./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version c3fed411 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash f18c518732faf536b365bed3360055c2f4eb753a861011ef1bbe74f5b721db8d --- Real Ultimate output --- This is Ultimate 0.2.2-tmp.no-commuhash-c3fed41 [2021-12-16 01:01:17,884 INFO L177 SettingsManager]: Resetting all preferences to default values... [2021-12-16 01:01:17,886 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2021-12-16 01:01:17,944 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2021-12-16 01:01:17,945 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2021-12-16 01:01:17,946 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2021-12-16 01:01:17,947 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2021-12-16 01:01:17,948 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2021-12-16 01:01:17,950 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2021-12-16 01:01:17,950 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2021-12-16 01:01:17,951 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2021-12-16 01:01:17,952 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2021-12-16 01:01:17,953 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2021-12-16 01:01:17,953 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2021-12-16 01:01:17,955 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2021-12-16 01:01:17,956 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2021-12-16 01:01:17,956 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2021-12-16 01:01:17,957 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2021-12-16 01:01:17,959 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2021-12-16 01:01:17,960 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2021-12-16 01:01:17,961 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2021-12-16 01:01:17,962 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2021-12-16 01:01:17,963 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2021-12-16 01:01:17,964 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2021-12-16 01:01:17,966 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2021-12-16 01:01:17,966 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2021-12-16 01:01:17,967 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2021-12-16 01:01:17,967 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2021-12-16 01:01:17,968 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2021-12-16 01:01:17,969 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2021-12-16 01:01:17,969 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2021-12-16 01:01:17,970 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2021-12-16 01:01:17,970 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2021-12-16 01:01:17,971 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2021-12-16 01:01:17,972 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2021-12-16 01:01:17,972 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2021-12-16 01:01:17,973 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2021-12-16 01:01:17,973 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2021-12-16 01:01:17,973 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2021-12-16 01:01:17,974 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2021-12-16 01:01:17,975 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2021-12-16 01:01:17,976 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2021-12-16 01:01:17,994 INFO L113 SettingsManager]: Loading preferences was successful [2021-12-16 01:01:17,994 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2021-12-16 01:01:17,995 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2021-12-16 01:01:17,995 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2021-12-16 01:01:17,995 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2021-12-16 01:01:17,996 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2021-12-16 01:01:17,996 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2021-12-16 01:01:17,996 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2021-12-16 01:01:17,996 INFO L138 SettingsManager]: * Use SBE=true [2021-12-16 01:01:17,997 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2021-12-16 01:01:17,997 INFO L138 SettingsManager]: * sizeof long=4 [2021-12-16 01:01:17,997 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2021-12-16 01:01:17,997 INFO L138 SettingsManager]: * sizeof POINTER=4 [2021-12-16 01:01:17,997 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2021-12-16 01:01:17,998 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2021-12-16 01:01:17,998 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2021-12-16 01:01:17,998 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2021-12-16 01:01:17,998 INFO L138 SettingsManager]: * sizeof long double=12 [2021-12-16 01:01:17,998 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2021-12-16 01:01:17,998 INFO L138 SettingsManager]: * Use constant arrays=true [2021-12-16 01:01:17,999 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2021-12-16 01:01:17,999 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2021-12-16 01:01:17,999 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2021-12-16 01:01:17,999 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2021-12-16 01:01:17,999 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2021-12-16 01:01:18,000 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2021-12-16 01:01:18,000 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2021-12-16 01:01:18,000 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2021-12-16 01:01:18,000 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2021-12-16 01:01:18,000 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2021-12-16 01:01:18,001 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2021-12-16 01:01:18,001 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2021-12-16 01:01:18,001 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2021-12-16 01:01:18,001 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2021-12-16 01:01:18,001 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> f18c518732faf536b365bed3360055c2f4eb753a861011ef1bbe74f5b721db8d [2021-12-16 01:01:18,173 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2021-12-16 01:01:18,192 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2021-12-16 01:01:18,194 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2021-12-16 01:01:18,194 INFO L271 PluginConnector]: Initializing CDTParser... [2021-12-16 01:01:18,196 INFO L275 PluginConnector]: CDTParser initialized [2021-12-16 01:01:18,196 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c [2021-12-16 01:01:18,247 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9d7ab53aa/aef90225d5e94c9ab57294a117747f01/FLAG1e3283370 [2021-12-16 01:01:18,658 INFO L306 CDTParser]: Found 1 translation units. [2021-12-16 01:01:18,658 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c [2021-12-16 01:01:18,675 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9d7ab53aa/aef90225d5e94c9ab57294a117747f01/FLAG1e3283370 [2021-12-16 01:01:18,688 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9d7ab53aa/aef90225d5e94c9ab57294a117747f01 [2021-12-16 01:01:18,691 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2021-12-16 01:01:18,693 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2021-12-16 01:01:18,697 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2021-12-16 01:01:18,697 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2021-12-16 01:01:18,701 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2021-12-16 01:01:18,701 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.12 01:01:18" (1/1) ... [2021-12-16 01:01:18,702 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2fba12a2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:18, skipping insertion in model container [2021-12-16 01:01:18,702 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.12 01:01:18" (1/1) ... [2021-12-16 01:01:18,712 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2021-12-16 01:01:18,761 INFO L178 MainTranslator]: Built tables and reachable declarations [2021-12-16 01:01:18,999 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c[18005,18018] [2021-12-16 01:01:19,003 INFO L209 PostProcessor]: Analyzing one entry point: main [2021-12-16 01:01:19,020 INFO L203 MainTranslator]: Completed pre-run [2021-12-16 01:01:19,116 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product44.cil.c[18005,18018] [2021-12-16 01:01:19,121 INFO L209 PostProcessor]: Analyzing one entry point: main [2021-12-16 01:01:19,139 INFO L208 MainTranslator]: Completed translation [2021-12-16 01:01:19,140 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19 WrapperNode [2021-12-16 01:01:19,140 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2021-12-16 01:01:19,141 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2021-12-16 01:01:19,142 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2021-12-16 01:01:19,142 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2021-12-16 01:01:19,148 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,168 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,198 INFO L137 Inliner]: procedures = 57, calls = 157, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 261 [2021-12-16 01:01:19,204 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2021-12-16 01:01:19,204 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2021-12-16 01:01:19,205 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2021-12-16 01:01:19,205 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2021-12-16 01:01:19,212 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,212 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,222 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,222 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,227 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,231 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,240 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,244 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2021-12-16 01:01:19,247 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2021-12-16 01:01:19,247 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2021-12-16 01:01:19,247 INFO L275 PluginConnector]: RCFGBuilder initialized [2021-12-16 01:01:19,248 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (1/1) ... [2021-12-16 01:01:19,254 INFO L168 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2021-12-16 01:01:19,269 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-16 01:01:19,288 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2021-12-16 01:01:19,294 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2021-12-16 01:01:19,323 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2021-12-16 01:01:19,323 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2021-12-16 01:01:19,324 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2021-12-16 01:01:19,324 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2021-12-16 01:01:19,324 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2021-12-16 01:01:19,324 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2021-12-16 01:01:19,325 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2021-12-16 01:01:19,325 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2021-12-16 01:01:19,325 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2021-12-16 01:01:19,325 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2021-12-16 01:01:19,325 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2021-12-16 01:01:19,325 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2021-12-16 01:01:19,325 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2021-12-16 01:01:19,326 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2021-12-16 01:01:19,326 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2021-12-16 01:01:19,326 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2021-12-16 01:01:19,382 INFO L236 CfgBuilder]: Building ICFG [2021-12-16 01:01:19,383 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2021-12-16 01:01:19,636 INFO L277 CfgBuilder]: Performing block encoding [2021-12-16 01:01:19,657 INFO L296 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2021-12-16 01:01:19,657 INFO L301 CfgBuilder]: Removed 2 assume(true) statements. [2021-12-16 01:01:19,658 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.12 01:01:19 BoogieIcfgContainer [2021-12-16 01:01:19,658 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2021-12-16 01:01:19,660 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2021-12-16 01:01:19,660 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2021-12-16 01:01:19,663 INFO L275 PluginConnector]: TraceAbstraction initialized [2021-12-16 01:01:19,663 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 16.12 01:01:18" (1/3) ... [2021-12-16 01:01:19,664 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@75e9644a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.12 01:01:19, skipping insertion in model container [2021-12-16 01:01:19,664 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.12 01:01:19" (2/3) ... [2021-12-16 01:01:19,664 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@75e9644a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.12 01:01:19, skipping insertion in model container [2021-12-16 01:01:19,664 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.12 01:01:19" (3/3) ... [2021-12-16 01:01:19,665 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product44.cil.c [2021-12-16 01:01:19,669 INFO L204 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2021-12-16 01:01:19,669 INFO L163 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2021-12-16 01:01:19,719 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2021-12-16 01:01:19,724 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2021-12-16 01:01:19,724 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2021-12-16 01:01:19,743 INFO L276 IsEmpty]: Start isEmpty. Operand has 89 states, 71 states have (on average 1.3661971830985915) internal successors, (97), 77 states have internal predecessors, (97), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2021-12-16 01:01:19,748 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2021-12-16 01:01:19,749 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:19,749 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:19,750 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:19,753 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:19,753 INFO L85 PathProgramCache]: Analyzing trace with hash -1684151890, now seen corresponding path program 1 times [2021-12-16 01:01:19,760 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:19,760 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1497534095] [2021-12-16 01:01:19,760 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:19,761 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:19,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:19,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2021-12-16 01:01:19,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2021-12-16 01:01:20,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,022 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-16 01:01:20,023 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:20,023 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1497534095] [2021-12-16 01:01:20,024 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1497534095] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:20,025 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:20,025 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2021-12-16 01:01:20,026 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [544940533] [2021-12-16 01:01:20,027 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:20,031 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2021-12-16 01:01:20,031 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:20,058 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2021-12-16 01:01:20,059 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2021-12-16 01:01:20,062 INFO L87 Difference]: Start difference. First operand has 89 states, 71 states have (on average 1.3661971830985915) internal successors, (97), 77 states have internal predecessors, (97), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-16 01:01:20,106 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:20,106 INFO L93 Difference]: Finished difference Result 169 states and 228 transitions. [2021-12-16 01:01:20,107 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2021-12-16 01:01:20,108 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2021-12-16 01:01:20,109 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:20,119 INFO L225 Difference]: With dead ends: 169 [2021-12-16 01:01:20,119 INFO L226 Difference]: Without dead ends: 80 [2021-12-16 01:01:20,124 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2021-12-16 01:01:20,128 INFO L933 BasicCegarLoop]: 111 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 111 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:20,129 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 111 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-16 01:01:20,143 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2021-12-16 01:01:20,176 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 80. [2021-12-16 01:01:20,177 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 80 states, 64 states have (on average 1.296875) internal successors, (83), 69 states have internal predecessors, (83), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2021-12-16 01:01:20,181 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 80 states to 80 states and 102 transitions. [2021-12-16 01:01:20,182 INFO L78 Accepts]: Start accepts. Automaton has 80 states and 102 transitions. Word has length 32 [2021-12-16 01:01:20,183 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:20,183 INFO L470 AbstractCegarLoop]: Abstraction has 80 states and 102 transitions. [2021-12-16 01:01:20,183 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-16 01:01:20,184 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 102 transitions. [2021-12-16 01:01:20,188 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2021-12-16 01:01:20,189 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:20,189 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:20,189 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2021-12-16 01:01:20,190 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:20,192 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:20,192 INFO L85 PathProgramCache]: Analyzing trace with hash 1709273223, now seen corresponding path program 1 times [2021-12-16 01:01:20,193 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:20,193 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1678166644] [2021-12-16 01:01:20,193 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:20,193 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:20,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2021-12-16 01:01:20,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2021-12-16 01:01:20,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,291 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-16 01:01:20,291 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:20,292 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1678166644] [2021-12-16 01:01:20,292 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1678166644] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:20,292 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:20,292 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2021-12-16 01:01:20,292 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1574492786] [2021-12-16 01:01:20,292 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:20,294 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2021-12-16 01:01:20,295 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:20,295 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2021-12-16 01:01:20,296 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-16 01:01:20,296 INFO L87 Difference]: Start difference. First operand 80 states and 102 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-16 01:01:20,314 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:20,317 INFO L93 Difference]: Finished difference Result 120 states and 153 transitions. [2021-12-16 01:01:20,320 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2021-12-16 01:01:20,320 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2021-12-16 01:01:20,320 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:20,323 INFO L225 Difference]: With dead ends: 120 [2021-12-16 01:01:20,323 INFO L226 Difference]: Without dead ends: 71 [2021-12-16 01:01:20,328 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-16 01:01:20,330 INFO L933 BasicCegarLoop]: 89 mSDtfsCounter, 18 mSDsluCounter, 67 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 156 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:20,330 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 156 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-16 01:01:20,332 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 71 states. [2021-12-16 01:01:20,342 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 71 to 71. [2021-12-16 01:01:20,343 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 71 states, 58 states have (on average 1.3103448275862069) internal successors, (76), 63 states have internal predecessors, (76), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2021-12-16 01:01:20,344 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 71 states to 71 states and 90 transitions. [2021-12-16 01:01:20,344 INFO L78 Accepts]: Start accepts. Automaton has 71 states and 90 transitions. Word has length 33 [2021-12-16 01:01:20,345 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:20,345 INFO L470 AbstractCegarLoop]: Abstraction has 71 states and 90 transitions. [2021-12-16 01:01:20,345 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-16 01:01:20,345 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 90 transitions. [2021-12-16 01:01:20,346 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2021-12-16 01:01:20,346 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:20,346 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:20,346 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2021-12-16 01:01:20,347 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:20,347 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:20,347 INFO L85 PathProgramCache]: Analyzing trace with hash 1502879027, now seen corresponding path program 1 times [2021-12-16 01:01:20,347 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:20,347 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1120423103] [2021-12-16 01:01:20,348 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:20,348 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:20,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-16 01:01:20,406 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,415 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2021-12-16 01:01:20,416 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,421 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-16 01:01:20,422 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:20,422 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1120423103] [2021-12-16 01:01:20,422 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1120423103] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:20,423 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:20,424 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2021-12-16 01:01:20,424 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [723153008] [2021-12-16 01:01:20,424 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:20,425 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2021-12-16 01:01:20,425 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:20,426 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2021-12-16 01:01:20,426 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-16 01:01:20,427 INFO L87 Difference]: Start difference. First operand 71 states and 90 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:20,464 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:20,464 INFO L93 Difference]: Finished difference Result 195 states and 253 transitions. [2021-12-16 01:01:20,465 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2021-12-16 01:01:20,465 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2021-12-16 01:01:20,465 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:20,467 INFO L225 Difference]: With dead ends: 195 [2021-12-16 01:01:20,467 INFO L226 Difference]: Without dead ends: 132 [2021-12-16 01:01:20,467 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-16 01:01:20,470 INFO L933 BasicCegarLoop]: 109 mSDtfsCounter, 78 mSDsluCounter, 77 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 78 SdHoareTripleChecker+Valid, 186 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:20,470 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [78 Valid, 186 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-16 01:01:20,473 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 132 states. [2021-12-16 01:01:20,494 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 132 to 127. [2021-12-16 01:01:20,497 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 127 states, 102 states have (on average 1.3333333333333333) internal successors, (136), 111 states have internal predecessors, (136), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2021-12-16 01:01:20,499 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 127 states to 127 states and 164 transitions. [2021-12-16 01:01:20,501 INFO L78 Accepts]: Start accepts. Automaton has 127 states and 164 transitions. Word has length 38 [2021-12-16 01:01:20,501 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:20,501 INFO L470 AbstractCegarLoop]: Abstraction has 127 states and 164 transitions. [2021-12-16 01:01:20,501 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:20,502 INFO L276 IsEmpty]: Start isEmpty. Operand 127 states and 164 transitions. [2021-12-16 01:01:20,503 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2021-12-16 01:01:20,506 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:20,507 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:20,507 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2021-12-16 01:01:20,507 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:20,508 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:20,509 INFO L85 PathProgramCache]: Analyzing trace with hash -793445015, now seen corresponding path program 1 times [2021-12-16 01:01:20,513 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:20,513 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1271227931] [2021-12-16 01:01:20,514 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:20,514 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:20,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2021-12-16 01:01:20,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,606 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2021-12-16 01:01:20,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,624 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2021-12-16 01:01:20,624 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:20,625 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1271227931] [2021-12-16 01:01:20,625 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1271227931] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:20,625 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:20,625 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2021-12-16 01:01:20,625 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1394918690] [2021-12-16 01:01:20,626 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:20,626 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2021-12-16 01:01:20,627 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:20,627 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2021-12-16 01:01:20,628 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2021-12-16 01:01:20,628 INFO L87 Difference]: Start difference. First operand 127 states and 164 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-16 01:01:20,771 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:20,771 INFO L93 Difference]: Finished difference Result 342 states and 450 transitions. [2021-12-16 01:01:20,776 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2021-12-16 01:01:20,777 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2021-12-16 01:01:20,777 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:20,783 INFO L225 Difference]: With dead ends: 342 [2021-12-16 01:01:20,783 INFO L226 Difference]: Without dead ends: 223 [2021-12-16 01:01:20,785 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2021-12-16 01:01:20,786 INFO L933 BasicCegarLoop]: 100 mSDtfsCounter, 47 mSDsluCounter, 325 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 48 SdHoareTripleChecker+Valid, 425 SdHoareTripleChecker+Invalid, 64 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:20,787 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [48 Valid, 425 Invalid, 64 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 55 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-16 01:01:20,788 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 223 states. [2021-12-16 01:01:20,808 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 223 to 211. [2021-12-16 01:01:20,808 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 211 states, 166 states have (on average 1.2951807228915662) internal successors, (215), 179 states have internal predecessors, (215), 24 states have call successors, (24), 20 states have call predecessors, (24), 20 states have return successors, (28), 24 states have call predecessors, (28), 24 states have call successors, (28) [2021-12-16 01:01:20,810 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 211 states to 211 states and 267 transitions. [2021-12-16 01:01:20,810 INFO L78 Accepts]: Start accepts. Automaton has 211 states and 267 transitions. Word has length 41 [2021-12-16 01:01:20,810 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:20,811 INFO L470 AbstractCegarLoop]: Abstraction has 211 states and 267 transitions. [2021-12-16 01:01:20,811 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-16 01:01:20,811 INFO L276 IsEmpty]: Start isEmpty. Operand 211 states and 267 transitions. [2021-12-16 01:01:20,813 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2021-12-16 01:01:20,813 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:20,813 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:20,813 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2021-12-16 01:01:20,813 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:20,814 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:20,814 INFO L85 PathProgramCache]: Analyzing trace with hash 855988844, now seen corresponding path program 1 times [2021-12-16 01:01:20,814 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:20,814 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1336800266] [2021-12-16 01:01:20,814 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:20,815 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:20,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-16 01:01:20,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,867 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2021-12-16 01:01:20,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:20,870 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-16 01:01:20,871 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:20,871 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1336800266] [2021-12-16 01:01:20,871 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1336800266] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:20,871 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:20,871 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2021-12-16 01:01:20,872 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [432030514] [2021-12-16 01:01:20,873 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:20,880 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2021-12-16 01:01:20,880 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:20,880 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2021-12-16 01:01:20,881 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2021-12-16 01:01:20,881 INFO L87 Difference]: Start difference. First operand 211 states and 267 transitions. Second operand has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:20,951 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:20,952 INFO L93 Difference]: Finished difference Result 462 states and 598 transitions. [2021-12-16 01:01:20,952 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2021-12-16 01:01:20,952 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 51 [2021-12-16 01:01:20,953 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:20,958 INFO L225 Difference]: With dead ends: 462 [2021-12-16 01:01:20,958 INFO L226 Difference]: Without dead ends: 259 [2021-12-16 01:01:20,959 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2021-12-16 01:01:20,962 INFO L933 BasicCegarLoop]: 100 mSDtfsCounter, 42 mSDsluCounter, 281 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 44 SdHoareTripleChecker+Valid, 381 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:20,962 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [44 Valid, 381 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-16 01:01:20,964 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 259 states. [2021-12-16 01:01:20,986 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 259 to 217. [2021-12-16 01:01:20,987 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 217 states, 172 states have (on average 1.2848837209302326) internal successors, (221), 185 states have internal predecessors, (221), 24 states have call successors, (24), 20 states have call predecessors, (24), 20 states have return successors, (28), 24 states have call predecessors, (28), 24 states have call successors, (28) [2021-12-16 01:01:20,988 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 217 states to 217 states and 273 transitions. [2021-12-16 01:01:20,988 INFO L78 Accepts]: Start accepts. Automaton has 217 states and 273 transitions. Word has length 51 [2021-12-16 01:01:20,989 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:20,989 INFO L470 AbstractCegarLoop]: Abstraction has 217 states and 273 transitions. [2021-12-16 01:01:20,989 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:20,989 INFO L276 IsEmpty]: Start isEmpty. Operand 217 states and 273 transitions. [2021-12-16 01:01:20,990 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2021-12-16 01:01:20,990 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:20,991 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:20,991 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2021-12-16 01:01:20,991 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:20,991 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:20,991 INFO L85 PathProgramCache]: Analyzing trace with hash 1278690670, now seen corresponding path program 1 times [2021-12-16 01:01:20,992 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:20,992 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1104194440] [2021-12-16 01:01:20,992 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:20,992 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:21,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-16 01:01:21,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2021-12-16 01:01:21,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,042 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-16 01:01:21,042 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:21,043 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1104194440] [2021-12-16 01:01:21,043 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1104194440] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:21,043 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:21,043 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2021-12-16 01:01:21,043 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1314468654] [2021-12-16 01:01:21,043 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:21,044 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2021-12-16 01:01:21,044 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:21,044 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2021-12-16 01:01:21,044 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2021-12-16 01:01:21,044 INFO L87 Difference]: Start difference. First operand 217 states and 273 transitions. Second operand has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:21,109 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:21,110 INFO L93 Difference]: Finished difference Result 486 states and 624 transitions. [2021-12-16 01:01:21,110 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2021-12-16 01:01:21,110 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 51 [2021-12-16 01:01:21,111 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:21,113 INFO L225 Difference]: With dead ends: 486 [2021-12-16 01:01:21,113 INFO L226 Difference]: Without dead ends: 277 [2021-12-16 01:01:21,115 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2021-12-16 01:01:21,116 INFO L933 BasicCegarLoop]: 120 mSDtfsCounter, 155 mSDsluCounter, 317 mSDsCounter, 0 mSdLazyCounter, 22 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 157 SdHoareTripleChecker+Valid, 437 SdHoareTripleChecker+Invalid, 37 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 22 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:21,118 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [157 Valid, 437 Invalid, 37 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 22 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-16 01:01:21,119 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 277 states. [2021-12-16 01:01:21,141 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 277 to 221. [2021-12-16 01:01:21,141 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 221 states, 176 states have (on average 1.2784090909090908) internal successors, (225), 189 states have internal predecessors, (225), 24 states have call successors, (24), 20 states have call predecessors, (24), 20 states have return successors, (28), 24 states have call predecessors, (28), 24 states have call successors, (28) [2021-12-16 01:01:21,144 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 221 states to 221 states and 277 transitions. [2021-12-16 01:01:21,144 INFO L78 Accepts]: Start accepts. Automaton has 221 states and 277 transitions. Word has length 51 [2021-12-16 01:01:21,144 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:21,144 INFO L470 AbstractCegarLoop]: Abstraction has 221 states and 277 transitions. [2021-12-16 01:01:21,145 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.8) internal successors, (44), 5 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:21,145 INFO L276 IsEmpty]: Start isEmpty. Operand 221 states and 277 transitions. [2021-12-16 01:01:21,148 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2021-12-16 01:01:21,148 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:21,148 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:21,148 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2021-12-16 01:01:21,148 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:21,149 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:21,149 INFO L85 PathProgramCache]: Analyzing trace with hash -526747664, now seen corresponding path program 1 times [2021-12-16 01:01:21,149 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:21,149 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1761704845] [2021-12-16 01:01:21,149 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:21,149 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:21,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,211 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-16 01:01:21,213 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2021-12-16 01:01:21,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,221 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-16 01:01:21,221 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:21,221 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1761704845] [2021-12-16 01:01:21,221 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1761704845] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:21,222 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:21,222 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2021-12-16 01:01:21,222 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1737990054] [2021-12-16 01:01:21,222 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:21,224 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2021-12-16 01:01:21,224 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:21,224 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2021-12-16 01:01:21,224 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-16 01:01:21,225 INFO L87 Difference]: Start difference. First operand 221 states and 277 transitions. Second operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:21,249 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:21,250 INFO L93 Difference]: Finished difference Result 528 states and 667 transitions. [2021-12-16 01:01:21,250 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2021-12-16 01:01:21,250 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 51 [2021-12-16 01:01:21,251 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:21,253 INFO L225 Difference]: With dead ends: 528 [2021-12-16 01:01:21,253 INFO L226 Difference]: Without dead ends: 315 [2021-12-16 01:01:21,254 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-16 01:01:21,256 INFO L933 BasicCegarLoop]: 95 mSDtfsCounter, 39 mSDsluCounter, 76 mSDsCounter, 0 mSdLazyCounter, 10 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 171 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 10 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:21,257 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [39 Valid, 171 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 10 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-16 01:01:21,258 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 315 states. [2021-12-16 01:01:21,276 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 315 to 315. [2021-12-16 01:01:21,278 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 315 states, 250 states have (on average 1.248) internal successors, (312), 265 states have internal predecessors, (312), 36 states have call successors, (36), 30 states have call predecessors, (36), 28 states have return successors, (40), 34 states have call predecessors, (40), 36 states have call successors, (40) [2021-12-16 01:01:21,279 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 315 states to 315 states and 388 transitions. [2021-12-16 01:01:21,280 INFO L78 Accepts]: Start accepts. Automaton has 315 states and 388 transitions. Word has length 51 [2021-12-16 01:01:21,281 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:21,281 INFO L470 AbstractCegarLoop]: Abstraction has 315 states and 388 transitions. [2021-12-16 01:01:21,281 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-16 01:01:21,281 INFO L276 IsEmpty]: Start isEmpty. Operand 315 states and 388 transitions. [2021-12-16 01:01:21,283 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2021-12-16 01:01:21,283 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:21,283 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:21,283 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2021-12-16 01:01:21,283 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:21,284 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:21,284 INFO L85 PathProgramCache]: Analyzing trace with hash -1427287338, now seen corresponding path program 1 times [2021-12-16 01:01:21,285 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:21,285 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [28015045] [2021-12-16 01:01:21,286 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:21,286 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:21,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,395 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-16 01:01:21,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2021-12-16 01:01:21,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2021-12-16 01:01:21,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,442 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-16 01:01:21,443 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:21,443 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [28015045] [2021-12-16 01:01:21,443 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [28015045] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:21,443 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:21,443 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2021-12-16 01:01:21,444 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1614544703] [2021-12-16 01:01:21,444 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:21,444 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2021-12-16 01:01:21,444 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:21,447 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2021-12-16 01:01:21,447 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2021-12-16 01:01:21,448 INFO L87 Difference]: Start difference. First operand 315 states and 388 transitions. Second operand has 8 states, 8 states have (on average 5.75) internal successors, (46), 7 states have internal predecessors, (46), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2021-12-16 01:01:21,703 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:21,704 INFO L93 Difference]: Finished difference Result 1078 states and 1373 transitions. [2021-12-16 01:01:21,704 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2021-12-16 01:01:21,705 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.75) internal successors, (46), 7 states have internal predecessors, (46), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 55 [2021-12-16 01:01:21,705 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:21,709 INFO L225 Difference]: With dead ends: 1078 [2021-12-16 01:01:21,709 INFO L226 Difference]: Without dead ends: 865 [2021-12-16 01:01:21,710 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 21 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 17 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=56, Invalid=154, Unknown=0, NotChecked=0, Total=210 [2021-12-16 01:01:21,711 INFO L933 BasicCegarLoop]: 141 mSDtfsCounter, 292 mSDsluCounter, 473 mSDsCounter, 0 mSdLazyCounter, 214 mSolverCounterSat, 61 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 301 SdHoareTripleChecker+Valid, 614 SdHoareTripleChecker+Invalid, 275 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 61 IncrementalHoareTripleChecker+Valid, 214 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:21,711 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [301 Valid, 614 Invalid, 275 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [61 Valid, 214 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2021-12-16 01:01:21,712 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 865 states. [2021-12-16 01:01:21,765 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 865 to 801. [2021-12-16 01:01:21,767 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 801 states, 640 states have (on average 1.23125) internal successors, (788), 683 states have internal predecessors, (788), 88 states have call successors, (88), 66 states have call predecessors, (88), 72 states have return successors, (108), 84 states have call predecessors, (108), 88 states have call successors, (108) [2021-12-16 01:01:21,771 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 801 states to 801 states and 984 transitions. [2021-12-16 01:01:21,771 INFO L78 Accepts]: Start accepts. Automaton has 801 states and 984 transitions. Word has length 55 [2021-12-16 01:01:21,772 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:21,772 INFO L470 AbstractCegarLoop]: Abstraction has 801 states and 984 transitions. [2021-12-16 01:01:21,772 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.75) internal successors, (46), 7 states have internal predecessors, (46), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2021-12-16 01:01:21,773 INFO L276 IsEmpty]: Start isEmpty. Operand 801 states and 984 transitions. [2021-12-16 01:01:21,774 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2021-12-16 01:01:21,774 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:21,775 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:21,775 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2021-12-16 01:01:21,775 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:21,775 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:21,776 INFO L85 PathProgramCache]: Analyzing trace with hash -616604212, now seen corresponding path program 1 times [2021-12-16 01:01:21,776 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:21,776 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1065391424] [2021-12-16 01:01:21,776 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:21,776 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:21,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,813 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-16 01:01:21,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2021-12-16 01:01:21,831 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-16 01:01:21,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2021-12-16 01:01:21,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,870 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2021-12-16 01:01:21,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:21,872 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2021-12-16 01:01:21,873 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:21,873 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1065391424] [2021-12-16 01:01:21,873 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1065391424] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-16 01:01:21,873 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-16 01:01:21,873 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2021-12-16 01:01:21,873 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [645139546] [2021-12-16 01:01:21,874 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-16 01:01:21,874 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2021-12-16 01:01:21,874 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:21,874 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2021-12-16 01:01:21,875 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2021-12-16 01:01:21,875 INFO L87 Difference]: Start difference. First operand 801 states and 984 transitions. Second operand has 6 states, 6 states have (on average 11.666666666666666) internal successors, (70), 4 states have internal predecessors, (70), 3 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2021-12-16 01:01:22,064 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:22,064 INFO L93 Difference]: Finished difference Result 1364 states and 1672 transitions. [2021-12-16 01:01:22,064 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2021-12-16 01:01:22,065 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.666666666666666) internal successors, (70), 4 states have internal predecessors, (70), 3 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) Word has length 85 [2021-12-16 01:01:22,066 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:22,068 INFO L225 Difference]: With dead ends: 1364 [2021-12-16 01:01:22,069 INFO L226 Difference]: Without dead ends: 571 [2021-12-16 01:01:22,070 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 14 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=30, Invalid=60, Unknown=0, NotChecked=0, Total=90 [2021-12-16 01:01:22,072 INFO L933 BasicCegarLoop]: 131 mSDtfsCounter, 183 mSDsluCounter, 196 mSDsCounter, 0 mSdLazyCounter, 118 mSolverCounterSat, 51 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 190 SdHoareTripleChecker+Valid, 327 SdHoareTripleChecker+Invalid, 169 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 51 IncrementalHoareTripleChecker+Valid, 118 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:22,073 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [190 Valid, 327 Invalid, 169 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [51 Valid, 118 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-16 01:01:22,074 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 571 states. [2021-12-16 01:01:22,106 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 571 to 555. [2021-12-16 01:01:22,107 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 555 states, 441 states have (on average 1.217687074829932) internal successors, (537), 470 states have internal predecessors, (537), 62 states have call successors, (62), 48 states have call predecessors, (62), 51 states have return successors, (72), 59 states have call predecessors, (72), 62 states have call successors, (72) [2021-12-16 01:01:22,109 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 555 states to 555 states and 671 transitions. [2021-12-16 01:01:22,110 INFO L78 Accepts]: Start accepts. Automaton has 555 states and 671 transitions. Word has length 85 [2021-12-16 01:01:22,110 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:22,111 INFO L470 AbstractCegarLoop]: Abstraction has 555 states and 671 transitions. [2021-12-16 01:01:22,111 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.666666666666666) internal successors, (70), 4 states have internal predecessors, (70), 3 states have call successors, (6), 4 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2021-12-16 01:01:22,111 INFO L276 IsEmpty]: Start isEmpty. Operand 555 states and 671 transitions. [2021-12-16 01:01:22,112 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 88 [2021-12-16 01:01:22,112 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:22,112 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:22,113 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2021-12-16 01:01:22,113 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:22,113 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:22,114 INFO L85 PathProgramCache]: Analyzing trace with hash 1396479385, now seen corresponding path program 1 times [2021-12-16 01:01:22,114 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:22,114 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [251385008] [2021-12-16 01:01:22,114 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:22,114 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:22,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-16 01:01:22,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,213 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2021-12-16 01:01:22,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-16 01:01:22,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2021-12-16 01:01:22,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2021-12-16 01:01:22,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,249 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2021-12-16 01:01:22,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,251 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 16 proven. 9 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2021-12-16 01:01:22,252 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:22,252 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [251385008] [2021-12-16 01:01:22,252 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [251385008] provided 0 perfect and 1 imperfect interpolant sequences [2021-12-16 01:01:22,252 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1566422136] [2021-12-16 01:01:22,252 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:22,253 INFO L168 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2021-12-16 01:01:22,253 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-16 01:01:22,254 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2021-12-16 01:01:22,275 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2021-12-16 01:01:22,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:22,380 INFO L263 TraceCheckSpWp]: Trace formula consists of 454 conjuncts, 8 conjunts are in the unsatisfiable core [2021-12-16 01:01:22,386 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2021-12-16 01:01:22,657 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 23 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2021-12-16 01:01:22,657 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2021-12-16 01:01:22,891 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 6 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2021-12-16 01:01:22,891 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1566422136] provided 0 perfect and 2 imperfect interpolant sequences [2021-12-16 01:01:22,891 INFO L186 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2021-12-16 01:01:22,891 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 6, 6] total 14 [2021-12-16 01:01:22,892 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [502309246] [2021-12-16 01:01:22,892 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2021-12-16 01:01:22,892 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2021-12-16 01:01:22,892 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:22,893 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2021-12-16 01:01:22,893 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=149, Unknown=0, NotChecked=0, Total=182 [2021-12-16 01:01:22,893 INFO L87 Difference]: Start difference. First operand 555 states and 671 transitions. Second operand has 14 states, 14 states have (on average 7.642857142857143) internal successors, (107), 10 states have internal predecessors, (107), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 6 states have call successors, (13) [2021-12-16 01:01:23,692 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:23,692 INFO L93 Difference]: Finished difference Result 1146 states and 1418 transitions. [2021-12-16 01:01:23,692 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 36 states. [2021-12-16 01:01:23,692 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 7.642857142857143) internal successors, (107), 10 states have internal predecessors, (107), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 6 states have call successors, (13) Word has length 87 [2021-12-16 01:01:23,693 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:23,695 INFO L225 Difference]: With dead ends: 1146 [2021-12-16 01:01:23,695 INFO L226 Difference]: Without dead ends: 678 [2021-12-16 01:01:23,697 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 233 GetRequests, 190 SyntacticMatches, 1 SemanticMatches, 42 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 481 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=393, Invalid=1499, Unknown=0, NotChecked=0, Total=1892 [2021-12-16 01:01:23,698 INFO L933 BasicCegarLoop]: 189 mSDtfsCounter, 400 mSDsluCounter, 904 mSDsCounter, 0 mSdLazyCounter, 562 mSolverCounterSat, 176 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 405 SdHoareTripleChecker+Valid, 1093 SdHoareTripleChecker+Invalid, 738 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 176 IncrementalHoareTripleChecker+Valid, 562 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:23,699 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [405 Valid, 1093 Invalid, 738 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [176 Valid, 562 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2021-12-16 01:01:23,699 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 678 states. [2021-12-16 01:01:23,728 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 678 to 590. [2021-12-16 01:01:23,729 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 590 states, 459 states have (on average 1.2026143790849673) internal successors, (552), 491 states have internal predecessors, (552), 71 states have call successors, (71), 60 states have call predecessors, (71), 59 states have return successors, (77), 62 states have call predecessors, (77), 71 states have call successors, (77) [2021-12-16 01:01:23,731 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 590 states to 590 states and 700 transitions. [2021-12-16 01:01:23,731 INFO L78 Accepts]: Start accepts. Automaton has 590 states and 700 transitions. Word has length 87 [2021-12-16 01:01:23,732 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:23,732 INFO L470 AbstractCegarLoop]: Abstraction has 590 states and 700 transitions. [2021-12-16 01:01:23,732 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 7.642857142857143) internal successors, (107), 10 states have internal predecessors, (107), 6 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 6 states have call successors, (13) [2021-12-16 01:01:23,732 INFO L276 IsEmpty]: Start isEmpty. Operand 590 states and 700 transitions. [2021-12-16 01:01:23,739 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 187 [2021-12-16 01:01:23,739 INFO L506 BasicCegarLoop]: Found error trace [2021-12-16 01:01:23,739 INFO L514 BasicCegarLoop]: trace histogram [6, 6, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:23,764 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2021-12-16 01:01:23,955 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2021-12-16 01:01:23,956 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-16 01:01:23,956 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-16 01:01:23,956 INFO L85 PathProgramCache]: Analyzing trace with hash -104600478, now seen corresponding path program 1 times [2021-12-16 01:01:23,956 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-16 01:01:23,956 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [77492444] [2021-12-16 01:01:23,956 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:23,957 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-16 01:01:23,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-16 01:01:24,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2021-12-16 01:01:24,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,053 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-16 01:01:24,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,056 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2021-12-16 01:01:24,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-16 01:01:24,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-16 01:01:24,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2021-12-16 01:01:24,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,070 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-16 01:01:24,070 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,071 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-16 01:01:24,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2021-12-16 01:01:24,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-16 01:01:24,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,096 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 154 [2021-12-16 01:01:24,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,099 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 178 [2021-12-16 01:01:24,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,103 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 101 proven. 6 refuted. 0 times theorem prover too weak. 170 trivial. 0 not checked. [2021-12-16 01:01:24,103 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-16 01:01:24,103 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [77492444] [2021-12-16 01:01:24,103 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [77492444] provided 0 perfect and 1 imperfect interpolant sequences [2021-12-16 01:01:24,103 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1692968574] [2021-12-16 01:01:24,103 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-16 01:01:24,103 INFO L168 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2021-12-16 01:01:24,104 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-16 01:01:24,104 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2021-12-16 01:01:24,112 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2021-12-16 01:01:24,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-16 01:01:24,231 INFO L263 TraceCheckSpWp]: Trace formula consists of 721 conjuncts, 13 conjunts are in the unsatisfiable core [2021-12-16 01:01:24,236 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2021-12-16 01:01:24,633 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 181 proven. 4 refuted. 0 times theorem prover too weak. 92 trivial. 0 not checked. [2021-12-16 01:01:24,633 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2021-12-16 01:01:25,238 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 118 proven. 61 refuted. 0 times theorem prover too weak. 98 trivial. 0 not checked. [2021-12-16 01:01:25,238 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1692968574] provided 0 perfect and 2 imperfect interpolant sequences [2021-12-16 01:01:25,238 INFO L186 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2021-12-16 01:01:25,238 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 10, 11] total 24 [2021-12-16 01:01:25,238 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1153370482] [2021-12-16 01:01:25,238 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2021-12-16 01:01:25,239 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 24 states [2021-12-16 01:01:25,239 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-16 01:01:25,240 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 24 interpolants. [2021-12-16 01:01:25,240 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=114, Invalid=438, Unknown=0, NotChecked=0, Total=552 [2021-12-16 01:01:25,240 INFO L87 Difference]: Start difference. First operand 590 states and 700 transitions. Second operand has 24 states, 24 states have (on average 9.875) internal successors, (237), 21 states have internal predecessors, (237), 9 states have call successors, (21), 8 states have call predecessors, (21), 9 states have return successors, (23), 8 states have call predecessors, (23), 9 states have call successors, (23) [2021-12-16 01:01:25,831 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-16 01:01:25,831 INFO L93 Difference]: Finished difference Result 1368 states and 1665 transitions. [2021-12-16 01:01:25,832 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2021-12-16 01:01:25,832 INFO L78 Accepts]: Start accepts. Automaton has has 24 states, 24 states have (on average 9.875) internal successors, (237), 21 states have internal predecessors, (237), 9 states have call successors, (21), 8 states have call predecessors, (21), 9 states have return successors, (23), 8 states have call predecessors, (23), 9 states have call successors, (23) Word has length 186 [2021-12-16 01:01:25,832 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-16 01:01:25,833 INFO L225 Difference]: With dead ends: 1368 [2021-12-16 01:01:25,833 INFO L226 Difference]: Without dead ends: 0 [2021-12-16 01:01:25,836 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 428 GetRequests, 387 SyntacticMatches, 3 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 248 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=346, Invalid=1214, Unknown=0, NotChecked=0, Total=1560 [2021-12-16 01:01:25,837 INFO L933 BasicCegarLoop]: 128 mSDtfsCounter, 450 mSDsluCounter, 1002 mSDsCounter, 0 mSdLazyCounter, 621 mSolverCounterSat, 138 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 453 SdHoareTripleChecker+Valid, 1130 SdHoareTripleChecker+Invalid, 759 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 138 IncrementalHoareTripleChecker+Valid, 621 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2021-12-16 01:01:25,837 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [453 Valid, 1130 Invalid, 759 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [138 Valid, 621 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2021-12-16 01:01:25,837 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2021-12-16 01:01:25,838 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2021-12-16 01:01:25,838 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2021-12-16 01:01:25,838 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2021-12-16 01:01:25,838 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 186 [2021-12-16 01:01:25,838 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-16 01:01:25,838 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2021-12-16 01:01:25,839 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 24 states, 24 states have (on average 9.875) internal successors, (237), 21 states have internal predecessors, (237), 9 states have call successors, (21), 8 states have call predecessors, (21), 9 states have return successors, (23), 8 states have call predecessors, (23), 9 states have call successors, (23) [2021-12-16 01:01:25,839 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2021-12-16 01:01:25,839 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2021-12-16 01:01:25,841 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2021-12-16 01:01:25,865 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2021-12-16 01:01:26,055 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2021-12-16 01:01:26,057 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2021-12-16 01:01:30,911 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 556 562) no Hoare annotation was computed. [2021-12-16 01:01:30,912 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 556 562) the Hoare annotation is: true [2021-12-16 01:01:30,912 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 83 94) the Hoare annotation is: true [2021-12-16 01:01:30,912 INFO L858 garLoopResultBuilder]: For program point L87-1(lines 83 94) no Hoare annotation was computed. [2021-12-16 01:01:30,912 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 83 94) no Hoare annotation was computed. [2021-12-16 01:01:30,912 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 831 860) no Hoare annotation was computed. [2021-12-16 01:01:30,912 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 831 860) the Hoare annotation is: true [2021-12-16 01:01:30,913 INFO L861 garLoopResultBuilder]: At program point L856(lines 831 860) the Hoare annotation is: true [2021-12-16 01:01:30,913 INFO L858 garLoopResultBuilder]: For program point L852(line 852) no Hoare annotation was computed. [2021-12-16 01:01:30,913 INFO L858 garLoopResultBuilder]: For program point L845(lines 845 849) no Hoare annotation was computed. [2021-12-16 01:01:30,913 INFO L861 garLoopResultBuilder]: At program point L845-1(lines 845 849) the Hoare annotation is: true [2021-12-16 01:01:30,913 INFO L858 garLoopResultBuilder]: For program point L842(line 842) no Hoare annotation was computed. [2021-12-16 01:01:30,913 INFO L861 garLoopResultBuilder]: At program point L841-2(lines 841 855) the Hoare annotation is: true [2021-12-16 01:01:30,913 INFO L861 garLoopResultBuilder]: At program point L837(line 837) the Hoare annotation is: true [2021-12-16 01:01:30,913 INFO L858 garLoopResultBuilder]: For program point L837-1(line 837) no Hoare annotation was computed. [2021-12-16 01:01:30,913 INFO L858 garLoopResultBuilder]: For program point L543-1(lines 543 549) no Hoare annotation was computed. [2021-12-16 01:01:30,913 INFO L858 garLoopResultBuilder]: For program point L605(lines 605 611) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point L572(lines 572 580) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L854 garLoopResultBuilder]: At program point L605-2(lines 598 614) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (= ~systemActive~0 0))) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse1) (or .cse2 .cse3 .cse4) (or .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2 .cse4) (or .cse0 .cse1 .cse3) (let ((.cse6 (= ~waterLevel~0 2)) (.cse7 (= ~waterLevel~0 |old(~waterLevel~0)|))) (or .cse5 .cse2 (and .cse6 .cse7 (<= 1 ~pumpRunning~0)) .cse0 (and .cse6 .cse7 (= ~pumpRunning~0 0)))))) [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point L568(lines 568 585) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L854 garLoopResultBuilder]: At program point L630(lines 623 633) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (= ~systemActive~0 0))) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse1) (or .cse2 .cse3 .cse4) (or .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2 .cse4) (or .cse0 .cse1 .cse3) (or .cse5 .cse2 .cse0 (and (= ~waterLevel~0 2) (= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 0))))) [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point L688(lines 688 692) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point L688-2(lines 688 692) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point L969(lines 969 975) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 529 555) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point L932(line 932) no Hoare annotation was computed. [2021-12-16 01:01:30,914 INFO L854 garLoopResultBuilder]: At program point L953(lines 946 955) the Hoare annotation is: (let ((.cse7 (= ~waterLevel~0 |old(~waterLevel~0)|))) (let ((.cse3 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (and .cse7 (= ~pumpRunning~0 0))) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (and (<= 1 ~switchedOnBeforeTS~0) .cse7 (<= 1 ~pumpRunning~0))) (.cse6 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or (not (<= |old(~waterLevel~0)| 2)) .cse0 .cse1 (not (= ~systemActive~0 0))) (or .cse0 .cse2 .cse1 .cse3) (or (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse1 .cse6) (or .cse2 .cse4 .cse6 .cse5)))) [2021-12-16 01:01:30,914 INFO L858 garLoopResultBuilder]: For program point L536(lines 536 542) no Hoare annotation was computed. [2021-12-16 01:01:30,915 INFO L858 garLoopResultBuilder]: For program point L536-2(lines 532 554) no Hoare annotation was computed. [2021-12-16 01:01:30,915 INFO L854 garLoopResultBuilder]: At program point L594(lines 589 596) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (= ~systemActive~0 0))) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse1) (or .cse2 .cse3 .cse4) (or .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2 .cse4) (or .cse0 .cse1 .cse3) (or .cse5 .cse2 (and (= ~waterLevel~0 2) (= ~waterLevel~0 |old(~waterLevel~0)|) (<= 1 ~pumpRunning~0)) .cse0))) [2021-12-16 01:01:30,915 INFO L858 garLoopResultBuilder]: For program point L140(lines 140 146) no Hoare annotation was computed. [2021-12-16 01:01:30,915 INFO L854 garLoopResultBuilder]: At program point L966(line 966) the Hoare annotation is: (let ((.cse1 (<= 1 ~switchedOnBeforeTS~0)) (.cse13 (<= ~waterLevel~0 1)) (.cse2 (<= 1 ~pumpRunning~0)) (.cse3 (= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse4 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| ~waterLevel~0))) (let ((.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse8 (and (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1 .cse13 .cse2 .cse3 .cse4)) (.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse12 (not (<= |old(~waterLevel~0)| 2))) (.cse11 (not (= |old(~pumpRunning~0)| 0))) (.cse9 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse10 (= ~pumpRunning~0 0))) (and (or .cse0 (and .cse1 (= ~waterLevel~0 1) .cse2 .cse3 .cse4) .cse5 .cse6) (or (not (= |old(~waterLevel~0)| 1)) .cse7 .cse0 .cse8 .cse6) (or (and .cse9 .cse3 .cse10 .cse4) .cse0 .cse11 (not (<= |old(~waterLevel~0)| 1))) (or .cse0 .cse11 .cse5) (or .cse12 .cse7 .cse0 .cse8 (and .cse1 .cse9 .cse2 .cse3 .cse4) .cse6) (or .cse12 .cse11 (and .cse13 .cse9 .cse3 .cse10 .cse4) (not (= ~systemActive~0 0)))))) [2021-12-16 01:01:30,915 INFO L858 garLoopResultBuilder]: For program point L966-1(line 966) no Hoare annotation was computed. [2021-12-16 01:01:30,915 INFO L854 garLoopResultBuilder]: At program point L933(lines 928 935) the Hoare annotation is: (let ((.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= 1 ~systemActive~0))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= ~systemActive~0 0))) (.cse4 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse0 .cse4) (or .cse3 .cse4 .cse5) (or (not (<= |old(~waterLevel~0)| 2)) (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse3 .cse5) (or .cse3 .cse0 .cse1) (or .cse0 .cse2 .cse4))) [2021-12-16 01:01:30,916 INFO L854 garLoopResultBuilder]: At program point L132(lines 127 135) the Hoare annotation is: (let ((.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse10 (<= 1 ~pumpRunning~0)) (.cse9 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse11 (= |timeShift_getWaterLevel_#res#1| ~waterLevel~0))) (let ((.cse2 (not (<= |old(~waterLevel~0)| 1))) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (and .cse9 .cse11 (= ~pumpRunning~0 0))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse6 (and (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse8 (<= ~waterLevel~0 1) .cse10 .cse11)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3) (or (= ~waterLevel~0 1) .cse0 .cse4 .cse5) (or .cse0 .cse6 .cse4 .cse5) (or (not (<= |old(~waterLevel~0)| 2)) .cse1 .cse3 (not (= ~systemActive~0 0))) (or .cse7 .cse0 .cse6 (and .cse8 .cse9 .cse10 .cse11) .cse2 .cse5) (or .cse0 .cse1 (and .cse9 .cse10 .cse11) .cse3 .cse4) (or (not (= |old(~waterLevel~0)| 1)) .cse7 .cse0 .cse6 .cse5)))) [2021-12-16 01:01:30,916 INFO L854 garLoopResultBuilder]: At program point L578(line 578) the Hoare annotation is: (let ((.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (and (= |timeShift_processEnvironment_~tmp~3#1| 0) (= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= ~systemActive~0 0))) (.cse5 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse0 .cse4 .cse5) (or .cse3 .cse0 .cse1 .cse4) (or .cse3 .cse5 .cse6) (or (not (<= |old(~waterLevel~0)| 2)) (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse3 .cse6) (or .cse0 .cse2 .cse5))) [2021-12-16 01:01:30,916 INFO L854 garLoopResultBuilder]: At program point L694(lines 679 697) the Hoare annotation is: (let ((.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= ~systemActive~0 0))) (.cse6 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse1) (let ((.cse4 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse5 (= ~pumpRunning~0 0))) (or .cse2 .cse3 (and (not (= 0 |timeShift_isHighWaterLevel_~tmp~5#1|)) (= |timeShift_isHighWaterLevel_~tmp___0~0#1| 0) .cse4 (= |timeShift_isHighWaterLevel_#res#1| 0) .cse5) .cse0 (and (= ~waterLevel~0 2) .cse4 .cse5))) (or .cse3 .cse6 .cse7) (or .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse3 .cse7) (or .cse0 .cse1 .cse6))) [2021-12-16 01:01:30,916 INFO L854 garLoopResultBuilder]: At program point L145(lines 136 149) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (= ~systemActive~0 0))) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse1) (or .cse2 .cse3 .cse4) (or .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2 .cse4) (or .cse0 .cse1 .cse3) (let ((.cse6 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse7 (= ~pumpRunning~0 0))) (or .cse5 (and .cse6 (not (= 0 |timeShift_isHighWaterSensorDry_#res#1|)) .cse7) .cse2 .cse0 (and (= ~waterLevel~0 2) .cse6 .cse7))))) [2021-12-16 01:01:30,916 INFO L854 garLoopResultBuilder]: At program point L583(line 583) the Hoare annotation is: (let ((.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse9 (<= 1 ~pumpRunning~0))) (let ((.cse7 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse6 (and (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse8 (<= ~waterLevel~0 1) .cse9)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= 1 ~systemActive~0))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= ~systemActive~0 0))) (.cse4 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or (= ~waterLevel~0 1) .cse3 .cse4 .cse5) (or .cse3 .cse0 .cse4) (or .cse3 .cse6 .cse4 .cse5) (or (not (= |old(~waterLevel~0)| 1)) .cse7 .cse3 .cse6 .cse5) (or .cse7 .cse3 .cse1 (and .cse8 (= ~waterLevel~0 |old(~waterLevel~0)|) .cse9) .cse6 .cse5) (or .cse3 .cse0 .cse1) (or .cse0 .cse2 .cse4)))) [2021-12-16 01:01:30,917 INFO L854 garLoopResultBuilder]: At program point L583-1(lines 564 588) the Hoare annotation is: (let ((.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (<= 1 ~pumpRunning~0)) (.cse3 (= ~waterLevel~0 |old(~waterLevel~0)|))) (let ((.cse5 (and .cse3 (= ~pumpRunning~0 0))) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse6 (not (= 1 ~systemActive~0))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (and (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse11 (<= ~waterLevel~0 1) .cse4)) (.cse8 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= ~systemActive~0 0))) (.cse7 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or (and .cse3 .cse4) .cse5 .cse6 .cse0 .cse7) (or (= ~waterLevel~0 1) .cse6 .cse7 .cse8) (or .cse5 .cse6 .cse0 .cse1) (or .cse6 .cse9 .cse7 .cse8) (or (not (= |old(~waterLevel~0)| 1)) .cse10 .cse6 .cse9 .cse8) (or .cse10 .cse6 .cse1 (and .cse11 .cse3 .cse4) .cse9 .cse8) (or .cse0 .cse2 .cse7)))) [2021-12-16 01:01:30,917 INFO L854 garLoopResultBuilder]: At program point L100(lines 95 103) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (= ~systemActive~0 0))) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse1) (or .cse2 .cse3 .cse4) (or .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2 .cse4) (or .cse0 .cse1 .cse3) (or .cse5 .cse2 .cse0 (and (= ~waterLevel~0 2) (= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 0))))) [2021-12-16 01:01:30,917 INFO L858 garLoopResultBuilder]: For program point L63(lines 63 67) no Hoare annotation was computed. [2021-12-16 01:01:30,917 INFO L854 garLoopResultBuilder]: At program point L63-2(lines 59 70) the Hoare annotation is: (let ((.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse9 (<= 1 ~pumpRunning~0))) (let ((.cse7 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse6 (and (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse8 (<= ~waterLevel~0 1) .cse9)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= 1 ~systemActive~0))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= ~systemActive~0 0))) (.cse4 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or (= ~waterLevel~0 1) .cse3 .cse4 .cse5) (or .cse3 .cse0 .cse4) (or .cse3 .cse6 .cse4 .cse5) (or (not (= |old(~waterLevel~0)| 1)) .cse7 .cse3 .cse6 .cse5) (or .cse7 .cse3 .cse1 (and .cse8 (= ~waterLevel~0 |old(~waterLevel~0)|) .cse9) .cse6 .cse5) (or .cse3 .cse0 .cse1) (or .cse0 .cse2 .cse4)))) [2021-12-16 01:01:30,917 INFO L854 garLoopResultBuilder]: At program point L951(line 951) the Hoare annotation is: (let ((.cse8 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse9 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|))) (let ((.cse2 (not (= ~systemActive~0 0))) (.cse0 (and .cse8 .cse9 (= ~pumpRunning~0 0))) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (<= |old(~waterLevel~0)| 1))) (.cse5 (not (= 1 ~systemActive~0))) (.cse6 (and .cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse9)) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse1 .cse4 .cse2) (or .cse0 .cse5 .cse1 .cse3) (or .cse0 .cse5 .cse1 .cse4) (or (not (<= |old(~waterLevel~0)| 2)) (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse5 .cse6 .cse7) (or .cse5 .cse6 .cse3 .cse7)))) [2021-12-16 01:01:30,917 INFO L858 garLoopResultBuilder]: For program point L951-1(line 951) no Hoare annotation was computed. [2021-12-16 01:01:30,918 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 529 555) the Hoare annotation is: (let ((.cse8 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse9 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|))) (let ((.cse2 (not (= ~systemActive~0 0))) (.cse0 (and .cse8 .cse9 (= ~pumpRunning~0 0))) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (<= |old(~waterLevel~0)| 1))) (.cse5 (not (= 1 ~systemActive~0))) (.cse6 (and .cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse9)) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse1 .cse4 .cse2) (or .cse0 .cse5 .cse1 .cse3) (or .cse0 .cse5 .cse1 .cse4) (or (not (<= |old(~waterLevel~0)| 2)) (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse5 .cse6 .cse7) (or .cse5 .cse6 .cse3 .cse7)))) [2021-12-16 01:01:30,918 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 529 555) no Hoare annotation was computed. [2021-12-16 01:01:30,918 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 932) no Hoare annotation was computed. [2021-12-16 01:01:30,918 INFO L858 garLoopResultBuilder]: For program point L968(lines 968 978) no Hoare annotation was computed. [2021-12-16 01:01:30,918 INFO L858 garLoopResultBuilder]: For program point L964(lines 964 981) no Hoare annotation was computed. [2021-12-16 01:01:30,918 INFO L854 garLoopResultBuilder]: At program point L964-1(lines 956 984) the Hoare annotation is: (let ((.cse3 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (<= 1 ~pumpRunning~0)) (.cse5 (= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse6 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| ~waterLevel~0))) (let ((.cse7 (not (= |old(~waterLevel~0)| 2))) (.cse11 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse1 (not (= 1 ~systemActive~0))) (.cse12 (and (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse8 (<= ~waterLevel~0 1) .cse4 .cse5 .cse6)) (.cse10 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (and .cse3 .cse5 (= ~pumpRunning~0 0) .cse6)) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5 .cse6) .cse7) (or .cse1 (and .cse8 (= ~waterLevel~0 1) .cse4 .cse5 .cse6) .cse7 .cse9) (or .cse0 .cse1 .cse2 .cse10) (or (not (= |old(~waterLevel~0)| 1)) .cse11 .cse1 .cse12 .cse9) (or .cse11 .cse1 .cse12 .cse10 (and .cse8 .cse3 .cse4 .cse5 .cse6) .cse9) (or (not (<= |old(~waterLevel~0)| 2)) .cse0 .cse2 (not (= ~systemActive~0 0)))))) [2021-12-16 01:01:30,919 INFO L861 garLoopResultBuilder]: At program point L923(lines 904 926) the Hoare annotation is: true [2021-12-16 01:01:30,919 INFO L854 garLoopResultBuilder]: At program point L783(lines 732 784) the Hoare annotation is: false [2021-12-16 01:01:30,919 INFO L858 garLoopResultBuilder]: For program point L771(lines 771 777) no Hoare annotation was computed. [2021-12-16 01:01:30,919 INFO L854 garLoopResultBuilder]: At program point L771-2(lines 763 778) the Hoare annotation is: (let ((.cse5 (= ~systemActive~0 0)) (.cse3 (= ~pumpRunning~0 0)) (.cse4 (= ~waterLevel~0 2)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse1 (<= ~waterLevel~0 2)) (.cse2 (= ~systemActive~0 1))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse5 .cse3) (and .cse0 (<= ~waterLevel~0 1) .cse5 .cse3) (and .cse0 .cse4 .cse6 .cse2) (and .cse0 (<= 1 ~switchedOnBeforeTS~0) .cse6 .cse1 .cse2))) [2021-12-16 01:01:30,919 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2021-12-16 01:01:30,919 INFO L858 garLoopResultBuilder]: For program point L734(lines 733 782) no Hoare annotation was computed. [2021-12-16 01:01:30,919 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2021-12-16 01:01:30,920 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2021-12-16 01:01:30,920 INFO L858 garLoopResultBuilder]: For program point L763(lines 763 778) no Hoare annotation was computed. [2021-12-16 01:01:30,920 INFO L854 garLoopResultBuilder]: At program point L825(lines 820 828) the Hoare annotation is: (and (= ~waterLevel~0 1) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-16 01:01:30,920 INFO L854 garLoopResultBuilder]: At program point L755(line 755) the Hoare annotation is: (let ((.cse5 (= ~systemActive~0 0)) (.cse3 (= ~pumpRunning~0 0)) (.cse4 (= ~waterLevel~0 2)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse1 (<= ~waterLevel~0 2)) (.cse2 (= ~systemActive~0 1))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse5 .cse3) (and .cse0 (<= ~waterLevel~0 1) .cse5 .cse3) (and .cse0 .cse4 .cse6 .cse2) (and .cse0 (<= 1 ~switchedOnBeforeTS~0) .cse6 .cse1 .cse2))) [2021-12-16 01:01:30,920 INFO L854 garLoopResultBuilder]: At program point L817(lines 813 819) the Hoare annotation is: (and (= ~waterLevel~0 1) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-16 01:01:30,920 INFO L854 garLoopResultBuilder]: At program point L718(lines 713 720) the Hoare annotation is: (let ((.cse1 (<= ~waterLevel~0 2)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= 1 ~pumpRunning~0)) (.cse2 (= ~systemActive~0 1))) (or (and .cse0 .cse1 .cse2 (= ~pumpRunning~0 0)) (and .cse0 (<= 1 ~switchedOnBeforeTS~0) .cse3 .cse1 .cse2) (and .cse0 (= ~waterLevel~0 2) .cse3 .cse2))) [2021-12-16 01:01:30,920 INFO L854 garLoopResultBuilder]: At program point L780(lines 733 782) the Hoare annotation is: (let ((.cse6 (= ~systemActive~0 0)) (.cse1 (<= ~waterLevel~0 1)) (.cse5 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= ~waterLevel~0 2)) (.cse2 (<= 1 ~pumpRunning~0)) (.cse3 (= ~systemActive~0 1))) (or (and .cse0 (<= 1 ~switchedOnBeforeTS~0) .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse3 .cse5) (and .cse0 .cse4 .cse6 .cse5) (and .cse0 .cse1 .cse6 .cse5) (and .cse0 .cse1 .cse3 .cse5) (and .cse0 .cse4 .cse2 .cse3))) [2021-12-16 01:01:30,921 INFO L858 garLoopResultBuilder]: For program point L743(lines 743 749) no Hoare annotation was computed. [2021-12-16 01:01:30,921 INFO L858 garLoopResultBuilder]: For program point L743-1(lines 743 749) no Hoare annotation was computed. [2021-12-16 01:01:30,921 INFO L854 garLoopResultBuilder]: At program point L710(lines 698 712) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse1 (= ~systemActive~0 0)) (.cse2 (= ~pumpRunning~0 0))) (or (and .cse0 (= ~waterLevel~0 2) .cse1 .cse2) (and .cse0 (<= ~waterLevel~0 1) .cse1 .cse2))) [2021-12-16 01:01:30,921 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2021-12-16 01:01:30,921 INFO L858 garLoopResultBuilder]: For program point L735(lines 735 739) no Hoare annotation was computed. [2021-12-16 01:01:30,921 INFO L858 garLoopResultBuilder]: For program point L702(lines 702 708) no Hoare annotation was computed. [2021-12-16 01:01:30,921 INFO L858 garLoopResultBuilder]: For program point L702-2(lines 702 708) no Hoare annotation was computed. [2021-12-16 01:01:30,922 INFO L854 garLoopResultBuilder]: At program point L620(lines 615 622) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse1 (= ~pumpRunning~0 0)) (.cse2 (= 1 ~systemActive~0))) (or (and .cse0 (not (= 0 ~switchedOnBeforeTS~0)) (<= ~waterLevel~0 1) .cse1 .cse2) (and .cse0 (= ~waterLevel~0 2) .cse1 .cse2))) [2021-12-16 01:01:30,922 INFO L854 garLoopResultBuilder]: At program point L810(lines 806 812) the Hoare annotation is: (and (= ~waterLevel~0 1) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-16 01:01:30,922 INFO L861 garLoopResultBuilder]: At program point L901(lines 893 903) the Hoare annotation is: true [2021-12-16 01:01:30,922 INFO L854 garLoopResultBuilder]: At program point L889(lines 885 891) the Hoare annotation is: (and (= ~waterLevel~0 1) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-16 01:01:30,922 INFO L858 garLoopResultBuilder]: For program point L914(lines 914 921) no Hoare annotation was computed. [2021-12-16 01:01:30,922 INFO L861 garLoopResultBuilder]: At program point L786(lines 723 790) the Hoare annotation is: true [2021-12-16 01:01:30,922 INFO L858 garLoopResultBuilder]: For program point L753(lines 753 759) no Hoare annotation was computed. [2021-12-16 01:01:30,923 INFO L858 garLoopResultBuilder]: For program point L753-1(lines 753 759) no Hoare annotation was computed. [2021-12-16 01:01:30,923 INFO L858 garLoopResultBuilder]: For program point L914-2(lines 914 921) no Hoare annotation was computed. [2021-12-16 01:01:30,923 INFO L854 garLoopResultBuilder]: At program point L943(lines 938 945) the Hoare annotation is: (and (= ~waterLevel~0 1) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-16 01:01:30,923 INFO L854 garLoopResultBuilder]: At program point L745(line 745) the Hoare annotation is: (let ((.cse6 (= ~systemActive~0 0)) (.cse1 (<= ~waterLevel~0 1)) (.cse5 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= ~waterLevel~0 2)) (.cse2 (<= 1 ~pumpRunning~0)) (.cse3 (= ~systemActive~0 1))) (or (and .cse0 (<= 1 ~switchedOnBeforeTS~0) .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse3 .cse5) (and .cse0 .cse4 .cse6 .cse5) (and .cse0 .cse1 .cse6 .cse5) (and .cse0 .cse1 .cse3 .cse5) (and .cse0 .cse4 .cse2 .cse3))) [2021-12-16 01:01:30,923 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 71 82) no Hoare annotation was computed. [2021-12-16 01:01:30,923 INFO L858 garLoopResultBuilder]: For program point L75-1(lines 71 82) no Hoare annotation was computed. [2021-12-16 01:01:30,923 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 71 82) the Hoare annotation is: (let ((.cse4 (not (= ~systemActive~0 0))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse5 (not (<= |old(~waterLevel~0)| 1))) (.cse1 (not (= 1 ~systemActive~0))) (.cse6 (not (<= 1 ~pumpRunning~0))) (.cse2 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse3 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse2 .cse4 .cse3) (or .cse0 .cse2 .cse5 .cse4) (or .cse0 .cse1 .cse2 .cse5) (or (not (<= 1 ~switchedOnBeforeTS~0)) .cse1 .cse6 .cse2 .cse5) (or .cse1 .cse6 .cse2 .cse3))) [2021-12-16 01:01:30,924 INFO L858 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 634 642) no Hoare annotation was computed. [2021-12-16 01:01:30,924 INFO L861 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 634 642) the Hoare annotation is: true [2021-12-16 01:01:30,924 INFO L858 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 634 642) no Hoare annotation was computed. [2021-12-16 01:01:30,927 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-16 01:01:30,928 INFO L179 ceAbstractionStarter]: Computing trace abstraction results [2021-12-16 01:01:30,959 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 16.12 01:01:30 BoogieIcfgContainer [2021-12-16 01:01:30,959 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2021-12-16 01:01:30,960 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2021-12-16 01:01:30,960 INFO L271 PluginConnector]: Initializing Witness Printer... [2021-12-16 01:01:30,960 INFO L275 PluginConnector]: Witness Printer initialized [2021-12-16 01:01:30,960 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.12 01:01:19" (3/4) ... [2021-12-16 01:01:30,963 INFO L137 WitnessPrinter]: Generating witness for correct program [2021-12-16 01:01:30,968 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2021-12-16 01:01:30,968 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2021-12-16 01:01:30,968 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2021-12-16 01:01:30,968 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2021-12-16 01:01:30,968 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2021-12-16 01:01:30,968 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2021-12-16 01:01:30,974 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 50 nodes and edges [2021-12-16 01:01:30,974 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2021-12-16 01:01:30,975 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2021-12-16 01:01:30,975 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2021-12-16 01:01:30,976 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2021-12-16 01:01:30,976 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2021-12-16 01:01:30,976 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2021-12-16 01:01:30,994 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(waterLevel) <= 2) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) || !(systemActive == 0)) && ((((waterLevel == \old(waterLevel) && pumpRunning == 0) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || !(\old(waterLevel) <= 1)) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((waterLevel == \old(waterLevel) && pumpRunning == 0) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && (((!(1 == systemActive) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning))) [2021-12-16 01:01:30,994 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && (((waterLevel == 1 || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && (((!(1 == systemActive) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || !(\old(waterLevel) <= 1)) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) [2021-12-16 01:01:30,995 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0) && tmp == waterLevel) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || (((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) == 2)) && (((!(1 == systemActive) || ((((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0) && tmp == waterLevel) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || (((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(1 <= \old(pumpRunning)))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || (((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 1)) || ((((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0) && tmp == waterLevel)) || !(\old(pumpRunning) == 0)) || !(systemActive == 0)) [2021-12-16 01:01:30,995 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && (((((waterLevel == \old(waterLevel) && 1 <= pumpRunning) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && (((waterLevel == 1 || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((waterLevel == \old(waterLevel) && pumpRunning == 0) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && (((!(1 == systemActive) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || !(\old(waterLevel) <= 1)) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) [2021-12-16 01:01:30,995 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) [2021-12-16 01:01:30,996 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1)) || ((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0)) && (((waterLevel == 1 || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(1 == systemActive) || ((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0)) || ((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0)) || !(systemActive == 0))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || ((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel)) || (((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && \result == waterLevel)) || !(\old(waterLevel) <= 1)) || !(1 <= \old(pumpRunning)))) && ((((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || ((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && \result == waterLevel)) || ((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || ((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel)) || !(1 <= \old(pumpRunning))) [2021-12-16 01:01:30,996 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 2) || ((waterLevel == \old(waterLevel) && !(0 == \result)) && pumpRunning == 0)) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) [2021-12-16 01:01:30,996 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || ((((!(0 == tmp) && tmp___0 == 0) && waterLevel == \old(waterLevel)) && \result == 0) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0))) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) [2021-12-16 01:01:30,996 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) [2021-12-16 01:01:30,997 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) [2021-12-16 01:01:30,997 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) [2021-12-16 01:01:30,997 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(\old(pumpRunning) == 0)) [2021-12-16 01:01:31,017 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2021-12-16 01:01:31,019 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2021-12-16 01:01:31,020 INFO L158 Benchmark]: Toolchain (without parser) took 12327.14ms. Allocated memory was 96.5MB in the beginning and 172.0MB in the end (delta: 75.5MB). Free memory was 63.9MB in the beginning and 90.5MB in the end (delta: -26.6MB). Peak memory consumption was 48.0MB. Max. memory is 16.1GB. [2021-12-16 01:01:31,020 INFO L158 Benchmark]: CDTParser took 0.09ms. Allocated memory is still 75.5MB. Free memory was 33.5MB in the beginning and 33.5MB in the end (delta: 31.5kB). There was no memory consumed. Max. memory is 16.1GB. [2021-12-16 01:01:31,021 INFO L158 Benchmark]: CACSL2BoogieTranslator took 443.05ms. Allocated memory is still 96.5MB. Free memory was 63.7MB in the beginning and 65.4MB in the end (delta: -1.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2021-12-16 01:01:31,021 INFO L158 Benchmark]: Boogie Procedure Inliner took 62.57ms. Allocated memory is still 96.5MB. Free memory was 65.4MB in the beginning and 62.8MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2021-12-16 01:01:31,021 INFO L158 Benchmark]: Boogie Preprocessor took 41.21ms. Allocated memory is still 96.5MB. Free memory was 62.8MB in the beginning and 61.6MB in the end (delta: 1.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2021-12-16 01:01:31,021 INFO L158 Benchmark]: RCFGBuilder took 411.80ms. Allocated memory is still 96.5MB. Free memory was 61.6MB in the beginning and 45.5MB in the end (delta: 16.1MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. [2021-12-16 01:01:31,022 INFO L158 Benchmark]: TraceAbstraction took 11299.41ms. Allocated memory was 96.5MB in the beginning and 172.0MB in the end (delta: 75.5MB). Free memory was 45.1MB in the beginning and 96.8MB in the end (delta: -51.7MB). Peak memory consumption was 77.7MB. Max. memory is 16.1GB. [2021-12-16 01:01:31,022 INFO L158 Benchmark]: Witness Printer took 60.05ms. Allocated memory is still 172.0MB. Free memory was 96.8MB in the beginning and 90.5MB in the end (delta: 6.4MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2021-12-16 01:01:31,024 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.09ms. Allocated memory is still 75.5MB. Free memory was 33.5MB in the beginning and 33.5MB in the end (delta: 31.5kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 443.05ms. Allocated memory is still 96.5MB. Free memory was 63.7MB in the beginning and 65.4MB in the end (delta: -1.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 62.57ms. Allocated memory is still 96.5MB. Free memory was 65.4MB in the beginning and 62.8MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 41.21ms. Allocated memory is still 96.5MB. Free memory was 62.8MB in the beginning and 61.6MB in the end (delta: 1.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 411.80ms. Allocated memory is still 96.5MB. Free memory was 61.6MB in the beginning and 45.5MB in the end (delta: 16.1MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. * TraceAbstraction took 11299.41ms. Allocated memory was 96.5MB in the beginning and 172.0MB in the end (delta: 75.5MB). Free memory was 45.1MB in the beginning and 96.8MB in the end (delta: -51.7MB). Peak memory consumption was 77.7MB. Max. memory is 16.1GB. * Witness Printer took 60.05ms. Allocated memory is still 172.0MB. Free memory was 96.8MB in the beginning and 90.5MB in the end (delta: 6.4MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 932]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 7 procedures, 89 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 11.2s, OverallIterations: 11, TraceHistogramMax: 6, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.4s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 4.9s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1736 SdHoareTripleChecker+Valid, 1.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1704 mSDsluCounter, 5031 SdHoareTripleChecker+Invalid, 0.9s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3718 mSDsCounter, 459 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1620 IncrementalHoareTripleChecker+Invalid, 2079 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 459 mSolverCounterUnsat, 1313 mSDtfsCounter, 1620 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 769 GetRequests, 642 SyntacticMatches, 4 SemanticMatches, 123 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 761 ImplicationChecksByTransitivity, 1.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=801occurred in iteration=8, InterpolantAutomatonStates: 113, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 11 MinimizatonAttempts, 283 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 42 LocationsWithAnnotation, 1825 PreInvPairs, 2082 NumberOfFragments, 2814 HoareAnnotationTreeSize, 1825 FomulaSimplifications, 8573 FormulaSimplificationTreeSizeReduction, 0.5s HoareSimplificationTime, 42 FomulaSimplificationsInter, 20397 FormulaSimplificationTreeSizeReductionInter, 4.3s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 2.4s InterpolantComputationTime, 983 NumberOfCodeBlocks, 983 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 1241 ConstructedInterpolants, 0 QuantifiedInterpolants, 2508 SizeOfPredicates, 6 NumberOfNonLiveVariables, 1175 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 15 InterpolantComputations, 9 PerfectInterpolantSequences, 880/973 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 698]: Loop Invariant Derived loop invariant: (((splverifierCounter == 0 && waterLevel == 2) && systemActive == 0) && pumpRunning == 0) || (((splverifierCounter == 0 && waterLevel <= 1) && systemActive == 0) && pumpRunning == 0) - InvariantResult [Line: 136]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 2) || ((waterLevel == \old(waterLevel) && !(0 == \result)) && pumpRunning == 0)) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) - InvariantResult [Line: 806]: Loop Invariant Derived loop invariant: (waterLevel == 1 && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 733]: Loop Invariant Derived loop invariant: ((((((((splverifierCounter == 0 && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && systemActive == 1) || (((splverifierCounter == 0 && waterLevel == 2) && systemActive == 1) && pumpRunning == 0)) || (((splverifierCounter == 0 && waterLevel == 2) && systemActive == 0) && pumpRunning == 0)) || (((splverifierCounter == 0 && waterLevel <= 1) && systemActive == 0) && pumpRunning == 0)) || (((splverifierCounter == 0 && waterLevel <= 1) && systemActive == 1) && pumpRunning == 0)) || (((splverifierCounter == 0 && waterLevel == 2) && 1 <= pumpRunning) && systemActive == 1) - InvariantResult [Line: 904]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 831]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 938]: Loop Invariant Derived loop invariant: (waterLevel == 1 && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 564]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && (((((waterLevel == \old(waterLevel) && 1 <= pumpRunning) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && (((waterLevel == 1 || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((waterLevel == \old(waterLevel) && pumpRunning == 0) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && (((!(1 == systemActive) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || !(\old(waterLevel) <= 1)) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) - InvariantResult [Line: 928]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) - InvariantResult [Line: 885]: Loop Invariant Derived loop invariant: (waterLevel == 1 && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 732]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 956]: Loop Invariant Derived loop invariant: (((((((((((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0) && tmp == waterLevel) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || (((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) == 2)) && (((!(1 == systemActive) || ((((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0) && tmp == waterLevel) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || (((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(1 <= \old(pumpRunning)))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || (((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 1)) || ((((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && \result == waterLevel) && tmp == waterLevel)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0) && tmp == waterLevel)) || !(\old(pumpRunning) == 0)) || !(systemActive == 0)) - InvariantResult [Line: 59]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && (((waterLevel == 1 || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && (((!(1 == systemActive) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || !(\old(waterLevel) <= 1)) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || (((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) - InvariantResult [Line: 723]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 598]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) - InvariantResult [Line: 95]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) - InvariantResult [Line: 615]: Loop Invariant Derived loop invariant: ((((splverifierCounter == 0 && !(0 == switchedOnBeforeTS)) && waterLevel <= 1) && pumpRunning == 0) && 1 == systemActive) || (((splverifierCounter == 0 && waterLevel == 2) && pumpRunning == 0) && 1 == systemActive) - InvariantResult [Line: 713]: Loop Invariant Derived loop invariant: ((((splverifierCounter == 0 && waterLevel <= 2) && systemActive == 1) && pumpRunning == 0) || ((((splverifierCounter == 0 && 1 <= switchedOnBeforeTS) && 1 <= pumpRunning) && waterLevel <= 2) && systemActive == 1)) || (((splverifierCounter == 0 && waterLevel == 2) && 1 <= pumpRunning) && systemActive == 1) - InvariantResult [Line: 820]: Loop Invariant Derived loop invariant: (waterLevel == 1 && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 623]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0)) - InvariantResult [Line: 813]: Loop Invariant Derived loop invariant: (waterLevel == 1 && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 127]: Loop Invariant Derived loop invariant: ((((((((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1)) || ((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0)) && (((waterLevel == 1 || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(1 == systemActive) || ((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0)) || ((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0)) || !(systemActive == 0))) && (((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || ((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel)) || (((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && \result == waterLevel)) || !(\old(waterLevel) <= 1)) || !(1 <= \old(pumpRunning)))) && ((((!(1 == systemActive) || !(\old(pumpRunning) == 0)) || ((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && \result == waterLevel)) || ((waterLevel == \old(waterLevel) && \result == waterLevel) && pumpRunning == 0)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || ((((waterLevel + 1 <= \old(waterLevel) && 1 <= switchedOnBeforeTS) && waterLevel <= 1) && 1 <= pumpRunning) && \result == waterLevel)) || !(1 <= \old(pumpRunning))) - InvariantResult [Line: 679]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || ((((!(0 == tmp) && tmp___0 == 0) && waterLevel == \old(waterLevel)) && \result == 0) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && pumpRunning == 0))) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2)) - InvariantResult [Line: 893]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 589]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 1)) || !(systemActive == 0)) && ((!(1 == systemActive) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || !(1 <= \old(switchedOnBeforeTS))) || !(1 == systemActive)) || !(1 <= \old(pumpRunning)))) && ((!(\old(pumpRunning) == 0) || !(systemActive == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 2) || !(1 == systemActive)) || ((waterLevel == 2 && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(\old(pumpRunning) == 0)) - InvariantResult [Line: 946]: Loop Invariant Derived loop invariant: ((((((!(\old(waterLevel) <= 2) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) || !(systemActive == 0)) && ((((waterLevel == \old(waterLevel) && pumpRunning == 0) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) <= 1))) && ((((!(1 <= \old(switchedOnBeforeTS)) || !(1 == systemActive)) || !(\old(waterLevel) <= 1)) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((waterLevel == \old(waterLevel) && pumpRunning == 0) || !(1 == systemActive)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2))) && (((!(1 == systemActive) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(\old(waterLevel) == 2)) || !(1 <= \old(pumpRunning))) - InvariantResult [Line: 841]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2021-12-16 01:01:31,086 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE