./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product36.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version c3fed411 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product36.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 06101f936f6436bac89af152aefce31c84cfc20ba80a5adfcf1af02faa2d4f3b --- Real Ultimate output --- This is Ultimate 0.2.2-tmp.no-commuhash-c3fed41 [2021-12-17 15:09:37,970 INFO L177 SettingsManager]: Resetting all preferences to default values... [2021-12-17 15:09:37,971 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2021-12-17 15:09:37,994 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2021-12-17 15:09:37,995 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2021-12-17 15:09:37,998 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2021-12-17 15:09:37,999 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2021-12-17 15:09:38,004 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2021-12-17 15:09:38,005 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2021-12-17 15:09:38,006 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2021-12-17 15:09:38,007 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2021-12-17 15:09:38,007 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2021-12-17 15:09:38,008 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2021-12-17 15:09:38,010 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2021-12-17 15:09:38,012 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2021-12-17 15:09:38,012 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2021-12-17 15:09:38,013 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2021-12-17 15:09:38,014 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2021-12-17 15:09:38,015 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2021-12-17 15:09:38,016 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2021-12-17 15:09:38,017 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2021-12-17 15:09:38,022 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2021-12-17 15:09:38,023 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2021-12-17 15:09:38,023 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2021-12-17 15:09:38,025 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2021-12-17 15:09:38,030 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2021-12-17 15:09:38,030 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2021-12-17 15:09:38,031 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2021-12-17 15:09:38,032 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2021-12-17 15:09:38,032 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2021-12-17 15:09:38,033 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2021-12-17 15:09:38,033 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2021-12-17 15:09:38,034 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2021-12-17 15:09:38,035 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2021-12-17 15:09:38,036 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2021-12-17 15:09:38,036 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2021-12-17 15:09:38,037 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2021-12-17 15:09:38,038 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2021-12-17 15:09:38,038 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2021-12-17 15:09:38,038 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2021-12-17 15:09:38,039 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2021-12-17 15:09:38,040 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2021-12-17 15:09:38,057 INFO L113 SettingsManager]: Loading preferences was successful [2021-12-17 15:09:38,057 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2021-12-17 15:09:38,058 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2021-12-17 15:09:38,058 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2021-12-17 15:09:38,058 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2021-12-17 15:09:38,058 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2021-12-17 15:09:38,059 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2021-12-17 15:09:38,059 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2021-12-17 15:09:38,059 INFO L138 SettingsManager]: * Use SBE=true [2021-12-17 15:09:38,059 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2021-12-17 15:09:38,060 INFO L138 SettingsManager]: * sizeof long=4 [2021-12-17 15:09:38,060 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2021-12-17 15:09:38,060 INFO L138 SettingsManager]: * sizeof POINTER=4 [2021-12-17 15:09:38,060 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2021-12-17 15:09:38,061 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2021-12-17 15:09:38,061 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2021-12-17 15:09:38,061 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2021-12-17 15:09:38,061 INFO L138 SettingsManager]: * sizeof long double=12 [2021-12-17 15:09:38,061 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2021-12-17 15:09:38,061 INFO L138 SettingsManager]: * Use constant arrays=true [2021-12-17 15:09:38,061 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2021-12-17 15:09:38,062 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2021-12-17 15:09:38,062 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2021-12-17 15:09:38,062 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2021-12-17 15:09:38,062 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2021-12-17 15:09:38,062 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2021-12-17 15:09:38,063 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2021-12-17 15:09:38,064 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2021-12-17 15:09:38,064 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2021-12-17 15:09:38,064 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2021-12-17 15:09:38,064 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2021-12-17 15:09:38,064 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2021-12-17 15:09:38,065 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2021-12-17 15:09:38,065 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2021-12-17 15:09:38,065 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 06101f936f6436bac89af152aefce31c84cfc20ba80a5adfcf1af02faa2d4f3b [2021-12-17 15:09:38,245 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2021-12-17 15:09:38,268 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2021-12-17 15:09:38,271 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2021-12-17 15:09:38,272 INFO L271 PluginConnector]: Initializing CDTParser... [2021-12-17 15:09:38,272 INFO L275 PluginConnector]: CDTParser initialized [2021-12-17 15:09:38,273 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product36.cil.c [2021-12-17 15:09:38,324 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/405eb0edd/8cc696c6247c430ea73b6a47971106fe/FLAGa2424fc56 [2021-12-17 15:09:38,714 INFO L306 CDTParser]: Found 1 translation units. [2021-12-17 15:09:38,714 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product36.cil.c [2021-12-17 15:09:38,722 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/405eb0edd/8cc696c6247c430ea73b6a47971106fe/FLAGa2424fc56 [2021-12-17 15:09:39,119 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/405eb0edd/8cc696c6247c430ea73b6a47971106fe [2021-12-17 15:09:39,121 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2021-12-17 15:09:39,123 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2021-12-17 15:09:39,125 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2021-12-17 15:09:39,125 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2021-12-17 15:09:39,127 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2021-12-17 15:09:39,127 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,128 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6983349c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39, skipping insertion in model container [2021-12-17 15:09:39,128 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,133 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2021-12-17 15:09:39,163 INFO L178 MainTranslator]: Built tables and reachable declarations [2021-12-17 15:09:39,298 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product36.cil.c[2141,2154] [2021-12-17 15:09:39,378 INFO L209 PostProcessor]: Analyzing one entry point: main [2021-12-17 15:09:39,388 INFO L203 MainTranslator]: Completed pre-run [2021-12-17 15:09:39,408 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product36.cil.c[2141,2154] [2021-12-17 15:09:39,471 INFO L209 PostProcessor]: Analyzing one entry point: main [2021-12-17 15:09:39,490 INFO L208 MainTranslator]: Completed translation [2021-12-17 15:09:39,491 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39 WrapperNode [2021-12-17 15:09:39,491 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2021-12-17 15:09:39,492 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2021-12-17 15:09:39,492 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2021-12-17 15:09:39,493 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2021-12-17 15:09:39,497 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,521 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,543 INFO L137 Inliner]: procedures = 56, calls = 155, calls flagged for inlining = 25, calls inlined = 21, statements flattened = 238 [2021-12-17 15:09:39,544 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2021-12-17 15:09:39,544 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2021-12-17 15:09:39,545 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2021-12-17 15:09:39,545 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2021-12-17 15:09:39,550 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,551 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,555 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,556 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,563 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,566 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,567 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,576 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2021-12-17 15:09:39,576 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2021-12-17 15:09:39,577 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2021-12-17 15:09:39,577 INFO L275 PluginConnector]: RCFGBuilder initialized [2021-12-17 15:09:39,577 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (1/1) ... [2021-12-17 15:09:39,583 INFO L168 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2021-12-17 15:09:39,591 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-17 15:09:39,601 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2021-12-17 15:09:39,603 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2021-12-17 15:09:39,627 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2021-12-17 15:09:39,627 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2021-12-17 15:09:39,627 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2021-12-17 15:09:39,627 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2021-12-17 15:09:39,628 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2021-12-17 15:09:39,628 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2021-12-17 15:09:39,628 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2021-12-17 15:09:39,628 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2021-12-17 15:09:39,628 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2021-12-17 15:09:39,628 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2021-12-17 15:09:39,628 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2021-12-17 15:09:39,628 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2021-12-17 15:09:39,629 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2021-12-17 15:09:39,629 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2021-12-17 15:09:39,629 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2021-12-17 15:09:39,629 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2021-12-17 15:09:39,698 INFO L236 CfgBuilder]: Building ICFG [2021-12-17 15:09:39,699 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2021-12-17 15:09:39,904 INFO L277 CfgBuilder]: Performing block encoding [2021-12-17 15:09:39,908 INFO L296 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2021-12-17 15:09:39,908 INFO L301 CfgBuilder]: Removed 2 assume(true) statements. [2021-12-17 15:09:39,910 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 17.12 03:09:39 BoogieIcfgContainer [2021-12-17 15:09:39,910 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2021-12-17 15:09:39,911 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2021-12-17 15:09:39,911 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2021-12-17 15:09:39,914 INFO L275 PluginConnector]: TraceAbstraction initialized [2021-12-17 15:09:39,914 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 17.12 03:09:39" (1/3) ... [2021-12-17 15:09:39,914 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5ea3ea03 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 17.12 03:09:39, skipping insertion in model container [2021-12-17 15:09:39,915 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.12 03:09:39" (2/3) ... [2021-12-17 15:09:39,915 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5ea3ea03 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 17.12 03:09:39, skipping insertion in model container [2021-12-17 15:09:39,915 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 17.12 03:09:39" (3/3) ... [2021-12-17 15:09:39,916 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product36.cil.c [2021-12-17 15:09:39,919 INFO L204 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2021-12-17 15:09:39,919 INFO L163 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2021-12-17 15:09:39,968 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2021-12-17 15:09:39,975 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2021-12-17 15:09:39,975 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2021-12-17 15:09:39,995 INFO L276 IsEmpty]: Start isEmpty. Operand has 85 states, 67 states have (on average 1.373134328358209) internal successors, (92), 73 states have internal predecessors, (92), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2021-12-17 15:09:40,000 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2021-12-17 15:09:40,000 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:40,001 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:40,001 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:40,004 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:40,005 INFO L85 PathProgramCache]: Analyzing trace with hash -1797931529, now seen corresponding path program 1 times [2021-12-17 15:09:40,010 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:40,011 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [374045895] [2021-12-17 15:09:40,012 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:40,013 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:40,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,157 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2021-12-17 15:09:40,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,175 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2021-12-17 15:09:40,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,190 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-17 15:09:40,191 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:40,192 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [374045895] [2021-12-17 15:09:40,192 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [374045895] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:40,193 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:40,193 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2021-12-17 15:09:40,194 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [221747442] [2021-12-17 15:09:40,195 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:40,198 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2021-12-17 15:09:40,198 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:40,215 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2021-12-17 15:09:40,216 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2021-12-17 15:09:40,217 INFO L87 Difference]: Start difference. First operand has 85 states, 67 states have (on average 1.373134328358209) internal successors, (92), 73 states have internal predecessors, (92), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-17 15:09:40,239 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:40,239 INFO L93 Difference]: Finished difference Result 161 states and 218 transitions. [2021-12-17 15:09:40,240 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2021-12-17 15:09:40,241 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2021-12-17 15:09:40,241 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:40,247 INFO L225 Difference]: With dead ends: 161 [2021-12-17 15:09:40,247 INFO L226 Difference]: Without dead ends: 76 [2021-12-17 15:09:40,250 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2021-12-17 15:09:40,252 INFO L933 BasicCegarLoop]: 106 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 106 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:40,253 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 106 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-17 15:09:40,264 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2021-12-17 15:09:40,279 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 76. [2021-12-17 15:09:40,279 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 76 states, 60 states have (on average 1.3) internal successors, (78), 65 states have internal predecessors, (78), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2021-12-17 15:09:40,281 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 76 states to 76 states and 97 transitions. [2021-12-17 15:09:40,281 INFO L78 Accepts]: Start accepts. Automaton has 76 states and 97 transitions. Word has length 32 [2021-12-17 15:09:40,282 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:40,282 INFO L470 AbstractCegarLoop]: Abstraction has 76 states and 97 transitions. [2021-12-17 15:09:40,282 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-17 15:09:40,282 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 97 transitions. [2021-12-17 15:09:40,284 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2021-12-17 15:09:40,284 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:40,284 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:40,284 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2021-12-17 15:09:40,284 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:40,285 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:40,285 INFO L85 PathProgramCache]: Analyzing trace with hash -1521544977, now seen corresponding path program 1 times [2021-12-17 15:09:40,285 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:40,285 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1090412780] [2021-12-17 15:09:40,285 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:40,286 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:40,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,367 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2021-12-17 15:09:40,368 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2021-12-17 15:09:40,372 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,374 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-17 15:09:40,374 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:40,374 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1090412780] [2021-12-17 15:09:40,374 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1090412780] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:40,375 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:40,375 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2021-12-17 15:09:40,375 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1281715922] [2021-12-17 15:09:40,375 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:40,377 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2021-12-17 15:09:40,377 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:40,377 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2021-12-17 15:09:40,378 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-17 15:09:40,378 INFO L87 Difference]: Start difference. First operand 76 states and 97 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-17 15:09:40,404 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:40,404 INFO L93 Difference]: Finished difference Result 112 states and 143 transitions. [2021-12-17 15:09:40,405 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2021-12-17 15:09:40,405 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2021-12-17 15:09:40,405 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:40,407 INFO L225 Difference]: With dead ends: 112 [2021-12-17 15:09:40,407 INFO L226 Difference]: Without dead ends: 67 [2021-12-17 15:09:40,408 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-17 15:09:40,409 INFO L933 BasicCegarLoop]: 84 mSDtfsCounter, 18 mSDsluCounter, 62 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 146 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:40,409 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 146 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-17 15:09:40,410 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2021-12-17 15:09:40,414 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2021-12-17 15:09:40,415 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 67 states, 54 states have (on average 1.3148148148148149) internal successors, (71), 59 states have internal predecessors, (71), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2021-12-17 15:09:40,417 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 85 transitions. [2021-12-17 15:09:40,417 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 85 transitions. Word has length 33 [2021-12-17 15:09:40,417 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:40,417 INFO L470 AbstractCegarLoop]: Abstraction has 67 states and 85 transitions. [2021-12-17 15:09:40,418 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-17 15:09:40,418 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2021-12-17 15:09:40,419 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2021-12-17 15:09:40,419 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:40,419 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:40,419 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2021-12-17 15:09:40,421 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:40,421 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:40,421 INFO L85 PathProgramCache]: Analyzing trace with hash 1250979301, now seen corresponding path program 1 times [2021-12-17 15:09:40,421 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:40,422 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1045692655] [2021-12-17 15:09:40,422 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:40,422 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:40,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-17 15:09:40,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2021-12-17 15:09:40,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,546 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-17 15:09:40,546 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:40,546 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1045692655] [2021-12-17 15:09:40,546 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1045692655] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:40,546 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:40,547 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2021-12-17 15:09:40,547 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [929004174] [2021-12-17 15:09:40,547 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:40,547 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2021-12-17 15:09:40,547 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:40,548 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2021-12-17 15:09:40,548 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2021-12-17 15:09:40,548 INFO L87 Difference]: Start difference. First operand 67 states and 85 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 6 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:40,712 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:40,712 INFO L93 Difference]: Finished difference Result 243 states and 322 transitions. [2021-12-17 15:09:40,712 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2021-12-17 15:09:40,712 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 6 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2021-12-17 15:09:40,713 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:40,714 INFO L225 Difference]: With dead ends: 243 [2021-12-17 15:09:40,714 INFO L226 Difference]: Without dead ends: 184 [2021-12-17 15:09:40,715 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2021-12-17 15:09:40,715 INFO L933 BasicCegarLoop]: 108 mSDtfsCounter, 195 mSDsluCounter, 377 mSDsCounter, 0 mSdLazyCounter, 86 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 195 SdHoareTripleChecker+Valid, 485 SdHoareTripleChecker+Invalid, 101 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 86 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:40,717 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [195 Valid, 485 Invalid, 101 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 86 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-17 15:09:40,718 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 184 states. [2021-12-17 15:09:40,736 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 184 to 158. [2021-12-17 15:09:40,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 158 states, 124 states have (on average 1.346774193548387) internal successors, (167), 135 states have internal predecessors, (167), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) [2021-12-17 15:09:40,738 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 158 states to 158 states and 206 transitions. [2021-12-17 15:09:40,738 INFO L78 Accepts]: Start accepts. Automaton has 158 states and 206 transitions. Word has length 38 [2021-12-17 15:09:40,738 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:40,738 INFO L470 AbstractCegarLoop]: Abstraction has 158 states and 206 transitions. [2021-12-17 15:09:40,739 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 6 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:40,739 INFO L276 IsEmpty]: Start isEmpty. Operand 158 states and 206 transitions. [2021-12-17 15:09:40,740 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2021-12-17 15:09:40,740 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:40,740 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:40,740 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2021-12-17 15:09:40,741 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:40,741 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:40,741 INFO L85 PathProgramCache]: Analyzing trace with hash 177136733, now seen corresponding path program 1 times [2021-12-17 15:09:40,741 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:40,741 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [837060448] [2021-12-17 15:09:40,741 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:40,742 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:40,753 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2021-12-17 15:09:40,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,785 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2021-12-17 15:09:40,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,792 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2021-12-17 15:09:40,792 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:40,793 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [837060448] [2021-12-17 15:09:40,793 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [837060448] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:40,793 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:40,793 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2021-12-17 15:09:40,793 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1704342444] [2021-12-17 15:09:40,793 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:40,794 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2021-12-17 15:09:40,794 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:40,794 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2021-12-17 15:09:40,794 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2021-12-17 15:09:40,795 INFO L87 Difference]: Start difference. First operand 158 states and 206 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-17 15:09:40,881 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:40,882 INFO L93 Difference]: Finished difference Result 402 states and 534 transitions. [2021-12-17 15:09:40,882 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2021-12-17 15:09:40,882 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2021-12-17 15:09:40,882 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:40,884 INFO L225 Difference]: With dead ends: 402 [2021-12-17 15:09:40,884 INFO L226 Difference]: Without dead ends: 252 [2021-12-17 15:09:40,885 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2021-12-17 15:09:40,886 INFO L933 BasicCegarLoop]: 96 mSDtfsCounter, 42 mSDsluCounter, 311 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 43 SdHoareTripleChecker+Valid, 407 SdHoareTripleChecker+Invalid, 64 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:40,886 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [43 Valid, 407 Invalid, 64 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 55 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-17 15:09:40,887 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 252 states. [2021-12-17 15:09:40,903 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 252 to 237. [2021-12-17 15:09:40,904 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 237 states, 183 states have (on average 1.289617486338798) internal successors, (236), 196 states have internal predecessors, (236), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2021-12-17 15:09:40,905 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 237 states to 237 states and 300 transitions. [2021-12-17 15:09:40,905 INFO L78 Accepts]: Start accepts. Automaton has 237 states and 300 transitions. Word has length 41 [2021-12-17 15:09:40,906 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:40,906 INFO L470 AbstractCegarLoop]: Abstraction has 237 states and 300 transitions. [2021-12-17 15:09:40,906 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-17 15:09:40,906 INFO L276 IsEmpty]: Start isEmpty. Operand 237 states and 300 transitions. [2021-12-17 15:09:40,907 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2021-12-17 15:09:40,907 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:40,907 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:40,907 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2021-12-17 15:09:40,908 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:40,908 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:40,908 INFO L85 PathProgramCache]: Analyzing trace with hash -413128686, now seen corresponding path program 1 times [2021-12-17 15:09:40,908 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:40,908 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1980922894] [2021-12-17 15:09:40,908 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:40,908 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:40,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-17 15:09:40,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2021-12-17 15:09:40,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:40,950 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-17 15:09:40,950 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:40,951 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1980922894] [2021-12-17 15:09:40,951 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1980922894] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:40,951 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:40,951 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2021-12-17 15:09:40,951 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [462506866] [2021-12-17 15:09:40,951 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:40,951 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2021-12-17 15:09:40,951 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:40,952 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2021-12-17 15:09:40,952 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2021-12-17 15:09:40,952 INFO L87 Difference]: Start difference. First operand 237 states and 300 transitions. Second operand has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:41,007 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:41,008 INFO L93 Difference]: Finished difference Result 494 states and 636 transitions. [2021-12-17 15:09:41,008 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2021-12-17 15:09:41,008 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 47 [2021-12-17 15:09:41,009 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:41,010 INFO L225 Difference]: With dead ends: 494 [2021-12-17 15:09:41,010 INFO L226 Difference]: Without dead ends: 265 [2021-12-17 15:09:41,011 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2021-12-17 15:09:41,012 INFO L933 BasicCegarLoop]: 105 mSDtfsCounter, 35 mSDsluCounter, 274 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 379 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:41,012 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [37 Valid, 379 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-17 15:09:41,013 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 265 states. [2021-12-17 15:09:41,025 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 265 to 243. [2021-12-17 15:09:41,029 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 243 states, 189 states have (on average 1.2804232804232805) internal successors, (242), 202 states have internal predecessors, (242), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2021-12-17 15:09:41,030 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 243 states to 243 states and 306 transitions. [2021-12-17 15:09:41,030 INFO L78 Accepts]: Start accepts. Automaton has 243 states and 306 transitions. Word has length 47 [2021-12-17 15:09:41,030 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:41,031 INFO L470 AbstractCegarLoop]: Abstraction has 243 states and 306 transitions. [2021-12-17 15:09:41,031 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:41,031 INFO L276 IsEmpty]: Start isEmpty. Operand 243 states and 306 transitions. [2021-12-17 15:09:41,033 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2021-12-17 15:09:41,033 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:41,034 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:41,034 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2021-12-17 15:09:41,034 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:41,034 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:41,034 INFO L85 PathProgramCache]: Analyzing trace with hash -2001476588, now seen corresponding path program 1 times [2021-12-17 15:09:41,034 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:41,035 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [243017965] [2021-12-17 15:09:41,035 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:41,035 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:41,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-17 15:09:41,066 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2021-12-17 15:09:41,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,071 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-17 15:09:41,071 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:41,071 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [243017965] [2021-12-17 15:09:41,071 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [243017965] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:41,072 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:41,072 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2021-12-17 15:09:41,072 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1526063350] [2021-12-17 15:09:41,072 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:41,072 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2021-12-17 15:09:41,072 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:41,073 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2021-12-17 15:09:41,073 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2021-12-17 15:09:41,073 INFO L87 Difference]: Start difference. First operand 243 states and 306 transitions. Second operand has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:41,094 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:41,095 INFO L93 Difference]: Finished difference Result 510 states and 657 transitions. [2021-12-17 15:09:41,095 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2021-12-17 15:09:41,095 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 47 [2021-12-17 15:09:41,096 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:41,097 INFO L225 Difference]: With dead ends: 510 [2021-12-17 15:09:41,097 INFO L226 Difference]: Without dead ends: 275 [2021-12-17 15:09:41,098 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2021-12-17 15:09:41,099 INFO L933 BasicCegarLoop]: 96 mSDtfsCounter, 27 mSDsluCounter, 166 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 27 SdHoareTripleChecker+Valid, 262 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:41,099 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [27 Valid, 262 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-17 15:09:41,100 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 275 states. [2021-12-17 15:09:41,110 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 275 to 247. [2021-12-17 15:09:41,111 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 247 states, 193 states have (on average 1.2746113989637307) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2021-12-17 15:09:41,112 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 247 states to 247 states and 310 transitions. [2021-12-17 15:09:41,112 INFO L78 Accepts]: Start accepts. Automaton has 247 states and 310 transitions. Word has length 47 [2021-12-17 15:09:41,112 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:41,112 INFO L470 AbstractCegarLoop]: Abstraction has 247 states and 310 transitions. [2021-12-17 15:09:41,112 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:41,113 INFO L276 IsEmpty]: Start isEmpty. Operand 247 states and 310 transitions. [2021-12-17 15:09:41,114 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2021-12-17 15:09:41,114 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:41,114 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:41,114 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2021-12-17 15:09:41,114 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:41,114 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:41,115 INFO L85 PathProgramCache]: Analyzing trace with hash 604546966, now seen corresponding path program 1 times [2021-12-17 15:09:41,115 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:41,115 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1263187669] [2021-12-17 15:09:41,115 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:41,115 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:41,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,145 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-17 15:09:41,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,149 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2021-12-17 15:09:41,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,157 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-17 15:09:41,157 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:41,157 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1263187669] [2021-12-17 15:09:41,157 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1263187669] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:41,158 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:41,158 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2021-12-17 15:09:41,158 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [216915488] [2021-12-17 15:09:41,158 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:41,158 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2021-12-17 15:09:41,158 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:41,158 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2021-12-17 15:09:41,158 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-17 15:09:41,159 INFO L87 Difference]: Start difference. First operand 247 states and 310 transitions. Second operand has 3 states, 3 states have (on average 13.333333333333334) internal successors, (40), 3 states have internal predecessors, (40), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:41,178 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:41,178 INFO L93 Difference]: Finished difference Result 614 states and 780 transitions. [2021-12-17 15:09:41,178 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2021-12-17 15:09:41,179 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 13.333333333333334) internal successors, (40), 3 states have internal predecessors, (40), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 47 [2021-12-17 15:09:41,179 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:41,186 INFO L225 Difference]: With dead ends: 614 [2021-12-17 15:09:41,186 INFO L226 Difference]: Without dead ends: 375 [2021-12-17 15:09:41,186 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-17 15:09:41,187 INFO L933 BasicCegarLoop]: 90 mSDtfsCounter, 39 mSDsluCounter, 71 mSDsCounter, 0 mSdLazyCounter, 10 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 161 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 10 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:41,187 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [39 Valid, 161 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 10 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-17 15:09:41,188 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 375 states. [2021-12-17 15:09:41,199 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 375 to 375. [2021-12-17 15:09:41,200 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 375 states, 293 states have (on average 1.2457337883959045) internal successors, (365), 309 states have internal predecessors, (365), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) [2021-12-17 15:09:41,201 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 375 states to 375 states and 464 transitions. [2021-12-17 15:09:41,202 INFO L78 Accepts]: Start accepts. Automaton has 375 states and 464 transitions. Word has length 47 [2021-12-17 15:09:41,202 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:41,202 INFO L470 AbstractCegarLoop]: Abstraction has 375 states and 464 transitions. [2021-12-17 15:09:41,202 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 13.333333333333334) internal successors, (40), 3 states have internal predecessors, (40), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-17 15:09:41,202 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 464 transitions. [2021-12-17 15:09:41,203 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2021-12-17 15:09:41,203 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:41,203 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:41,203 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2021-12-17 15:09:41,203 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:41,203 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:41,203 INFO L85 PathProgramCache]: Analyzing trace with hash -542316420, now seen corresponding path program 1 times [2021-12-17 15:09:41,204 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:41,204 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2025984188] [2021-12-17 15:09:41,204 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:41,204 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:41,213 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-17 15:09:41,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2021-12-17 15:09:41,278 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2021-12-17 15:09:41,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,286 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-17 15:09:41,286 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:41,287 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2025984188] [2021-12-17 15:09:41,287 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2025984188] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-17 15:09:41,287 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-17 15:09:41,287 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2021-12-17 15:09:41,287 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [813617422] [2021-12-17 15:09:41,287 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-17 15:09:41,287 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2021-12-17 15:09:41,287 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:41,288 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2021-12-17 15:09:41,288 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2021-12-17 15:09:41,288 INFO L87 Difference]: Start difference. First operand 375 states and 464 transitions. Second operand has 8 states, 8 states have (on average 5.25) internal successors, (42), 7 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2021-12-17 15:09:41,604 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:41,604 INFO L93 Difference]: Finished difference Result 1238 states and 1604 transitions. [2021-12-17 15:09:41,604 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2021-12-17 15:09:41,605 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.25) internal successors, (42), 7 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 51 [2021-12-17 15:09:41,605 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:41,610 INFO L225 Difference]: With dead ends: 1238 [2021-12-17 15:09:41,610 INFO L226 Difference]: Without dead ends: 999 [2021-12-17 15:09:41,611 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 58 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=95, Invalid=247, Unknown=0, NotChecked=0, Total=342 [2021-12-17 15:09:41,612 INFO L933 BasicCegarLoop]: 129 mSDtfsCounter, 359 mSDsluCounter, 422 mSDsCounter, 0 mSdLazyCounter, 246 mSolverCounterSat, 80 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 369 SdHoareTripleChecker+Valid, 551 SdHoareTripleChecker+Invalid, 326 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 80 IncrementalHoareTripleChecker+Valid, 246 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:41,612 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [369 Valid, 551 Invalid, 326 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [80 Valid, 246 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2021-12-17 15:09:41,613 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 999 states. [2021-12-17 15:09:41,669 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 999 to 932. [2021-12-17 15:09:41,671 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 932 states, 732 states have (on average 1.2172131147540983) internal successors, (891), 776 states have internal predecessors, (891), 108 states have call successors, (108), 81 states have call predecessors, (108), 91 states have return successors, (154), 103 states have call predecessors, (154), 108 states have call successors, (154) [2021-12-17 15:09:41,679 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 932 states to 932 states and 1153 transitions. [2021-12-17 15:09:41,679 INFO L78 Accepts]: Start accepts. Automaton has 932 states and 1153 transitions. Word has length 51 [2021-12-17 15:09:41,680 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:41,680 INFO L470 AbstractCegarLoop]: Abstraction has 932 states and 1153 transitions. [2021-12-17 15:09:41,682 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.25) internal successors, (42), 7 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2021-12-17 15:09:41,682 INFO L276 IsEmpty]: Start isEmpty. Operand 932 states and 1153 transitions. [2021-12-17 15:09:41,684 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 84 [2021-12-17 15:09:41,684 INFO L506 BasicCegarLoop]: Found error trace [2021-12-17 15:09:41,685 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:41,685 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2021-12-17 15:09:41,685 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-17 15:09:41,686 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-17 15:09:41,686 INFO L85 PathProgramCache]: Analyzing trace with hash -1954817075, now seen corresponding path program 1 times [2021-12-17 15:09:41,686 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-17 15:09:41,686 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2055097988] [2021-12-17 15:09:41,686 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:41,686 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-17 15:09:41,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-17 15:09:41,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,795 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2021-12-17 15:09:41,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,817 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-17 15:09:41,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2021-12-17 15:09:41,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,836 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2021-12-17 15:09:41,837 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,840 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2021-12-17 15:09:41,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,844 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 18 proven. 7 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2021-12-17 15:09:41,844 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-17 15:09:41,844 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2055097988] [2021-12-17 15:09:41,845 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2055097988] provided 0 perfect and 1 imperfect interpolant sequences [2021-12-17 15:09:41,845 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [565808855] [2021-12-17 15:09:41,845 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-17 15:09:41,845 INFO L168 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2021-12-17 15:09:41,845 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-17 15:09:41,860 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2021-12-17 15:09:41,866 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2021-12-17 15:09:41,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-17 15:09:41,977 INFO L263 TraceCheckSpWp]: Trace formula consists of 445 conjuncts, 8 conjunts are in the unsatisfiable core [2021-12-17 15:09:41,983 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2021-12-17 15:09:42,164 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 23 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2021-12-17 15:09:42,164 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2021-12-17 15:09:42,373 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 6 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2021-12-17 15:09:42,373 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleZ3 [565808855] provided 0 perfect and 2 imperfect interpolant sequences [2021-12-17 15:09:42,373 INFO L186 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2021-12-17 15:09:42,373 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2021-12-17 15:09:42,373 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [568685366] [2021-12-17 15:09:42,374 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2021-12-17 15:09:42,374 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2021-12-17 15:09:42,374 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-17 15:09:42,374 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2021-12-17 15:09:42,374 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=35, Invalid=175, Unknown=0, NotChecked=0, Total=210 [2021-12-17 15:09:42,375 INFO L87 Difference]: Start difference. First operand 932 states and 1153 transitions. Second operand has 15 states, 15 states have (on average 6.933333333333334) internal successors, (104), 11 states have internal predecessors, (104), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2021-12-17 15:09:42,913 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-17 15:09:42,914 INFO L93 Difference]: Finished difference Result 1709 states and 2165 transitions. [2021-12-17 15:09:42,914 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 24 states. [2021-12-17 15:09:42,914 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 6.933333333333334) internal successors, (104), 11 states have internal predecessors, (104), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) Word has length 83 [2021-12-17 15:09:42,915 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-17 15:09:42,915 INFO L225 Difference]: With dead ends: 1709 [2021-12-17 15:09:42,915 INFO L226 Difference]: Without dead ends: 0 [2021-12-17 15:09:42,919 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 214 GetRequests, 181 SyntacticMatches, 1 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 212 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=207, Invalid=915, Unknown=0, NotChecked=0, Total=1122 [2021-12-17 15:09:42,919 INFO L933 BasicCegarLoop]: 159 mSDtfsCounter, 241 mSDsluCounter, 975 mSDsCounter, 0 mSdLazyCounter, 608 mSolverCounterSat, 98 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 242 SdHoareTripleChecker+Valid, 1134 SdHoareTripleChecker+Invalid, 706 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 98 IncrementalHoareTripleChecker+Valid, 608 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2021-12-17 15:09:42,919 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [242 Valid, 1134 Invalid, 706 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [98 Valid, 608 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2021-12-17 15:09:42,920 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2021-12-17 15:09:42,920 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2021-12-17 15:09:42,920 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2021-12-17 15:09:42,920 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2021-12-17 15:09:42,920 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 83 [2021-12-17 15:09:42,920 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-17 15:09:42,920 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2021-12-17 15:09:42,920 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 6.933333333333334) internal successors, (104), 11 states have internal predecessors, (104), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2021-12-17 15:09:42,921 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2021-12-17 15:09:42,921 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2021-12-17 15:09:42,922 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2021-12-17 15:09:42,944 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2021-12-17 15:09:43,135 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2021-12-17 15:09:43,137 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2021-12-17 15:09:46,260 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 140 146) no Hoare annotation was computed. [2021-12-17 15:09:46,260 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 140 146) the Hoare annotation is: true [2021-12-17 15:09:46,260 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 900 911) the Hoare annotation is: true [2021-12-17 15:09:46,260 INFO L858 garLoopResultBuilder]: For program point L904-1(lines 900 911) no Hoare annotation was computed. [2021-12-17 15:09:46,260 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 900 911) no Hoare annotation was computed. [2021-12-17 15:09:46,260 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 727 756) no Hoare annotation was computed. [2021-12-17 15:09:46,260 INFO L861 garLoopResultBuilder]: At program point L737-2(lines 737 751) the Hoare annotation is: true [2021-12-17 15:09:46,260 INFO L861 garLoopResultBuilder]: At program point L733(line 733) the Hoare annotation is: true [2021-12-17 15:09:46,260 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 727 756) the Hoare annotation is: true [2021-12-17 15:09:46,261 INFO L858 garLoopResultBuilder]: For program point L733-1(line 733) no Hoare annotation was computed. [2021-12-17 15:09:46,261 INFO L861 garLoopResultBuilder]: At program point L752(lines 727 756) the Hoare annotation is: true [2021-12-17 15:09:46,261 INFO L858 garLoopResultBuilder]: For program point L748(line 748) no Hoare annotation was computed. [2021-12-17 15:09:46,261 INFO L858 garLoopResultBuilder]: For program point L741(lines 741 745) no Hoare annotation was computed. [2021-12-17 15:09:46,261 INFO L861 garLoopResultBuilder]: At program point L741-1(lines 741 745) the Hoare annotation is: true [2021-12-17 15:09:46,261 INFO L858 garLoopResultBuilder]: For program point L738(line 738) no Hoare annotation was computed. [2021-12-17 15:09:46,261 INFO L858 garLoopResultBuilder]: For program point L254(lines 254 258) no Hoare annotation was computed. [2021-12-17 15:09:46,261 INFO L854 garLoopResultBuilder]: At program point L93(lines 88 95) the Hoare annotation is: (let ((.cse1 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or .cse0 (not (= |old(~pumpRunning~0)| 0))) (or (not (<= 2 |old(~waterLevel~0)|)) .cse1 .cse0 .cse2) (or .cse1 .cse0 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2))) [2021-12-17 15:09:46,262 INFO L858 garLoopResultBuilder]: For program point L254-2(lines 254 258) no Hoare annotation was computed. [2021-12-17 15:09:46,262 INFO L858 garLoopResultBuilder]: For program point L857(lines 857 863) no Hoare annotation was computed. [2021-12-17 15:09:46,262 INFO L854 garLoopResultBuilder]: At program point L841(lines 834 843) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (<= 1 ~switchedOnBeforeTS~0)) (.cse5 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse3 (<= 1 ~pumpRunning~0)) (.cse4 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 (and .cse2 .cse3 (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2)) .cse4) (or .cse1 (and .cse5 (= ~pumpRunning~0 0)) (not (= |old(~pumpRunning~0)| 0))) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) (and .cse2 .cse5 .cse3) .cse4))) [2021-12-17 15:09:46,262 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 113 139) no Hoare annotation was computed. [2021-12-17 15:09:46,262 INFO L858 garLoopResultBuilder]: For program point L127-1(lines 127 133) no Hoare annotation was computed. [2021-12-17 15:09:46,262 INFO L858 garLoopResultBuilder]: For program point L957(lines 957 963) no Hoare annotation was computed. [2021-12-17 15:09:46,262 INFO L858 garLoopResultBuilder]: For program point L156(lines 156 164) no Hoare annotation was computed. [2021-12-17 15:09:46,262 INFO L858 garLoopResultBuilder]: For program point L152(lines 152 169) no Hoare annotation was computed. [2021-12-17 15:09:46,263 INFO L854 garLoopResultBuilder]: At program point L854(line 854) the Hoare annotation is: (let ((.cse0 (not (<= 2 |old(~waterLevel~0)|))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2) (or .cse0 .cse3 .cse1 (and .cse4 (= ~waterLevel~0 1) .cse5) .cse6) (or .cse1 (and (= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 0)) .cse2) (or .cse3 .cse1 .cse2 (= |timeShift_processEnvironment_~tmp~0#1| 0)) (or .cse3 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) (and .cse4 .cse5 (<= ~waterLevel~0 2)) .cse6))) [2021-12-17 15:09:46,263 INFO L854 garLoopResultBuilder]: At program point L949(lines 944 952) the Hoare annotation is: (let ((.cse1 (<= |timeShift_getWaterLevel_#res#1| 2)) (.cse2 (<= 2 |timeShift_getWaterLevel_#res#1|)) (.cse5 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse9 (<= 1 ~pumpRunning~0)) (.cse11 (<= ~waterLevel~0 2)) (.cse7 (= 0 ~systemActive~0))) (let ((.cse0 (not (<= 2 |old(~waterLevel~0)|))) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse10 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (and .cse1 .cse2 .cse5 .cse9 (<= 2 ~waterLevel~0) .cse11 (not .cse7))) (.cse4 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (and .cse1 .cse2) .cse3 .cse4) (or .cse3 (and .cse5 (= ~pumpRunning~0 0)) .cse6 .cse4) (or .cse0 .cse7 .cse3 (and .cse8 (= ~waterLevel~0 1) .cse9) .cse10) (or .cse7 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) (and .cse8 .cse9 .cse11) .cse10) (or .cse7 .cse3 .cse6 .cse4 (= |timeShift_processEnvironment_~tmp~0#1| 0))))) [2021-12-17 15:09:46,263 INFO L858 garLoopResultBuilder]: For program point L854-1(line 854) no Hoare annotation was computed. [2021-12-17 15:09:46,263 INFO L854 garLoopResultBuilder]: At program point L260(lines 245 263) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 .cse2) (let ((.cse3 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse4 (not .cse0)) (.cse5 (= ~pumpRunning~0 0))) (or .cse1 (not (= |old(~pumpRunning~0)| 0)) (and (= |timeShift_isHighWaterLevel_~tmp___0~0#1| 0) .cse3 .cse4 (= |timeShift_isHighWaterLevel_#res#1| 0) .cse5) (and .cse3 (<= 2 ~waterLevel~0) .cse4 .cse5))) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2))) [2021-12-17 15:09:46,263 INFO L854 garLoopResultBuilder]: At program point L962(lines 953 966) the Hoare annotation is: (let ((.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (= 0 ~systemActive~0))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 .cse2) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2) (let ((.cse3 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse4 (not .cse0)) (.cse5 (= ~pumpRunning~0 0))) (or .cse1 (and .cse3 (= |timeShift_isHighWaterSensorDry_#res#1| 1) .cse4 .cse5) (not (= |old(~pumpRunning~0)| 0)) (and .cse3 (<= 2 ~waterLevel~0) .cse4 .cse5))))) [2021-12-17 15:09:46,263 INFO L858 garLoopResultBuilder]: For program point L120(lines 120 126) no Hoare annotation was computed. [2021-12-17 15:09:46,264 INFO L858 garLoopResultBuilder]: For program point L120-2(lines 116 138) no Hoare annotation was computed. [2021-12-17 15:09:46,264 INFO L854 garLoopResultBuilder]: At program point L178(lines 173 180) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 .cse2) (or .cse1 (and (= ~waterLevel~0 |old(~waterLevel~0)|) (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) (not .cse0)) (not (= |old(~pumpRunning~0)| 0))) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2))) [2021-12-17 15:09:46,264 INFO L858 garLoopResultBuilder]: For program point L880(lines 880 884) no Hoare annotation was computed. [2021-12-17 15:09:46,264 INFO L854 garLoopResultBuilder]: At program point L880-2(lines 876 887) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (<= 1 ~switchedOnBeforeTS~0)) (.cse3 (<= 1 ~pumpRunning~0)) (.cse4 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4) (or .cse1 (not (= |old(~pumpRunning~0)| 0))) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) (and .cse2 .cse3 (<= ~waterLevel~0 2)) .cse4))) [2021-12-17 15:09:46,264 INFO L854 garLoopResultBuilder]: At program point L839(line 839) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse2 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 (and .cse2 .cse3 (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2)) .cse4) (or .cse0 (and .cse5 .cse2 .cse3) .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse4) (or .cse1 (and .cse5 .cse2 (= ~pumpRunning~0 0)) (not (= |old(~pumpRunning~0)| 0))))) [2021-12-17 15:09:46,264 INFO L858 garLoopResultBuilder]: For program point L839-1(line 839) no Hoare annotation was computed. [2021-12-17 15:09:46,264 INFO L854 garLoopResultBuilder]: At program point L162(line 162) the Hoare annotation is: (let ((.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (= 0 ~systemActive~0))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 .cse2) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse2) (or .cse1 (and (= ~waterLevel~0 |old(~waterLevel~0)|) (not .cse0) (= |timeShift_processEnvironment_~tmp~0#1| 0) (= ~pumpRunning~0 0)) (not (= |old(~pumpRunning~0)| 0))))) [2021-12-17 15:09:46,265 INFO L858 garLoopResultBuilder]: For program point L92(line 92) no Hoare annotation was computed. [2021-12-17 15:09:46,265 INFO L858 garLoopResultBuilder]: For program point L856(lines 856 866) no Hoare annotation was computed. [2021-12-17 15:09:46,265 INFO L858 garLoopResultBuilder]: For program point L852(lines 852 869) no Hoare annotation was computed. [2021-12-17 15:09:46,265 INFO L854 garLoopResultBuilder]: At program point L852-1(lines 844 872) the Hoare annotation is: (let ((.cse5 (<= |timeShift_getWaterLevel_#res#1| 2)) (.cse6 (<= 2 |timeShift_getWaterLevel_#res#1|)) (.cse7 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~7#1| 2)) (.cse13 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse8 (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~7#1|)) (.cse10 (<= 1 ~pumpRunning~0)) (.cse12 (<= ~waterLevel~0 2)) (.cse0 (= 0 ~systemActive~0))) (let ((.cse4 (not (<= 2 |old(~waterLevel~0)|))) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse11 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (and .cse5 .cse6 .cse7 .cse13 .cse8 .cse10 (<= 2 ~waterLevel~0) .cse12 (not .cse0))) (.cse3 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 (= |timeShift_processEnvironment_~tmp~0#1| 0)) (or .cse4 .cse1 (and .cse5 .cse6 .cse7 .cse8) .cse3) (or .cse4 .cse0 .cse1 (and .cse9 (= ~waterLevel~0 1) .cse10) .cse11) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) (and .cse9 .cse10 .cse12) .cse11) (or .cse1 .cse2 (and .cse13 (= ~pumpRunning~0 0)) .cse3)))) [2021-12-17 15:09:46,265 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 113 139) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse2 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 (and .cse2 .cse3 (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2)) .cse4) (or .cse0 (and .cse5 .cse2 .cse3) .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) .cse4) (or .cse1 (and .cse5 .cse2 (= ~pumpRunning~0 0)) (not (= |old(~pumpRunning~0)| 0))))) [2021-12-17 15:09:46,265 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 113 139) no Hoare annotation was computed. [2021-12-17 15:09:46,265 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 92) no Hoare annotation was computed. [2021-12-17 15:09:46,266 INFO L854 garLoopResultBuilder]: At program point L167(line 167) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (<= 1 ~switchedOnBeforeTS~0)) (.cse3 (<= 1 ~pumpRunning~0)) (.cse4 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or (not (<= 2 |old(~waterLevel~0)|)) .cse0 .cse1 (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4) (or .cse1 (not (= |old(~pumpRunning~0)| 0))) (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) (and .cse2 .cse3 (<= ~waterLevel~0 2)) .cse4))) [2021-12-17 15:09:46,266 INFO L854 garLoopResultBuilder]: At program point L167-1(lines 148 172) the Hoare annotation is: (let ((.cse4 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse3 (<= 1 ~pumpRunning~0)) (.cse6 (not (<= 1 |old(~pumpRunning~0)|)))) (and (let ((.cse1 (= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse2 (not .cse4))) (or .cse0 (and .cse1 .cse2 (= |timeShift_processEnvironment_~tmp~0#1| 0) (= ~pumpRunning~0 0)) (and .cse1 .cse3 (<= 2 ~waterLevel~0) .cse2) (not (= |old(~pumpRunning~0)| 0)))) (or (not (<= 2 |old(~waterLevel~0)|)) .cse4 .cse0 (and .cse5 (= ~waterLevel~0 1) .cse3) .cse6) (or .cse4 .cse0 (not (<= 1 |old(~switchedOnBeforeTS~0)|)) (and .cse5 .cse3 (<= ~waterLevel~0 2)) .cse6))) [2021-12-17 15:09:46,266 INFO L854 garLoopResultBuilder]: At program point L717(lines 666 718) the Hoare annotation is: false [2021-12-17 15:09:46,266 INFO L858 garLoopResultBuilder]: For program point L705(lines 705 711) no Hoare annotation was computed. [2021-12-17 15:09:46,266 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2021-12-17 15:09:46,266 INFO L854 garLoopResultBuilder]: At program point L705-2(lines 697 712) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse0 (= 1 |ULTIMATE.start_main_~tmp~6#1|)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= 1 |ULTIMATE.start_valid_product_#res#1|)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse3 (<= 2 ~waterLevel~0) .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse4 (= ~pumpRunning~0 0)))) [2021-12-17 15:09:46,266 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2021-12-17 15:09:46,267 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2021-12-17 15:09:46,267 INFO L858 garLoopResultBuilder]: For program point L668(lines 667 716) no Hoare annotation was computed. [2021-12-17 15:09:46,267 INFO L854 garLoopResultBuilder]: At program point L284(lines 279 286) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse0 (= 1 |ULTIMATE.start_main_~tmp~6#1|)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= 1 |ULTIMATE.start_valid_product_#res#1|)) (.cse4 (<= ~waterLevel~0 2)) (.cse5 (= ~systemActive~0 1))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse3 (<= 2 ~waterLevel~0) .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse4 .cse5 (= ~pumpRunning~0 0)))) [2021-12-17 15:09:46,267 INFO L858 garLoopResultBuilder]: For program point L697(lines 697 712) no Hoare annotation was computed. [2021-12-17 15:09:46,267 INFO L854 garLoopResultBuilder]: At program point L276(lines 264 278) the Hoare annotation is: (and (= 1 |ULTIMATE.start_main_~tmp~6#1|) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= 1 |ULTIMATE.start_valid_product_#res#1|) (<= ~waterLevel~0 2) (= ~pumpRunning~0 0)) [2021-12-17 15:09:46,267 INFO L854 garLoopResultBuilder]: At program point L689(line 689) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse0 (= 1 |ULTIMATE.start_main_~tmp~6#1|)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= 1 |ULTIMATE.start_valid_product_#res#1|)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse3 (<= 2 ~waterLevel~0) .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse4 (= ~pumpRunning~0 0)))) [2021-12-17 15:09:46,267 INFO L858 garLoopResultBuilder]: For program point L268(lines 268 274) no Hoare annotation was computed. [2021-12-17 15:09:46,267 INFO L858 garLoopResultBuilder]: For program point L268-2(lines 268 274) no Hoare annotation was computed. [2021-12-17 15:09:46,268 INFO L854 garLoopResultBuilder]: At program point L714(lines 667 716) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse0 (= 1 |ULTIMATE.start_main_~tmp~6#1|)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= 1 |ULTIMATE.start_valid_product_#res#1|)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse3 (<= 2 ~waterLevel~0) .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse4 (= ~pumpRunning~0 0)))) [2021-12-17 15:09:46,268 INFO L858 garLoopResultBuilder]: For program point L677(lines 677 683) no Hoare annotation was computed. [2021-12-17 15:09:46,268 INFO L858 garLoopResultBuilder]: For program point L677-1(lines 677 683) no Hoare annotation was computed. [2021-12-17 15:09:46,268 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2021-12-17 15:09:46,268 INFO L858 garLoopResultBuilder]: For program point L669(lines 669 673) no Hoare annotation was computed. [2021-12-17 15:09:46,268 INFO L861 garLoopResultBuilder]: At program point L797(lines 789 799) the Hoare annotation is: true [2021-12-17 15:09:46,268 INFO L854 garLoopResultBuilder]: At program point L186(lines 181 188) the Hoare annotation is: (let ((.cse0 (= 1 |ULTIMATE.start_main_~tmp~6#1|)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= 1 |ULTIMATE.start_valid_product_#res#1|)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= ~pumpRunning~0 0))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2 .cse3 .cse4) (and .cse0 .cse1 .cse2 (<= 2 ~waterLevel~0) .cse3 .cse4))) [2021-12-17 15:09:46,268 INFO L854 garLoopResultBuilder]: At program point L83(lines 78 86) the Hoare annotation is: (and (= ~waterLevel~0 1) (= 1 |ULTIMATE.start_valid_product_#res#1|) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-17 15:09:46,268 INFO L854 garLoopResultBuilder]: At program point L785(lines 781 787) the Hoare annotation is: (and (= ~waterLevel~0 1) (= 1 |ULTIMATE.start_valid_product_#res#1|) (= ~systemActive~0 |ULTIMATE.start_main_~tmp~6#1|) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-17 15:09:46,269 INFO L854 garLoopResultBuilder]: At program point L75(lines 71 77) the Hoare annotation is: (and (= ~waterLevel~0 1) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-17 15:09:46,269 INFO L858 garLoopResultBuilder]: For program point L810(lines 810 817) no Hoare annotation was computed. [2021-12-17 15:09:46,269 INFO L858 garLoopResultBuilder]: For program point L810-2(lines 810 817) no Hoare annotation was computed. [2021-12-17 15:09:46,269 INFO L854 garLoopResultBuilder]: At program point L831(lines 826 833) the Hoare annotation is: (and (= ~waterLevel~0 1) (= 1 |ULTIMATE.start_valid_product_#res#1|) (= ~systemActive~0 |ULTIMATE.start_main_~tmp~6#1|) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-17 15:09:46,269 INFO L861 garLoopResultBuilder]: At program point L819(lines 800 822) the Hoare annotation is: true [2021-12-17 15:09:46,269 INFO L861 garLoopResultBuilder]: At program point L720(lines 657 724) the Hoare annotation is: true [2021-12-17 15:09:46,269 INFO L858 garLoopResultBuilder]: For program point L687(lines 687 693) no Hoare annotation was computed. [2021-12-17 15:09:46,269 INFO L858 garLoopResultBuilder]: For program point L687-1(lines 687 693) no Hoare annotation was computed. [2021-12-17 15:09:46,270 INFO L854 garLoopResultBuilder]: At program point L679(line 679) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse0 (= 1 |ULTIMATE.start_main_~tmp~6#1|)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= 1 |ULTIMATE.start_valid_product_#res#1|)) (.cse4 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse3 (<= 2 ~waterLevel~0) .cse4 .cse5) (and .cse0 .cse1 .cse2 .cse4 (= ~pumpRunning~0 0)))) [2021-12-17 15:09:46,270 INFO L854 garLoopResultBuilder]: At program point L68(lines 64 70) the Hoare annotation is: (and (= ~waterLevel~0 1) (= ~systemActive~0 1) (= ~pumpRunning~0 0)) [2021-12-17 15:09:46,270 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 888 899) no Hoare annotation was computed. [2021-12-17 15:09:46,270 INFO L858 garLoopResultBuilder]: For program point L892-1(lines 888 899) no Hoare annotation was computed. [2021-12-17 15:09:46,270 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 888 899) the Hoare annotation is: (let ((.cse2 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 ~pumpRunning~0))) (.cse1 (= ~waterLevel~0 |old(~waterLevel~0)|))) (and (or .cse0 (not (= ~pumpRunning~0 0)) .cse1) (or (not (<= 2 |old(~waterLevel~0)|)) .cse2 .cse0 (and (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2)) .cse3) (or .cse2 (not (<= 1 ~switchedOnBeforeTS~0)) .cse0 .cse3 .cse1))) [2021-12-17 15:09:46,270 INFO L858 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 200 208) no Hoare annotation was computed. [2021-12-17 15:09:46,270 INFO L861 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 200 208) the Hoare annotation is: true [2021-12-17 15:09:46,270 INFO L858 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 200 208) no Hoare annotation was computed. [2021-12-17 15:09:46,273 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-17 15:09:46,274 INFO L179 ceAbstractionStarter]: Computing trace abstraction results [2021-12-17 15:09:46,298 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 17.12 03:09:46 BoogieIcfgContainer [2021-12-17 15:09:46,298 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2021-12-17 15:09:46,299 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2021-12-17 15:09:46,299 INFO L271 PluginConnector]: Initializing Witness Printer... [2021-12-17 15:09:46,299 INFO L275 PluginConnector]: Witness Printer initialized [2021-12-17 15:09:46,300 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 17.12 03:09:39" (3/4) ... [2021-12-17 15:09:46,302 INFO L137 WitnessPrinter]: Generating witness for correct program [2021-12-17 15:09:46,306 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2021-12-17 15:09:46,306 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2021-12-17 15:09:46,306 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2021-12-17 15:09:46,306 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2021-12-17 15:09:46,307 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2021-12-17 15:09:46,307 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2021-12-17 15:09:46,311 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 48 nodes and edges [2021-12-17 15:09:46,312 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2021-12-17 15:09:46,312 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2021-12-17 15:09:46,312 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2021-12-17 15:09:46,313 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2021-12-17 15:09:46,313 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2021-12-17 15:09:46,313 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2021-12-17 15:09:46,328 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((waterLevel == 1 && 1 == \result) && systemActive == 1) && pumpRunning == 0 [2021-12-17 15:09:46,329 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((waterLevel == 1 && 1 == \result) && systemActive == tmp) && systemActive == 1) && pumpRunning == 0 [2021-12-17 15:09:46,329 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((waterLevel == 1 && 1 == \result) && systemActive == tmp) && systemActive == 1) && pumpRunning == 0 [2021-12-17 15:09:46,330 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((1 == tmp && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && 1 == \result) && 1 <= pumpRunning) && waterLevel <= 2) && !(0 == systemActive)) || ((((((1 == tmp && splverifierCounter == 0) && 1 == \result) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || ((((1 == tmp && splverifierCounter == 0) && 1 == \result) && waterLevel <= 2) && pumpRunning == 0) [2021-12-17 15:09:46,331 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2)) || !(1 <= \old(pumpRunning))) && ((!(\old(waterLevel) <= 2) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(\old(pumpRunning) == 0))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning))) [2021-12-17 15:09:46,331 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning))) && (!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning))) [2021-12-17 15:09:46,332 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((1 == tmp && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && 1 == \result) && 1 <= pumpRunning) && waterLevel <= 2) && systemActive == 1) || ((((((1 == tmp && splverifierCounter == 0) && 1 == \result) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && systemActive == 1)) || (((((1 == tmp && splverifierCounter == 0) && 1 == \result) && waterLevel <= 2) && systemActive == 1) && pumpRunning == 0) [2021-12-17 15:09:46,332 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((0 == systemActive || !(\old(waterLevel) <= 2)) || ((((((((\result <= 2 && 2 <= \result) && tmp <= 2) && waterLevel == \old(waterLevel)) && 1 < tmp) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || !(\old(pumpRunning) == 0)) || tmp == 0) && (((!(2 <= \old(waterLevel)) || !(\old(waterLevel) <= 2)) || (((\result <= 2 && 2 <= \result) && tmp <= 2) && 1 < tmp)) || !(\old(pumpRunning) == 0))) && ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || ((((((((\result <= 2 && 2 <= \result) && tmp <= 2) && waterLevel == \old(waterLevel)) && 1 < tmp) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) [2021-12-17 15:09:46,333 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && !(0 == systemActive)) && tmp == 0) && pumpRunning == 0)) || (((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && 2 <= waterLevel) && !(0 == systemActive))) || !(\old(pumpRunning) == 0)) && ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning))) [2021-12-17 15:09:46,333 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0)) && (((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning)))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning))) [2021-12-17 15:09:46,333 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((1 == tmp && splverifierCounter == 0) && 1 == \result) && waterLevel <= 2) && pumpRunning == 0 [2021-12-17 15:09:46,333 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((1 == tmp && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && 1 == \result) && waterLevel <= 2) && pumpRunning == 0) || (((((1 == tmp && splverifierCounter == 0) && 1 == \result) && 2 <= waterLevel) && waterLevel <= 2) && pumpRunning == 0) [2021-12-17 15:09:46,333 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(2 <= \old(waterLevel)) || (\result <= 2 && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(\old(pumpRunning) == 0)) && (((!(\old(waterLevel) <= 2) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || ((((((\result <= 2 && 2 <= \result) && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || !(\old(pumpRunning) == 0))) && ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || ((((((\result <= 2 && 2 <= \result) && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || !(\old(pumpRunning) == 0)) || tmp == 0) [2021-12-17 15:09:46,333 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && \result == 1) && !(0 == systemActive)) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) || (((waterLevel == \old(waterLevel) && 2 <= waterLevel) && !(0 == systemActive)) && pumpRunning == 0)) [2021-12-17 15:09:46,334 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning))) && (((!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0)) || ((((tmp___0 == 0 && waterLevel == \old(waterLevel)) && !(0 == systemActive)) && \result == 0) && pumpRunning == 0)) || (((waterLevel == \old(waterLevel) && 2 <= waterLevel) && !(0 == systemActive)) && pumpRunning == 0))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning))) [2021-12-17 15:09:46,334 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning))) && ((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && 2 <= waterLevel) && !(0 == systemActive))) || !(\old(pumpRunning) == 0))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning))) [2021-12-17 15:09:46,357 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2021-12-17 15:09:46,357 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2021-12-17 15:09:46,358 INFO L158 Benchmark]: Toolchain (without parser) took 7234.12ms. Allocated memory was 86.0MB in the beginning and 176.2MB in the end (delta: 90.2MB). Free memory was 52.9MB in the beginning and 64.7MB in the end (delta: -11.8MB). Peak memory consumption was 78.2MB. Max. memory is 16.1GB. [2021-12-17 15:09:46,358 INFO L158 Benchmark]: CDTParser took 0.18ms. Allocated memory is still 86.0MB. Free memory was 58.9MB in the beginning and 58.9MB in the end (delta: 25.4kB). There was no memory consumed. Max. memory is 16.1GB. [2021-12-17 15:09:46,358 INFO L158 Benchmark]: CACSL2BoogieTranslator took 367.14ms. Allocated memory is still 86.0MB. Free memory was 52.9MB in the beginning and 56.3MB in the end (delta: -3.4MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2021-12-17 15:09:46,358 INFO L158 Benchmark]: Boogie Procedure Inliner took 51.60ms. Allocated memory is still 86.0MB. Free memory was 56.3MB in the beginning and 53.6MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2021-12-17 15:09:46,359 INFO L158 Benchmark]: Boogie Preprocessor took 31.42ms. Allocated memory is still 86.0MB. Free memory was 53.6MB in the beginning and 52.1MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2021-12-17 15:09:46,359 INFO L158 Benchmark]: RCFGBuilder took 333.52ms. Allocated memory is still 86.0MB. Free memory was 52.1MB in the beginning and 37.0MB in the end (delta: 15.1MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. [2021-12-17 15:09:46,359 INFO L158 Benchmark]: TraceAbstraction took 6387.41ms. Allocated memory was 86.0MB in the beginning and 176.2MB in the end (delta: 90.2MB). Free memory was 36.2MB in the beginning and 71.0MB in the end (delta: -34.8MB). Peak memory consumption was 80.8MB. Max. memory is 16.1GB. [2021-12-17 15:09:46,360 INFO L158 Benchmark]: Witness Printer took 58.37ms. Allocated memory is still 176.2MB. Free memory was 71.0MB in the beginning and 64.7MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2021-12-17 15:09:46,361 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.18ms. Allocated memory is still 86.0MB. Free memory was 58.9MB in the beginning and 58.9MB in the end (delta: 25.4kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 367.14ms. Allocated memory is still 86.0MB. Free memory was 52.9MB in the beginning and 56.3MB in the end (delta: -3.4MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 51.60ms. Allocated memory is still 86.0MB. Free memory was 56.3MB in the beginning and 53.6MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 31.42ms. Allocated memory is still 86.0MB. Free memory was 53.6MB in the beginning and 52.1MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 333.52ms. Allocated memory is still 86.0MB. Free memory was 52.1MB in the beginning and 37.0MB in the end (delta: 15.1MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. * TraceAbstraction took 6387.41ms. Allocated memory was 86.0MB in the beginning and 176.2MB in the end (delta: 90.2MB). Free memory was 36.2MB in the beginning and 71.0MB in the end (delta: -34.8MB). Peak memory consumption was 80.8MB. Max. memory is 16.1GB. * Witness Printer took 58.37ms. Allocated memory is still 176.2MB. Free memory was 71.0MB in the beginning and 64.7MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 92]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 7 procedures, 85 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 6.3s, OverallIterations: 9, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 1.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 3.1s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 973 SdHoareTripleChecker+Valid, 0.7s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 956 mSDsluCounter, 3631 SdHoareTripleChecker+Invalid, 0.5s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2658 mSDsCounter, 214 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1028 IncrementalHoareTripleChecker+Invalid, 1242 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 214 mSolverCounterUnsat, 973 mSDtfsCounter, 1028 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 305 GetRequests, 232 SyntacticMatches, 1 SemanticMatches, 72 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 273 ImplicationChecksByTransitivity, 0.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=932occurred in iteration=8, InterpolantAutomatonStates: 72, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 9 MinimizatonAttempts, 158 StatesRemovedByMinimization, 5 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 39 LocationsWithAnnotation, 1345 PreInvPairs, 1758 NumberOfFragments, 1651 HoareAnnotationTreeSize, 1345 FomulaSimplifications, 1482 FormulaSimplificationTreeSizeReduction, 0.4s HoareSimplificationTime, 39 FomulaSimplificationsInter, 19158 FormulaSimplificationTreeSizeReductionInter, 2.7s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.0s InterpolantComputationTime, 502 NumberOfCodeBlocks, 502 NumberOfCodeBlocksAsserted, 10 NumberOfCheckSat, 574 ConstructedInterpolants, 0 QuantifiedInterpolants, 1187 SizeOfPredicates, 3 NumberOfNonLiveVariables, 445 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 11 InterpolantComputations, 8 PerfectInterpolantSequences, 94/114 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 789]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 944]: Loop Invariant Derived loop invariant: ((((((!(2 <= \old(waterLevel)) || (\result <= 2 && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(\old(pumpRunning) == 0)) && (((!(\old(waterLevel) <= 2) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || ((((((\result <= 2 && 2 <= \result) && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || !(\old(pumpRunning) == 0))) && ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || ((((((\result <= 2 && 2 <= \result) && waterLevel == \old(waterLevel)) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || !(\old(pumpRunning) == 0)) || tmp == 0) - InvariantResult [Line: 264]: Loop Invariant Derived loop invariant: (((1 == tmp && splverifierCounter == 0) && 1 == \result) && waterLevel <= 2) && pumpRunning == 0 - InvariantResult [Line: 666]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 245]: Loop Invariant Derived loop invariant: ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning))) && (((!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0)) || ((((tmp___0 == 0 && waterLevel == \old(waterLevel)) && !(0 == systemActive)) && \result == 0) && pumpRunning == 0)) || (((waterLevel == \old(waterLevel) && 2 <= waterLevel) && !(0 == systemActive)) && pumpRunning == 0))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning))) - InvariantResult [Line: 826]: Loop Invariant Derived loop invariant: (((waterLevel == 1 && 1 == \result) && systemActive == tmp) && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 148]: Loop Invariant Derived loop invariant: ((((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && !(0 == systemActive)) && tmp == 0) && pumpRunning == 0)) || (((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && 2 <= waterLevel) && !(0 == systemActive))) || !(\old(pumpRunning) == 0)) && ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning))) - InvariantResult [Line: 78]: Loop Invariant Derived loop invariant: ((waterLevel == 1 && 1 == \result) && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 64]: Loop Invariant Derived loop invariant: (waterLevel == 1 && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 667]: Loop Invariant Derived loop invariant: (((((((1 == tmp && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && 1 == \result) && 1 <= pumpRunning) && waterLevel <= 2) && !(0 == systemActive)) || ((((((1 == tmp && splverifierCounter == 0) && 1 == \result) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || ((((1 == tmp && splverifierCounter == 0) && 1 == \result) && waterLevel <= 2) && pumpRunning == 0) - InvariantResult [Line: 737]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 781]: Loop Invariant Derived loop invariant: (((waterLevel == 1 && 1 == \result) && systemActive == tmp) && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 844]: Loop Invariant Derived loop invariant: (((((((0 == systemActive || !(\old(waterLevel) <= 2)) || ((((((((\result <= 2 && 2 <= \result) && tmp <= 2) && waterLevel == \old(waterLevel)) && 1 < tmp) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || !(\old(pumpRunning) == 0)) || tmp == 0) && (((!(2 <= \old(waterLevel)) || !(\old(waterLevel) <= 2)) || (((\result <= 2 && 2 <= \result) && tmp <= 2) && 1 < tmp)) || !(\old(pumpRunning) == 0))) && ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning)))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || ((((((((\result <= 2 && 2 <= \result) && tmp <= 2) && waterLevel == \old(waterLevel)) && 1 < tmp) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && !(0 == systemActive))) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) - InvariantResult [Line: 71]: Loop Invariant Derived loop invariant: (waterLevel == 1 && systemActive == 1) && pumpRunning == 0 - InvariantResult [Line: 279]: Loop Invariant Derived loop invariant: (((((((1 == tmp && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && 1 == \result) && 1 <= pumpRunning) && waterLevel <= 2) && systemActive == 1) || ((((((1 == tmp && splverifierCounter == 0) && 1 == \result) && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2) && systemActive == 1)) || (((((1 == tmp && splverifierCounter == 0) && 1 == \result) && waterLevel <= 2) && systemActive == 1) && pumpRunning == 0) - InvariantResult [Line: 657]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 727]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 181]: Loop Invariant Derived loop invariant: (((((1 == tmp && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && 1 == \result) && waterLevel <= 2) && pumpRunning == 0) || (((((1 == tmp && splverifierCounter == 0) && 1 == \result) && 2 <= waterLevel) && waterLevel <= 2) && pumpRunning == 0) - InvariantResult [Line: 800]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 834]: Loop Invariant Derived loop invariant: (((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && 2 <= waterLevel) && waterLevel <= 2)) || !(1 <= \old(pumpRunning))) && ((!(\old(waterLevel) <= 2) || (waterLevel == \old(waterLevel) && pumpRunning == 0)) || !(\old(pumpRunning) == 0))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && waterLevel == \old(waterLevel)) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning))) - InvariantResult [Line: 953]: Loop Invariant Derived loop invariant: ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning)))) && (((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && \result == 1) && !(0 == systemActive)) && pumpRunning == 0)) || !(\old(pumpRunning) == 0)) || (((waterLevel == \old(waterLevel) && 2 <= waterLevel) && !(0 == systemActive)) && pumpRunning == 0)) - InvariantResult [Line: 876]: Loop Invariant Derived loop invariant: (((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((1 <= switchedOnBeforeTS && waterLevel == 1) && 1 <= pumpRunning)) || !(1 <= \old(pumpRunning))) && (!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0))) && ((((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((1 <= switchedOnBeforeTS && 1 <= pumpRunning) && waterLevel <= 2)) || !(1 <= \old(pumpRunning))) - InvariantResult [Line: 88]: Loop Invariant Derived loop invariant: ((!(\old(waterLevel) <= 2) || !(\old(pumpRunning) == 0)) && (((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning)))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning))) - InvariantResult [Line: 173]: Loop Invariant Derived loop invariant: ((((!(2 <= \old(waterLevel)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(pumpRunning))) && ((!(\old(waterLevel) <= 2) || (((waterLevel == \old(waterLevel) && 1 <= pumpRunning) && 2 <= waterLevel) && !(0 == systemActive))) || !(\old(pumpRunning) == 0))) && (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || !(1 <= \old(pumpRunning))) RESULT: Ultimate proved your program to be correct! [2021-12-17 15:09:46,393 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE