-13 18:01:20,109 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) [2022-07-13 18:01:20,109 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) [2022-07-13 18:01:20,109 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) [2022-07-13 18:01:20,127 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-07-13 18:01:20,127 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-07-13 18:01:20,128 INFO L158 Benchmark]: Toolchain (without parser) took 8211.89ms. Allocated memory was 90.2MB in the beginning and 180.4MB in the end (delta: 90.2MB). Free memory was 59.0MB in the beginning and 134.3MB in the end (delta: -75.3MB). Peak memory consumption was 14.9MB. Max. memory is 16.1GB. [2022-07-13 18:01:20,128 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 90.2MB. Free memory is still 46.6MB. There was no memory consumed. Max. memory is 16.1GB. [2022-07-13 18:01:20,129 INFO L158 Benchmark]: CACSL2BoogieTranslator took 319.18ms. Allocated memory was 90.2MB in the beginning and 109.1MB in the end (delta: 18.9MB). Free memory was 58.8MB in the beginning and 76.0MB in the end (delta: -17.2MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-07-13 18:01:20,129 INFO L158 Benchmark]: Boogie Procedure Inliner took 48.94ms. Allocated memory is still 109.1MB. Free memory was 76.0MB in the beginning and 73.6MB in the end (delta: 2.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-13 18:01:20,129 INFO L158 Benchmark]: Boogie Preprocessor took 24.16ms. Allocated memory is still 109.1MB. Free memory was 73.6MB in the beginning and 71.8MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-07-13 18:01:20,129 INFO L158 Benchmark]: RCFGBuilder took 443.68ms. Allocated memory is still 109.1MB. Free memory was 71.8MB in the beginning and 81.3MB in the end (delta: -9.5MB). Peak memory consumption was 15.3MB. Max. memory is 16.1GB. [2022-07-13 18:01:20,130 INFO L158 Benchmark]: TraceAbstraction took 7298.09ms. Allocated memory was 109.1MB in the beginning and 180.4MB in the end (delta: 71.3MB). Free memory was 80.8MB in the beginning and 140.6MB in the end (delta: -59.8MB). Peak memory consumption was 85.0MB. Max. memory is 16.1GB. [2022-07-13 18:01:20,130 INFO L158 Benchmark]: Witness Printer took 62.55ms. Allocated memory is still 180.4MB. Free memory was 140.6MB in the beginning and 134.3MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-07-13 18:01:20,131 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 90.2MB. Free memory is still 46.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 319.18ms. Allocated memory was 90.2MB in the beginning and 109.1MB in the end (delta: 18.9MB). Free memory was 58.8MB in the beginning and 76.0MB in the end (delta: -17.2MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 48.94ms. Allocated memory is still 109.1MB. Free memory was 76.0MB in the beginning and 73.6MB in the end (delta: 2.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 24.16ms. Allocated memory is still 109.1MB. Free memory was 73.6MB in the beginning and 71.8MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 443.68ms. Allocated memory is still 109.1MB. Free memory was 71.8MB in the beginning and 81.3MB in the end (delta: -9.5MB). Peak memory consumption was 15.3MB. Max. memory is 16.1GB. * TraceAbstraction took 7298.09ms. Allocated memory was 109.1MB in the beginning and 180.4MB in the end (delta: 71.3MB). Free memory was 80.8MB in the beginning and 140.6MB in the end (delta: -59.8MB). Peak memory consumption was 85.0MB. Max. memory is 16.1GB. * Witness Printer took 62.55ms. Allocated memory is still 180.4MB. Free memory was 140.6MB in the beginning and 134.3MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 685]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 97 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 7.2s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.2s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 3.2s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1846 SdHoareTripleChecker+Valid, 1.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1813 mSDsluCounter, 3835 SdHoareTripleChecker+Invalid, 1.0s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2623 mSDsCounter, 566 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1961 IncrementalHoareTripleChecker+Invalid, 2527 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 566 mSolverCounterUnsat, 1212 mSDtfsCounter, 1961 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 408 GetRequests, 300 SyntacticMatches, 2 SemanticMatches, 106 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 640 ImplicationChecksByTransitivity, 0.7s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=440occurred in iteration=9, InterpolantAutomatonStates: 101, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 10 MinimizatonAttempts, 142 StatesRemovedByMinimization, 6 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 46 LocationsWithAnnotation, 1015 PreInvPairs, 1233 NumberOfFragments, 1876 HoareAnnotationTreeSize, 1015 FomulaSimplifications, 752 FormulaSimplificationTreeSizeReduction, 0.2s HoareSimplificationTime, 46 FomulaSimplificationsInter, 9420 FormulaSimplificationTreeSizeReductionInter, 3.0s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 0.9s InterpolantComputationTime, 635 NumberOfCodeBlocks, 635 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 725 ConstructedInterpolants, 0 QuantifiedInterpolants, 1477 SizeOfPredicates, 3 NumberOfNonLiveVariables, 494 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 101/129 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 635]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 875]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 700]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 691]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 977]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 128]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 172]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 96]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) - InvariantResult [Line: 824]: Loop Invariant Derived loop invariant: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 590]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 1011]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 939]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (((pumpRunning == 0 && tmp___0 == 0) && \result == 0) && !(tmp == 0))) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 681]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 643]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 701]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 580]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 958]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 182]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((pumpRunning == 0 && 1 == systemActive) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((1 < tmp && \result <= 2) && tmp <= 2) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((((((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 883]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) - InvariantResult [Line: 60]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 164]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 858]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 1004]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 151]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 137]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 849]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) - InvariantResult [Line: 997]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 657]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-07-13 18:01:20,194 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE