./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec5_product50.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version ff03de63 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec5_product50.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 9cfe95aaca007f6467395901a9efc89e5ad27f0fc32ae7ae8a1fe4e27a1f35c1 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-ff03de6 [2021-12-21 13:16:56,392 INFO L177 SettingsManager]: Resetting all preferences to default values... [2021-12-21 13:16:56,394 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2021-12-21 13:16:56,420 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2021-12-21 13:16:56,420 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2021-12-21 13:16:56,422 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2021-12-21 13:16:56,424 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2021-12-21 13:16:56,427 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2021-12-21 13:16:56,429 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2021-12-21 13:16:56,429 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2021-12-21 13:16:56,430 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2021-12-21 13:16:56,431 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2021-12-21 13:16:56,431 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2021-12-21 13:16:56,434 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2021-12-21 13:16:56,435 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2021-12-21 13:16:56,437 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2021-12-21 13:16:56,438 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2021-12-21 13:16:56,439 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2021-12-21 13:16:56,441 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2021-12-21 13:16:56,443 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2021-12-21 13:16:56,445 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2021-12-21 13:16:56,446 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2021-12-21 13:16:56,447 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2021-12-21 13:16:56,447 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2021-12-21 13:16:56,451 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2021-12-21 13:16:56,453 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2021-12-21 13:16:56,453 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2021-12-21 13:16:56,454 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2021-12-21 13:16:56,454 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2021-12-21 13:16:56,455 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2021-12-21 13:16:56,455 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2021-12-21 13:16:56,456 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2021-12-21 13:16:56,457 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2021-12-21 13:16:56,458 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2021-12-21 13:16:56,459 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2021-12-21 13:16:56,459 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2021-12-21 13:16:56,460 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2021-12-21 13:16:56,460 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2021-12-21 13:16:56,460 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2021-12-21 13:16:56,461 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2021-12-21 13:16:56,461 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2021-12-21 13:16:56,463 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2021-12-21 13:16:56,488 INFO L113 SettingsManager]: Loading preferences was successful [2021-12-21 13:16:56,489 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2021-12-21 13:16:56,489 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2021-12-21 13:16:56,489 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2021-12-21 13:16:56,490 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2021-12-21 13:16:56,490 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2021-12-21 13:16:56,491 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2021-12-21 13:16:56,491 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2021-12-21 13:16:56,491 INFO L138 SettingsManager]: * Use SBE=true [2021-12-21 13:16:56,491 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2021-12-21 13:16:56,492 INFO L138 SettingsManager]: * sizeof long=4 [2021-12-21 13:16:56,492 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2021-12-21 13:16:56,492 INFO L138 SettingsManager]: * sizeof POINTER=4 [2021-12-21 13:16:56,492 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2021-12-21 13:16:56,492 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2021-12-21 13:16:56,492 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2021-12-21 13:16:56,493 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2021-12-21 13:16:56,493 INFO L138 SettingsManager]: * sizeof long double=12 [2021-12-21 13:16:56,493 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2021-12-21 13:16:56,493 INFO L138 SettingsManager]: * Use constant arrays=true [2021-12-21 13:16:56,493 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2021-12-21 13:16:56,493 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2021-12-21 13:16:56,494 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2021-12-21 13:16:56,494 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2021-12-21 13:16:56,494 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2021-12-21 13:16:56,494 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2021-12-21 13:16:56,494 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2021-12-21 13:16:56,494 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2021-12-21 13:16:56,495 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2021-12-21 13:16:56,495 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2021-12-21 13:16:56,495 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2021-12-21 13:16:56,495 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2021-12-21 13:16:56,495 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2021-12-21 13:16:56,495 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2021-12-21 13:16:56,496 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 9cfe95aaca007f6467395901a9efc89e5ad27f0fc32ae7ae8a1fe4e27a1f35c1 [2021-12-21 13:16:56,671 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2021-12-21 13:16:56,687 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2021-12-21 13:16:56,688 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2021-12-21 13:16:56,689 INFO L271 PluginConnector]: Initializing CDTParser... [2021-12-21 13:16:56,690 INFO L275 PluginConnector]: CDTParser initialized [2021-12-21 13:16:56,690 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec5_product50.cil.c [2021-12-21 13:16:56,743 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/87f5e602b/0dff4dd211a442778753da059af11f8e/FLAGdf75d1b1d [2021-12-21 13:16:57,110 INFO L306 CDTParser]: Found 1 translation units. [2021-12-21 13:16:57,111 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product50.cil.c [2021-12-21 13:16:57,118 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/87f5e602b/0dff4dd211a442778753da059af11f8e/FLAGdf75d1b1d [2021-12-21 13:16:57,139 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/87f5e602b/0dff4dd211a442778753da059af11f8e [2021-12-21 13:16:57,141 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2021-12-21 13:16:57,142 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2021-12-21 13:16:57,143 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2021-12-21 13:16:57,143 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2021-12-21 13:16:57,145 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2021-12-21 13:16:57,145 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,146 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@21bdce66 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57, skipping insertion in model container [2021-12-21 13:16:57,146 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,150 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2021-12-21 13:16:57,181 INFO L178 MainTranslator]: Built tables and reachable declarations [2021-12-21 13:16:57,309 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product50.cil.c[1605,1618] [2021-12-21 13:16:57,416 INFO L209 PostProcessor]: Analyzing one entry point: main [2021-12-21 13:16:57,422 INFO L203 MainTranslator]: Completed pre-run [2021-12-21 13:16:57,431 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product50.cil.c[1605,1618] [2021-12-21 13:16:57,470 INFO L209 PostProcessor]: Analyzing one entry point: main [2021-12-21 13:16:57,482 INFO L208 MainTranslator]: Completed translation [2021-12-21 13:16:57,483 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57 WrapperNode [2021-12-21 13:16:57,483 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2021-12-21 13:16:57,484 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2021-12-21 13:16:57,484 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2021-12-21 13:16:57,484 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2021-12-21 13:16:57,497 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,521 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,550 INFO L137 Inliner]: procedures = 58, calls = 158, calls flagged for inlining = 26, calls inlined = 22, statements flattened = 265 [2021-12-21 13:16:57,551 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2021-12-21 13:16:57,551 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2021-12-21 13:16:57,551 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2021-12-21 13:16:57,551 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2021-12-21 13:16:57,557 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,557 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,559 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,559 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,564 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,571 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,574 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,581 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2021-12-21 13:16:57,581 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2021-12-21 13:16:57,581 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2021-12-21 13:16:57,581 INFO L275 PluginConnector]: RCFGBuilder initialized [2021-12-21 13:16:57,582 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (1/1) ... [2021-12-21 13:16:57,589 INFO L168 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2021-12-21 13:16:57,597 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-21 13:16:57,607 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2021-12-21 13:16:57,624 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2021-12-21 13:16:57,641 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2021-12-21 13:16:57,642 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2021-12-21 13:16:57,642 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2021-12-21 13:16:57,642 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2021-12-21 13:16:57,642 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2021-12-21 13:16:57,643 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2021-12-21 13:16:57,643 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2021-12-21 13:16:57,645 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2021-12-21 13:16:57,646 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2021-12-21 13:16:57,646 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2021-12-21 13:16:57,646 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2021-12-21 13:16:57,646 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2021-12-21 13:16:57,647 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2021-12-21 13:16:57,647 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2021-12-21 13:16:57,647 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2021-12-21 13:16:57,647 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2021-12-21 13:16:57,647 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2021-12-21 13:16:57,647 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2021-12-21 13:16:57,696 INFO L234 CfgBuilder]: Building ICFG [2021-12-21 13:16:57,697 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2021-12-21 13:16:57,927 INFO L275 CfgBuilder]: Performing block encoding [2021-12-21 13:16:57,935 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2021-12-21 13:16:57,938 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2021-12-21 13:16:57,939 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.12 01:16:57 BoogieIcfgContainer [2021-12-21 13:16:57,939 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2021-12-21 13:16:57,940 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2021-12-21 13:16:57,941 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2021-12-21 13:16:57,943 INFO L275 PluginConnector]: TraceAbstraction initialized [2021-12-21 13:16:57,943 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 21.12 01:16:57" (1/3) ... [2021-12-21 13:16:57,943 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@725cc27c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 21.12 01:16:57, skipping insertion in model container [2021-12-21 13:16:57,943 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.12 01:16:57" (2/3) ... [2021-12-21 13:16:57,944 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@725cc27c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 21.12 01:16:57, skipping insertion in model container [2021-12-21 13:16:57,944 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.12 01:16:57" (3/3) ... [2021-12-21 13:16:57,945 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product50.cil.c [2021-12-21 13:16:57,948 INFO L204 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2021-12-21 13:16:57,948 INFO L163 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2021-12-21 13:16:57,981 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2021-12-21 13:16:57,985 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2021-12-21 13:16:57,985 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2021-12-21 13:16:58,000 INFO L276 IsEmpty]: Start isEmpty. Operand has 93 states, 72 states have (on average 1.375) internal successors, (99), 80 states have internal predecessors, (99), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2021-12-21 13:16:58,005 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2021-12-21 13:16:58,005 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:58,005 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:58,006 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:58,009 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:58,009 INFO L85 PathProgramCache]: Analyzing trace with hash 58300630, now seen corresponding path program 1 times [2021-12-21 13:16:58,016 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:58,017 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2025802568] [2021-12-21 13:16:58,017 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:58,018 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:58,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,198 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2021-12-21 13:16:58,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,204 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2021-12-21 13:16:58,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,216 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:58,217 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:58,217 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2025802568] [2021-12-21 13:16:58,218 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2025802568] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:58,218 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:58,218 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2021-12-21 13:16:58,219 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1880763031] [2021-12-21 13:16:58,220 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:58,222 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2021-12-21 13:16:58,225 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:58,247 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2021-12-21 13:16:58,248 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2021-12-21 13:16:58,250 INFO L87 Difference]: Start difference. First operand has 93 states, 72 states have (on average 1.375) internal successors, (99), 80 states have internal predecessors, (99), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-21 13:16:58,290 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:58,291 INFO L93 Difference]: Finished difference Result 177 states and 240 transitions. [2021-12-21 13:16:58,291 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2021-12-21 13:16:58,292 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2021-12-21 13:16:58,293 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:58,301 INFO L225 Difference]: With dead ends: 177 [2021-12-21 13:16:58,301 INFO L226 Difference]: Without dead ends: 84 [2021-12-21 13:16:58,305 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2021-12-21 13:16:58,308 INFO L933 BasicCegarLoop]: 117 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 117 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:58,309 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 117 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-21 13:16:58,321 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 84 states. [2021-12-21 13:16:58,345 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 84 to 84. [2021-12-21 13:16:58,346 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 84 states, 65 states have (on average 1.3076923076923077) internal successors, (85), 72 states have internal predecessors, (85), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2021-12-21 13:16:58,352 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 84 states to 84 states and 108 transitions. [2021-12-21 13:16:58,353 INFO L78 Accepts]: Start accepts. Automaton has 84 states and 108 transitions. Word has length 32 [2021-12-21 13:16:58,354 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:58,354 INFO L470 AbstractCegarLoop]: Abstraction has 84 states and 108 transitions. [2021-12-21 13:16:58,354 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-21 13:16:58,355 INFO L276 IsEmpty]: Start isEmpty. Operand 84 states and 108 transitions. [2021-12-21 13:16:58,358 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2021-12-21 13:16:58,358 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:58,359 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:58,359 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2021-12-21 13:16:58,360 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:58,361 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:58,361 INFO L85 PathProgramCache]: Analyzing trace with hash 1182453555, now seen corresponding path program 1 times [2021-12-21 13:16:58,361 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:58,361 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [900252044] [2021-12-21 13:16:58,362 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:58,362 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:58,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,463 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2021-12-21 13:16:58,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2021-12-21 13:16:58,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,491 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:58,491 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:58,492 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [900252044] [2021-12-21 13:16:58,493 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [900252044] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:58,493 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:58,493 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2021-12-21 13:16:58,494 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1096370354] [2021-12-21 13:16:58,494 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:58,495 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2021-12-21 13:16:58,495 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:58,496 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2021-12-21 13:16:58,496 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-21 13:16:58,496 INFO L87 Difference]: Start difference. First operand 84 states and 108 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-21 13:16:58,507 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:58,510 INFO L93 Difference]: Finished difference Result 132 states and 170 transitions. [2021-12-21 13:16:58,515 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2021-12-21 13:16:58,515 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2021-12-21 13:16:58,516 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:58,518 INFO L225 Difference]: With dead ends: 132 [2021-12-21 13:16:58,518 INFO L226 Difference]: Without dead ends: 75 [2021-12-21 13:16:58,522 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-21 13:16:58,524 INFO L933 BasicCegarLoop]: 95 mSDtfsCounter, 13 mSDsluCounter, 78 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 173 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:58,526 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [16 Valid, 173 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-21 13:16:58,527 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2021-12-21 13:16:58,531 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 75. [2021-12-21 13:16:58,531 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 75 states, 59 states have (on average 1.3220338983050848) internal successors, (78), 66 states have internal predecessors, (78), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2021-12-21 13:16:58,532 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 75 states to 75 states and 96 transitions. [2021-12-21 13:16:58,532 INFO L78 Accepts]: Start accepts. Automaton has 75 states and 96 transitions. Word has length 33 [2021-12-21 13:16:58,532 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:58,533 INFO L470 AbstractCegarLoop]: Abstraction has 75 states and 96 transitions. [2021-12-21 13:16:58,533 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2021-12-21 13:16:58,534 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 96 transitions. [2021-12-21 13:16:58,535 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2021-12-21 13:16:58,537 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:58,537 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:58,537 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2021-12-21 13:16:58,537 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:58,538 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:58,538 INFO L85 PathProgramCache]: Analyzing trace with hash 1082286122, now seen corresponding path program 1 times [2021-12-21 13:16:58,538 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:58,538 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [756317440] [2021-12-21 13:16:58,538 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:58,538 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:58,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-21 13:16:58,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2021-12-21 13:16:58,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,614 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:58,614 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:58,615 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [756317440] [2021-12-21 13:16:58,615 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [756317440] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:58,615 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:58,615 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2021-12-21 13:16:58,616 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1218097823] [2021-12-21 13:16:58,616 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:58,616 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2021-12-21 13:16:58,617 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:58,617 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2021-12-21 13:16:58,617 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-21 13:16:58,617 INFO L87 Difference]: Start difference. First operand 75 states and 96 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-21 13:16:58,638 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:58,640 INFO L93 Difference]: Finished difference Result 142 states and 185 transitions. [2021-12-21 13:16:58,641 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2021-12-21 13:16:58,641 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2021-12-21 13:16:58,642 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:58,643 INFO L225 Difference]: With dead ends: 142 [2021-12-21 13:16:58,643 INFO L226 Difference]: Without dead ends: 75 [2021-12-21 13:16:58,643 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2021-12-21 13:16:58,644 INFO L933 BasicCegarLoop]: 94 mSDtfsCounter, 86 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 86 SdHoareTripleChecker+Valid, 94 SdHoareTripleChecker+Invalid, 2 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:58,644 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [86 Valid, 94 Invalid, 2 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2021-12-21 13:16:58,645 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2021-12-21 13:16:58,649 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 75. [2021-12-21 13:16:58,649 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 75 states, 59 states have (on average 1.305084745762712) internal successors, (77), 66 states have internal predecessors, (77), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2021-12-21 13:16:58,650 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 75 states to 75 states and 95 transitions. [2021-12-21 13:16:58,650 INFO L78 Accepts]: Start accepts. Automaton has 75 states and 95 transitions. Word has length 38 [2021-12-21 13:16:58,650 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:58,651 INFO L470 AbstractCegarLoop]: Abstraction has 75 states and 95 transitions. [2021-12-21 13:16:58,651 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2021-12-21 13:16:58,651 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 95 transitions. [2021-12-21 13:16:58,652 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2021-12-21 13:16:58,652 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:58,654 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:58,654 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2021-12-21 13:16:58,654 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:58,655 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:58,655 INFO L85 PathProgramCache]: Analyzing trace with hash 605778703, now seen corresponding path program 1 times [2021-12-21 13:16:58,655 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:58,655 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [836986498] [2021-12-21 13:16:58,655 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:58,655 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:58,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-21 13:16:58,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,704 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2021-12-21 13:16:58,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2021-12-21 13:16:58,727 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2021-12-21 13:16:58,733 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,734 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:58,735 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:58,735 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [836986498] [2021-12-21 13:16:58,735 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [836986498] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:58,735 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:58,735 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2021-12-21 13:16:58,736 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1439447852] [2021-12-21 13:16:58,736 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:58,736 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2021-12-21 13:16:58,736 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:58,736 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2021-12-21 13:16:58,737 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2021-12-21 13:16:58,737 INFO L87 Difference]: Start difference. First operand 75 states and 95 transitions. Second operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2021-12-21 13:16:58,915 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:58,916 INFO L93 Difference]: Finished difference Result 221 states and 282 transitions. [2021-12-21 13:16:58,916 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2021-12-21 13:16:58,916 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) Word has length 48 [2021-12-21 13:16:58,916 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:58,917 INFO L225 Difference]: With dead ends: 221 [2021-12-21 13:16:58,917 INFO L226 Difference]: Without dead ends: 154 [2021-12-21 13:16:58,918 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2021-12-21 13:16:58,918 INFO L933 BasicCegarLoop]: 135 mSDtfsCounter, 195 mSDsluCounter, 186 mSDsCounter, 0 mSdLazyCounter, 91 mSolverCounterSat, 46 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 198 SdHoareTripleChecker+Valid, 321 SdHoareTripleChecker+Invalid, 137 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 46 IncrementalHoareTripleChecker+Valid, 91 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:58,919 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [198 Valid, 321 Invalid, 137 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [46 Valid, 91 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-21 13:16:58,919 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 154 states. [2021-12-21 13:16:58,929 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 154 to 148. [2021-12-21 13:16:58,930 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 148 states, 115 states have (on average 1.2695652173913043) internal successors, (146), 122 states have internal predecessors, (146), 16 states have call successors, (16), 13 states have call predecessors, (16), 16 states have return successors, (21), 17 states have call predecessors, (21), 16 states have call successors, (21) [2021-12-21 13:16:58,930 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 148 states to 148 states and 183 transitions. [2021-12-21 13:16:58,931 INFO L78 Accepts]: Start accepts. Automaton has 148 states and 183 transitions. Word has length 48 [2021-12-21 13:16:58,935 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:58,935 INFO L470 AbstractCegarLoop]: Abstraction has 148 states and 183 transitions. [2021-12-21 13:16:58,935 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2021-12-21 13:16:58,936 INFO L276 IsEmpty]: Start isEmpty. Operand 148 states and 183 transitions. [2021-12-21 13:16:58,939 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2021-12-21 13:16:58,939 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:58,939 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:58,939 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2021-12-21 13:16:58,939 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:58,940 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:58,940 INFO L85 PathProgramCache]: Analyzing trace with hash 1075912719, now seen corresponding path program 1 times [2021-12-21 13:16:58,940 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:58,940 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [634195046] [2021-12-21 13:16:58,942 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:58,943 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:58,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,987 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-21 13:16:58,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:58,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2021-12-21 13:16:58,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2021-12-21 13:16:59,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,012 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:59,012 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:59,012 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [634195046] [2021-12-21 13:16:59,012 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [634195046] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:59,012 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:59,012 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2021-12-21 13:16:59,013 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2013163923] [2021-12-21 13:16:59,013 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:59,013 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2021-12-21 13:16:59,013 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:59,013 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2021-12-21 13:16:59,013 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2021-12-21 13:16:59,014 INFO L87 Difference]: Start difference. First operand 148 states and 183 transitions. Second operand has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2021-12-21 13:16:59,123 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:59,124 INFO L93 Difference]: Finished difference Result 296 states and 370 transitions. [2021-12-21 13:16:59,124 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2021-12-21 13:16:59,124 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2021-12-21 13:16:59,126 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:59,128 INFO L225 Difference]: With dead ends: 296 [2021-12-21 13:16:59,128 INFO L226 Difference]: Without dead ends: 156 [2021-12-21 13:16:59,129 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2021-12-21 13:16:59,131 INFO L933 BasicCegarLoop]: 97 mSDtfsCounter, 66 mSDsluCounter, 304 mSDsCounter, 0 mSdLazyCounter, 95 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 69 SdHoareTripleChecker+Valid, 401 SdHoareTripleChecker+Invalid, 114 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 95 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:59,131 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [69 Valid, 401 Invalid, 114 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 95 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-21 13:16:59,133 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 156 states. [2021-12-21 13:16:59,152 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 156 to 151. [2021-12-21 13:16:59,155 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 151 states, 118 states have (on average 1.2627118644067796) internal successors, (149), 125 states have internal predecessors, (149), 16 states have call successors, (16), 13 states have call predecessors, (16), 16 states have return successors, (21), 17 states have call predecessors, (21), 16 states have call successors, (21) [2021-12-21 13:16:59,156 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 151 states to 151 states and 186 transitions. [2021-12-21 13:16:59,156 INFO L78 Accepts]: Start accepts. Automaton has 151 states and 186 transitions. Word has length 52 [2021-12-21 13:16:59,156 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:59,156 INFO L470 AbstractCegarLoop]: Abstraction has 151 states and 186 transitions. [2021-12-21 13:16:59,156 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2021-12-21 13:16:59,158 INFO L276 IsEmpty]: Start isEmpty. Operand 151 states and 186 transitions. [2021-12-21 13:16:59,158 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2021-12-21 13:16:59,158 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:59,159 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:59,159 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2021-12-21 13:16:59,159 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:59,159 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:59,159 INFO L85 PathProgramCache]: Analyzing trace with hash -613031023, now seen corresponding path program 1 times [2021-12-21 13:16:59,160 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:59,160 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1557047449] [2021-12-21 13:16:59,160 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:59,161 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:59,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,194 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-21 13:16:59,195 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,199 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2021-12-21 13:16:59,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,224 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2021-12-21 13:16:59,225 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,228 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:59,228 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:59,229 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1557047449] [2021-12-21 13:16:59,229 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1557047449] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:59,229 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:59,229 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2021-12-21 13:16:59,229 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [410768843] [2021-12-21 13:16:59,229 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:59,230 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2021-12-21 13:16:59,230 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:59,231 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2021-12-21 13:16:59,231 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2021-12-21 13:16:59,231 INFO L87 Difference]: Start difference. First operand 151 states and 186 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2021-12-21 13:16:59,312 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:59,312 INFO L93 Difference]: Finished difference Result 304 states and 381 transitions. [2021-12-21 13:16:59,313 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2021-12-21 13:16:59,313 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2021-12-21 13:16:59,313 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:59,316 INFO L225 Difference]: With dead ends: 304 [2021-12-21 13:16:59,316 INFO L226 Difference]: Without dead ends: 161 [2021-12-21 13:16:59,317 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2021-12-21 13:16:59,319 INFO L933 BasicCegarLoop]: 99 mSDtfsCounter, 67 mSDsluCounter, 216 mSDsCounter, 0 mSdLazyCounter, 74 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 71 SdHoareTripleChecker+Valid, 315 SdHoareTripleChecker+Invalid, 88 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 74 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:59,323 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [71 Valid, 315 Invalid, 88 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 74 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-21 13:16:59,324 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 161 states. [2021-12-21 13:16:59,333 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 161 to 153. [2021-12-21 13:16:59,339 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 153 states, 120 states have (on average 1.2583333333333333) internal successors, (151), 127 states have internal predecessors, (151), 16 states have call successors, (16), 13 states have call predecessors, (16), 16 states have return successors, (21), 17 states have call predecessors, (21), 16 states have call successors, (21) [2021-12-21 13:16:59,340 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 153 states to 153 states and 188 transitions. [2021-12-21 13:16:59,340 INFO L78 Accepts]: Start accepts. Automaton has 153 states and 188 transitions. Word has length 52 [2021-12-21 13:16:59,340 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:59,340 INFO L470 AbstractCegarLoop]: Abstraction has 153 states and 188 transitions. [2021-12-21 13:16:59,340 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2021-12-21 13:16:59,340 INFO L276 IsEmpty]: Start isEmpty. Operand 153 states and 188 transitions. [2021-12-21 13:16:59,341 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2021-12-21 13:16:59,341 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:59,341 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:59,341 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2021-12-21 13:16:59,341 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:59,341 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:59,341 INFO L85 PathProgramCache]: Analyzing trace with hash -190329197, now seen corresponding path program 1 times [2021-12-21 13:16:59,342 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:59,342 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [28015333] [2021-12-21 13:16:59,342 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:59,342 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:59,350 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,389 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-21 13:16:59,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2021-12-21 13:16:59,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,402 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 44 [2021-12-21 13:16:59,403 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,404 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:59,405 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:59,405 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [28015333] [2021-12-21 13:16:59,405 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [28015333] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:59,405 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:59,405 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2021-12-21 13:16:59,405 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1819794447] [2021-12-21 13:16:59,405 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:59,405 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2021-12-21 13:16:59,405 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:59,406 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2021-12-21 13:16:59,406 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2021-12-21 13:16:59,406 INFO L87 Difference]: Start difference. First operand 153 states and 188 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2021-12-21 13:16:59,544 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:59,544 INFO L93 Difference]: Finished difference Result 438 states and 558 transitions. [2021-12-21 13:16:59,545 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2021-12-21 13:16:59,545 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2021-12-21 13:16:59,545 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:59,547 INFO L225 Difference]: With dead ends: 438 [2021-12-21 13:16:59,548 INFO L226 Difference]: Without dead ends: 293 [2021-12-21 13:16:59,548 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2021-12-21 13:16:59,548 INFO L933 BasicCegarLoop]: 150 mSDtfsCounter, 211 mSDsluCounter, 180 mSDsCounter, 0 mSdLazyCounter, 141 mSolverCounterSat, 60 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 218 SdHoareTripleChecker+Valid, 330 SdHoareTripleChecker+Invalid, 201 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 60 IncrementalHoareTripleChecker+Valid, 141 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:59,549 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [218 Valid, 330 Invalid, 201 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [60 Valid, 141 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-21 13:16:59,549 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 293 states. [2021-12-21 13:16:59,562 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 293 to 285. [2021-12-21 13:16:59,563 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 285 states, 220 states have (on average 1.240909090909091) internal successors, (273), 231 states have internal predecessors, (273), 34 states have call successors, (34), 29 states have call predecessors, (34), 30 states have return successors, (49), 34 states have call predecessors, (49), 34 states have call successors, (49) [2021-12-21 13:16:59,564 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 285 states to 285 states and 356 transitions. [2021-12-21 13:16:59,564 INFO L78 Accepts]: Start accepts. Automaton has 285 states and 356 transitions. Word has length 52 [2021-12-21 13:16:59,564 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:59,564 INFO L470 AbstractCegarLoop]: Abstraction has 285 states and 356 transitions. [2021-12-21 13:16:59,565 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2021-12-21 13:16:59,565 INFO L276 IsEmpty]: Start isEmpty. Operand 285 states and 356 transitions. [2021-12-21 13:16:59,565 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2021-12-21 13:16:59,565 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:59,565 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:59,565 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2021-12-21 13:16:59,566 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:59,566 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:59,566 INFO L85 PathProgramCache]: Analyzing trace with hash 2088078071, now seen corresponding path program 1 times [2021-12-21 13:16:59,566 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:59,566 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1080389904] [2021-12-21 13:16:59,566 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:59,567 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:59,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2021-12-21 13:16:59,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2021-12-21 13:16:59,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2021-12-21 13:16:59,622 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2021-12-21 13:16:59,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,629 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2021-12-21 13:16:59,630 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:59,630 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1080389904] [2021-12-21 13:16:59,630 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1080389904] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:59,630 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:59,630 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2021-12-21 13:16:59,630 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [937488583] [2021-12-21 13:16:59,630 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:59,630 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2021-12-21 13:16:59,630 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:59,631 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2021-12-21 13:16:59,631 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2021-12-21 13:16:59,631 INFO L87 Difference]: Start difference. First operand 285 states and 356 transitions. Second operand has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2021-12-21 13:16:59,817 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:16:59,817 INFO L93 Difference]: Finished difference Result 578 states and 733 transitions. [2021-12-21 13:16:59,817 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2021-12-21 13:16:59,818 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 54 [2021-12-21 13:16:59,818 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:16:59,820 INFO L225 Difference]: With dead ends: 578 [2021-12-21 13:16:59,820 INFO L226 Difference]: Without dead ends: 301 [2021-12-21 13:16:59,821 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2021-12-21 13:16:59,821 INFO L933 BasicCegarLoop]: 98 mSDtfsCounter, 126 mSDsluCounter, 351 mSDsCounter, 0 mSdLazyCounter, 184 mSolverCounterSat, 31 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 132 SdHoareTripleChecker+Valid, 449 SdHoareTripleChecker+Invalid, 215 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 184 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2021-12-21 13:16:59,822 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [132 Valid, 449 Invalid, 215 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 184 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2021-12-21 13:16:59,822 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 301 states. [2021-12-21 13:16:59,840 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 301 to 281. [2021-12-21 13:16:59,840 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 281 states, 216 states have (on average 1.2083333333333333) internal successors, (261), 227 states have internal predecessors, (261), 34 states have call successors, (34), 29 states have call predecessors, (34), 30 states have return successors, (49), 34 states have call predecessors, (49), 34 states have call successors, (49) [2021-12-21 13:16:59,841 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 281 states to 281 states and 344 transitions. [2021-12-21 13:16:59,842 INFO L78 Accepts]: Start accepts. Automaton has 281 states and 344 transitions. Word has length 54 [2021-12-21 13:16:59,842 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:16:59,842 INFO L470 AbstractCegarLoop]: Abstraction has 281 states and 344 transitions. [2021-12-21 13:16:59,842 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.428571428571429) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2021-12-21 13:16:59,842 INFO L276 IsEmpty]: Start isEmpty. Operand 281 states and 344 transitions. [2021-12-21 13:16:59,844 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2021-12-21 13:16:59,844 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:16:59,844 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:16:59,845 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2021-12-21 13:16:59,845 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:16:59,845 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:16:59,845 INFO L85 PathProgramCache]: Analyzing trace with hash -312737299, now seen corresponding path program 1 times [2021-12-21 13:16:59,845 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:16:59,845 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2011600493] [2021-12-21 13:16:59,846 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:16:59,846 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:16:59,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,928 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-21 13:16:59,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2021-12-21 13:16:59,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2021-12-21 13:16:59,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,971 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2021-12-21 13:16:59,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:16:59,974 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2021-12-21 13:16:59,974 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:16:59,974 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2011600493] [2021-12-21 13:16:59,974 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2011600493] provided 1 perfect and 0 imperfect interpolant sequences [2021-12-21 13:16:59,974 INFO L186 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2021-12-21 13:16:59,975 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2021-12-21 13:16:59,975 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1241021920] [2021-12-21 13:16:59,975 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2021-12-21 13:16:59,975 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2021-12-21 13:16:59,975 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:16:59,975 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2021-12-21 13:16:59,975 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2021-12-21 13:16:59,976 INFO L87 Difference]: Start difference. First operand 281 states and 344 transitions. Second operand has 10 states, 10 states have (on average 4.5) internal successors, (45), 8 states have internal predecessors, (45), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2021-12-21 13:17:00,536 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:17:00,536 INFO L93 Difference]: Finished difference Result 833 states and 1056 transitions. [2021-12-21 13:17:00,537 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 29 states. [2021-12-21 13:17:00,537 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.5) internal successors, (45), 8 states have internal predecessors, (45), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 56 [2021-12-21 13:17:00,537 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:17:00,539 INFO L225 Difference]: With dead ends: 833 [2021-12-21 13:17:00,539 INFO L226 Difference]: Without dead ends: 611 [2021-12-21 13:17:00,540 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 10 SyntacticMatches, 1 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 199 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=187, Invalid=743, Unknown=0, NotChecked=0, Total=930 [2021-12-21 13:17:00,541 INFO L933 BasicCegarLoop]: 155 mSDtfsCounter, 500 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 646 mSolverCounterSat, 164 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 506 SdHoareTripleChecker+Valid, 806 SdHoareTripleChecker+Invalid, 810 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 164 IncrementalHoareTripleChecker+Valid, 646 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2021-12-21 13:17:00,541 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [506 Valid, 806 Invalid, 810 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [164 Valid, 646 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2021-12-21 13:17:00,542 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 611 states. [2021-12-21 13:17:00,560 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 611 to 522. [2021-12-21 13:17:00,560 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 522 states, 403 states have (on average 1.2034739454094292) internal successors, (485), 425 states have internal predecessors, (485), 61 states have call successors, (61), 51 states have call predecessors, (61), 57 states have return successors, (85), 61 states have call predecessors, (85), 61 states have call successors, (85) [2021-12-21 13:17:00,562 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 522 states to 522 states and 631 transitions. [2021-12-21 13:17:00,562 INFO L78 Accepts]: Start accepts. Automaton has 522 states and 631 transitions. Word has length 56 [2021-12-21 13:17:00,562 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:17:00,563 INFO L470 AbstractCegarLoop]: Abstraction has 522 states and 631 transitions. [2021-12-21 13:17:00,563 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.5) internal successors, (45), 8 states have internal predecessors, (45), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2021-12-21 13:17:00,563 INFO L276 IsEmpty]: Start isEmpty. Operand 522 states and 631 transitions. [2021-12-21 13:17:00,564 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2021-12-21 13:17:00,564 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:17:00,564 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:17:00,564 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2021-12-21 13:17:00,564 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:17:00,564 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:17:00,564 INFO L85 PathProgramCache]: Analyzing trace with hash -514851068, now seen corresponding path program 1 times [2021-12-21 13:17:00,564 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:17:00,564 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1635700995] [2021-12-21 13:17:00,565 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:17:00,565 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:17:00,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-21 13:17:00,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2021-12-21 13:17:00,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-21 13:17:00,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2021-12-21 13:17:00,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2021-12-21 13:17:00,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2021-12-21 13:17:00,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2021-12-21 13:17:00,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2021-12-21 13:17:00,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,657 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 4 proven. 3 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2021-12-21 13:17:00,657 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:17:00,657 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1635700995] [2021-12-21 13:17:00,657 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1635700995] provided 0 perfect and 1 imperfect interpolant sequences [2021-12-21 13:17:00,658 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1667691998] [2021-12-21 13:17:00,658 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:17:00,658 INFO L168 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2021-12-21 13:17:00,658 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-21 13:17:00,659 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2021-12-21 13:17:00,669 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2021-12-21 13:17:00,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:00,762 INFO L263 TraceCheckSpWp]: Trace formula consists of 478 conjuncts, 8 conjunts are in the unsatisfiable core [2021-12-21 13:17:00,766 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2021-12-21 13:17:00,992 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 25 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2021-12-21 13:17:00,992 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2021-12-21 13:17:01,206 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2021-12-21 13:17:01,207 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1667691998] provided 0 perfect and 2 imperfect interpolant sequences [2021-12-21 13:17:01,207 INFO L186 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2021-12-21 13:17:01,207 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 6, 6] total 14 [2021-12-21 13:17:01,207 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [20990862] [2021-12-21 13:17:01,207 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2021-12-21 13:17:01,208 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2021-12-21 13:17:01,208 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:17:01,208 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2021-12-21 13:17:01,209 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=29, Invalid=153, Unknown=0, NotChecked=0, Total=182 [2021-12-21 13:17:01,209 INFO L87 Difference]: Start difference. First operand 522 states and 631 transitions. Second operand has 14 states, 14 states have (on average 8.285714285714286) internal successors, (116), 10 states have internal predecessors, (116), 5 states have call successors, (18), 6 states have call predecessors, (18), 5 states have return successors, (16), 5 states have call predecessors, (16), 5 states have call successors, (16) [2021-12-21 13:17:02,078 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:17:02,079 INFO L93 Difference]: Finished difference Result 1165 states and 1447 transitions. [2021-12-21 13:17:02,079 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2021-12-21 13:17:02,079 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 8.285714285714286) internal successors, (116), 10 states have internal predecessors, (116), 5 states have call successors, (18), 6 states have call predecessors, (18), 5 states have return successors, (16), 5 states have call predecessors, (16), 5 states have call successors, (16) Word has length 98 [2021-12-21 13:17:02,080 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:17:02,082 INFO L225 Difference]: With dead ends: 1165 [2021-12-21 13:17:02,082 INFO L226 Difference]: Without dead ends: 700 [2021-12-21 13:17:02,084 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 265 GetRequests, 221 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 436 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=421, Invalid=1559, Unknown=0, NotChecked=0, Total=1980 [2021-12-21 13:17:02,100 INFO L933 BasicCegarLoop]: 213 mSDtfsCounter, 457 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 1057 mSolverCounterSat, 175 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 462 SdHoareTripleChecker+Valid, 1579 SdHoareTripleChecker+Invalid, 1232 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 175 IncrementalHoareTripleChecker+Valid, 1057 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2021-12-21 13:17:02,101 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [462 Valid, 1579 Invalid, 1232 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [175 Valid, 1057 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2021-12-21 13:17:02,102 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 700 states. [2021-12-21 13:17:02,125 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 700 to 592. [2021-12-21 13:17:02,126 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 592 states, 454 states have (on average 1.198237885462555) internal successors, (544), 483 states have internal predecessors, (544), 71 states have call successors, (71), 61 states have call predecessors, (71), 66 states have return successors, (91), 68 states have call predecessors, (91), 71 states have call successors, (91) [2021-12-21 13:17:02,128 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 592 states to 592 states and 706 transitions. [2021-12-21 13:17:02,128 INFO L78 Accepts]: Start accepts. Automaton has 592 states and 706 transitions. Word has length 98 [2021-12-21 13:17:02,128 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:17:02,128 INFO L470 AbstractCegarLoop]: Abstraction has 592 states and 706 transitions. [2021-12-21 13:17:02,129 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 8.285714285714286) internal successors, (116), 10 states have internal predecessors, (116), 5 states have call successors, (18), 6 states have call predecessors, (18), 5 states have return successors, (16), 5 states have call predecessors, (16), 5 states have call successors, (16) [2021-12-21 13:17:02,129 INFO L276 IsEmpty]: Start isEmpty. Operand 592 states and 706 transitions. [2021-12-21 13:17:02,130 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 173 [2021-12-21 13:17:02,131 INFO L506 BasicCegarLoop]: Found error trace [2021-12-21 13:17:02,131 INFO L514 BasicCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:17:02,150 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2021-12-21 13:17:02,348 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2021-12-21 13:17:02,348 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2021-12-21 13:17:02,349 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2021-12-21 13:17:02,349 INFO L85 PathProgramCache]: Analyzing trace with hash 1096172742, now seen corresponding path program 1 times [2021-12-21 13:17:02,349 INFO L121 FreeRefinementEngine]: Executing refinement strategy CAMEL [2021-12-21 13:17:02,349 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1505339499] [2021-12-21 13:17:02,349 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:17:02,349 INFO L126 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2021-12-21 13:17:02,363 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2021-12-21 13:17:02,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2021-12-21 13:17:02,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,408 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-21 13:17:02,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2021-12-21 13:17:02,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2021-12-21 13:17:02,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-21 13:17:02,421 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,422 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2021-12-21 13:17:02,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,424 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2021-12-21 13:17:02,424 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2021-12-21 13:17:02,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,461 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2021-12-21 13:17:02,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2021-12-21 13:17:02,464 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2021-12-21 13:17:02,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 164 [2021-12-21 13:17:02,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,471 INFO L134 CoverageAnalysis]: Checked inductivity of 192 backedges. 69 proven. 5 refuted. 0 times theorem prover too weak. 118 trivial. 0 not checked. [2021-12-21 13:17:02,471 INFO L139 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2021-12-21 13:17:02,471 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1505339499] [2021-12-21 13:17:02,471 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1505339499] provided 0 perfect and 1 imperfect interpolant sequences [2021-12-21 13:17:02,472 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2032392815] [2021-12-21 13:17:02,472 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2021-12-21 13:17:02,472 INFO L168 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2021-12-21 13:17:02,472 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2021-12-21 13:17:02,473 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2021-12-21 13:17:02,474 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2021-12-21 13:17:02,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2021-12-21 13:17:02,577 INFO L263 TraceCheckSpWp]: Trace formula consists of 678 conjuncts, 13 conjunts are in the unsatisfiable core [2021-12-21 13:17:02,581 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2021-12-21 13:17:02,888 INFO L134 CoverageAnalysis]: Checked inductivity of 192 backedges. 140 proven. 4 refuted. 0 times theorem prover too weak. 48 trivial. 0 not checked. [2021-12-21 13:17:02,888 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2021-12-21 13:17:03,380 INFO L134 CoverageAnalysis]: Checked inductivity of 192 backedges. 81 proven. 41 refuted. 0 times theorem prover too weak. 70 trivial. 0 not checked. [2021-12-21 13:17:03,381 INFO L160 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2032392815] provided 0 perfect and 2 imperfect interpolant sequences [2021-12-21 13:17:03,381 INFO L186 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2021-12-21 13:17:03,381 INFO L199 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 10, 11] total 25 [2021-12-21 13:17:03,381 INFO L115 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1422632927] [2021-12-21 13:17:03,381 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2021-12-21 13:17:03,382 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 25 states [2021-12-21 13:17:03,382 INFO L103 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2021-12-21 13:17:03,382 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 25 interpolants. [2021-12-21 13:17:03,383 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=481, Unknown=0, NotChecked=0, Total=600 [2021-12-21 13:17:03,383 INFO L87 Difference]: Start difference. First operand 592 states and 706 transitions. Second operand has 25 states, 25 states have (on average 8.52) internal successors, (213), 21 states have internal predecessors, (213), 9 states have call successors, (27), 9 states have call predecessors, (27), 9 states have return successors, (29), 8 states have call predecessors, (29), 9 states have call successors, (29) [2021-12-21 13:17:04,110 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2021-12-21 13:17:04,110 INFO L93 Difference]: Finished difference Result 1257 states and 1548 transitions. [2021-12-21 13:17:04,110 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2021-12-21 13:17:04,111 INFO L78 Accepts]: Start accepts. Automaton has has 25 states, 25 states have (on average 8.52) internal successors, (213), 21 states have internal predecessors, (213), 9 states have call successors, (27), 9 states have call predecessors, (27), 9 states have return successors, (29), 8 states have call predecessors, (29), 9 states have call successors, (29) Word has length 172 [2021-12-21 13:17:04,111 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2021-12-21 13:17:04,111 INFO L225 Difference]: With dead ends: 1257 [2021-12-21 13:17:04,111 INFO L226 Difference]: Without dead ends: 0 [2021-12-21 13:17:04,114 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 408 GetRequests, 359 SyntacticMatches, 3 SemanticMatches, 46 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 428 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=487, Invalid=1769, Unknown=0, NotChecked=0, Total=2256 [2021-12-21 13:17:04,115 INFO L933 BasicCegarLoop]: 136 mSDtfsCounter, 770 mSDsluCounter, 820 mSDsCounter, 0 mSdLazyCounter, 1077 mSolverCounterSat, 259 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 773 SdHoareTripleChecker+Valid, 956 SdHoareTripleChecker+Invalid, 1336 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 259 IncrementalHoareTripleChecker+Valid, 1077 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2021-12-21 13:17:04,115 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [773 Valid, 956 Invalid, 1336 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [259 Valid, 1077 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2021-12-21 13:17:04,116 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2021-12-21 13:17:04,116 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2021-12-21 13:17:04,116 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2021-12-21 13:17:04,116 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2021-12-21 13:17:04,116 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 172 [2021-12-21 13:17:04,117 INFO L84 Accepts]: Finished accepts. word is rejected. [2021-12-21 13:17:04,117 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2021-12-21 13:17:04,117 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 25 states, 25 states have (on average 8.52) internal successors, (213), 21 states have internal predecessors, (213), 9 states have call successors, (27), 9 states have call predecessors, (27), 9 states have return successors, (29), 8 states have call predecessors, (29), 9 states have call successors, (29) [2021-12-21 13:17:04,117 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2021-12-21 13:17:04,117 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2021-12-21 13:17:04,119 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2021-12-21 13:17:04,141 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2021-12-21 13:17:04,341 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2021-12-21 13:17:04,343 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2021-12-21 13:17:08,619 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 102 108) no Hoare annotation was computed. [2021-12-21 13:17:08,619 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 102 108) the Hoare annotation is: true [2021-12-21 13:17:08,619 INFO L858 garLoopResultBuilder]: For program point L381-1(lines 377 388) no Hoare annotation was computed. [2021-12-21 13:17:08,619 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 377 388) the Hoare annotation is: true [2021-12-21 13:17:08,619 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 377 388) no Hoare annotation was computed. [2021-12-21 13:17:08,619 INFO L858 garLoopResultBuilder]: For program point L929(line 929) no Hoare annotation was computed. [2021-12-21 13:17:08,620 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 908 937) no Hoare annotation was computed. [2021-12-21 13:17:08,620 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 908 937) the Hoare annotation is: true [2021-12-21 13:17:08,620 INFO L858 garLoopResultBuilder]: For program point L922(lines 922 926) no Hoare annotation was computed. [2021-12-21 13:17:08,620 INFO L861 garLoopResultBuilder]: At program point L922-1(lines 922 926) the Hoare annotation is: true [2021-12-21 13:17:08,620 INFO L858 garLoopResultBuilder]: For program point L919(line 919) no Hoare annotation was computed. [2021-12-21 13:17:08,620 INFO L861 garLoopResultBuilder]: At program point L918-2(lines 918 932) the Hoare annotation is: true [2021-12-21 13:17:08,620 INFO L861 garLoopResultBuilder]: At program point L914(line 914) the Hoare annotation is: true [2021-12-21 13:17:08,620 INFO L858 garLoopResultBuilder]: For program point L914-1(line 914) no Hoare annotation was computed. [2021-12-21 13:17:08,621 INFO L861 garLoopResultBuilder]: At program point L933(lines 908 937) the Hoare annotation is: true [2021-12-21 13:17:08,621 INFO L854 garLoopResultBuilder]: At program point L155(line 155) the Hoare annotation is: (let ((.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse1) (or .cse0 .cse2 (not (< 1 |old(~waterLevel~0)|)) .cse1) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2021-12-21 13:17:08,621 INFO L854 garLoopResultBuilder]: At program point L155-1(lines 136 160) the Hoare annotation is: (let ((.cse13 (<= 1 ~pumpRunning~0)) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse2 (not (= |timeShift_processEnvironment_~tmp~1#1| 0))) (.cse15 (<= ~waterLevel~0 1)) (.cse14 (= 1 ~systemActive~0)) (.cse16 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse8 (and .cse11 .cse1 .cse2 .cse15 .cse14 .cse16 .cse4)) (.cse0 (not .cse14)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse12 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (and .cse13 .cse6 .cse15 .cse14 .cse16 .cse4)) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 (and .cse1 .cse2 .cse3 .cse4) .cse5 (not (< 1 |old(~waterLevel~0)|)) (and .cse6 .cse3 .cse4) .cse7)) (or (not (= |old(~waterLevel~0)| 1)) .cse8 .cse0 .cse5 .cse9 .cse10) (or .cse11 (and .cse1 .cse12) .cse0 .cse7 (and .cse13 (= 2 ~waterLevel~0) .cse12)) (or (and .cse6 .cse12 .cse4) .cse8 .cse0 .cse5 (and .cse11 .cse1 .cse2 .cse14 .cse12 .cse4) .cse9 .cse7 .cse10)))) [2021-12-21 13:17:08,621 INFO L858 garLoopResultBuilder]: For program point L89-1(lines 89 95) no Hoare annotation was computed. [2021-12-21 13:17:08,621 INFO L854 garLoopResultBuilder]: At program point L849(line 849) the Hoare annotation is: (let ((.cse13 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (= ~pumpRunning~0 0)) (.cse9 (not (= |timeShift_processEnvironment_~tmp~1#1| 0))) (.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse18 (<= ~waterLevel~0 1)) (.cse15 (= 1 ~systemActive~0)) (.cse19 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse2 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| ~waterLevel~0)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse18 .cse15 .cse19 .cse2 .cse4)) (.cse11 (and .cse1 .cse13 .cse8 .cse9 .cse18 .cse15 .cse19 .cse2 .cse4)) (.cse12 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse14 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (not .cse15)) (.cse7 (not (<= |old(~waterLevel~0)| 2)))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) .cse5 .cse6 (not (< 1 |old(~waterLevel~0)|)) .cse7 (and .cse1 .cse8 .cse9 .cse2 .cse3 .cse4))) (or (not (= |old(~waterLevel~0)| 1)) .cse5 .cse6 .cse10 .cse11 .cse12) (let ((.cse17 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1|)))) (or (not (<= |old(~waterLevel~0)| 1)) .cse5 .cse6 .cse10 (and .cse13 .cse8 .cse9 .cse14 .cse15 .cse16 .cse17 .cse4) (and .cse0 .cse14 .cse16 .cse17 .cse4) .cse11 .cse12)) (or (and .cse8 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| 2) .cse14 .cse18 .cse16) .cse13 .cse5 .cse7)))) [2021-12-21 13:17:08,622 INFO L858 garLoopResultBuilder]: For program point L849-1(line 849) no Hoare annotation was computed. [2021-12-21 13:17:08,622 INFO L854 garLoopResultBuilder]: At program point L267(lines 252 270) the Hoare annotation is: (let ((.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (= 1 ~systemActive~0)) (.cse3 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (and (<= 1 ~pumpRunning~0) .cse2 (<= ~waterLevel~0 1) .cse7 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse3)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse7)) (.cse4 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse2 (= ~waterLevel~0 1) .cse3) .cse4) (or (not (<= |old(~waterLevel~0)| 1)) (and .cse2 (= |old(~waterLevel~0)| ~waterLevel~0) .cse3) .cse0 .cse1 .cse5 .cse6) (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse5 .cse6) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse4)))) [2021-12-21 13:17:08,622 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 75 101) no Hoare annotation was computed. [2021-12-21 13:17:08,622 INFO L854 garLoopResultBuilder]: At program point L449(lines 444 452) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (= 1 ~systemActive~0)) (.cse1 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and (<= 1 ~pumpRunning~0) .cse0 (<= ~waterLevel~0 1) .cse7 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse2 (not .cse7)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse2 .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse0 (= ~waterLevel~0 1) .cse1) .cse5) (or (not (= |old(~waterLevel~0)| 1)) .cse2 .cse3 .cse4 .cse6) (or (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse5)))) [2021-12-21 13:17:08,622 INFO L858 garLoopResultBuilder]: For program point L82(lines 82 88) no Hoare annotation was computed. [2021-12-21 13:17:08,622 INFO L858 garLoopResultBuilder]: For program point L82-2(lines 78 100) no Hoare annotation was computed. [2021-12-21 13:17:08,622 INFO L858 garLoopResultBuilder]: For program point L144(lines 144 152) no Hoare annotation was computed. [2021-12-21 13:17:08,622 INFO L858 garLoopResultBuilder]: For program point L140(lines 140 157) no Hoare annotation was computed. [2021-12-21 13:17:08,623 INFO L854 garLoopResultBuilder]: At program point L834(line 834) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse3) (or (not (<= |old(~waterLevel~0)| 1)) .cse2 .cse4 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse4 (not (< 1 |old(~waterLevel~0)|)) .cse3 .cse5)))) [2021-12-21 13:17:08,623 INFO L858 garLoopResultBuilder]: For program point L834-1(line 834) no Hoare annotation was computed. [2021-12-21 13:17:08,623 INFO L858 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2021-12-21 13:17:08,623 INFO L858 garLoopResultBuilder]: For program point L851(lines 851 861) no Hoare annotation was computed. [2021-12-21 13:17:08,623 INFO L858 garLoopResultBuilder]: For program point L847(lines 847 864) no Hoare annotation was computed. [2021-12-21 13:17:08,624 INFO L854 garLoopResultBuilder]: At program point L174(lines 169 176) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse2 (not (= |timeShift_processEnvironment_~tmp~1#1| 0))) (.cse9 (= 1 ~systemActive~0)) (.cse3 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse6 (and .cse8 .cse1 .cse2 (<= ~waterLevel~0 1) .cse9 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse3)) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse9)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 (and .cse1 .cse2 (= ~waterLevel~0 1) .cse3) .cse4 (not (< 1 |old(~waterLevel~0)|)) .cse5) (or (not (= |old(~waterLevel~0)| 1)) .cse6 .cse0 .cse4 .cse7) (or (and .cse1 .cse2 (= |old(~waterLevel~0)| ~waterLevel~0) .cse3) .cse6 .cse0 .cse4 .cse5 .cse7) (or .cse8 .cse0 .cse5)))) [2021-12-21 13:17:08,624 INFO L854 garLoopResultBuilder]: At program point L847-1(lines 839 867) the Hoare annotation is: (let ((.cse12 (= ~pumpRunning~0 0)) (.cse13 (not (= |timeShift_processEnvironment_~tmp~1#1| 0))) (.cse18 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse6 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse21 (<= ~waterLevel~0 1)) (.cse8 (= 1 ~systemActive~0)) (.cse22 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse9 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| ~waterLevel~0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse15 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse17 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1|))) (.cse2 (and .cse18 .cse5 .cse6 .cse7 .cse21 .cse8 .cse22 .cse9 .cse11)) (.cse3 (and .cse6 .cse7 .cse12 .cse13 .cse21 .cse8 .cse22 .cse9 .cse11)) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse8)) (.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 .cse4) (let ((.cse10 (= ~waterLevel~0 1))) (or (and .cse5 .cse6 .cse7 .cse8 .cse9 .cse10 .cse11) .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse6 .cse7 .cse12 .cse13 .cse8 .cse9 .cse10 .cse11) .cse14)) (or (not (<= |old(~waterLevel~0)| 1)) .cse7 .cse0 (and .cse12 .cse15 .cse16 .cse17)) (or .cse0 .cse1 (and .cse5 .cse7 .cse15 .cse8 .cse16 .cse17 .cse11) (and .cse7 .cse12 .cse13 .cse15 .cse8 .cse16 .cse17 .cse11) .cse14 .cse2 .cse3 .cse4) (let ((.cse19 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| 2)) (.cse20 (= 2 |timeShift_getWaterLevel_#res#1|))) (or .cse7 .cse0 (and .cse18 .cse19 .cse20 .cse16) (and .cse12 .cse19 .cse20 .cse16) .cse14 (not (<= 2 |old(~waterLevel~0)|))))))) [2021-12-21 13:17:08,624 INFO L854 garLoopResultBuilder]: At program point L426(lines 421 429) the Hoare annotation is: (let ((.cse12 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse2 (not (= |timeShift_processEnvironment_~tmp~1#1| 0))) (.cse19 (<= 1 ~pumpRunning~0)) (.cse7 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse0 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse16 (<= ~waterLevel~0 1)) (.cse14 (= 1 ~systemActive~0)) (.cse20 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse9 (and .cse19 .cse7 .cse0 .cse16 .cse14 .cse20 .cse4)) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse11 (and .cse0 .cse12 .cse1 .cse2 .cse16 .cse14 .cse20 .cse4)) (.cse5 (not .cse14)) (.cse13 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse15 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) .cse5 .cse6 (not (< 1 |old(~waterLevel~0)|)) (and .cse7 .cse0 .cse3 .cse4) .cse8)) (or (not (= |old(~waterLevel~0)| 1)) .cse5 .cse6 .cse9 .cse10 .cse11) (or (and .cse12 .cse1 .cse2 .cse13 .cse14 .cse15 .cse4) .cse5 .cse6 .cse9 (and .cse7 .cse13 .cse15 .cse4) .cse8 .cse10 .cse11) (let ((.cse17 (= 2 ~waterLevel~0)) (.cse18 (= 2 |timeShift_getWaterLevel_#res#1|))) (or .cse12 .cse5 (and .cse1 .cse13 .cse16 .cse15) (and .cse1 .cse17 .cse18 .cse15) .cse8 (and .cse19 .cse17 .cse18 .cse15)))))) [2021-12-21 13:17:08,624 INFO L858 garLoopResultBuilder]: For program point L261(lines 261 265) no Hoare annotation was computed. [2021-12-21 13:17:08,625 INFO L858 garLoopResultBuilder]: For program point L261-2(lines 261 265) no Hoare annotation was computed. [2021-12-21 13:17:08,625 INFO L854 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2))) [2021-12-21 13:17:08,625 INFO L854 garLoopResultBuilder]: At program point L150(line 150) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (= 1 ~systemActive~0)) (.cse1 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and (<= 1 ~pumpRunning~0) .cse0 (<= ~waterLevel~0 1) .cse7 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse2 (not .cse7)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse2 .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse0 (= ~waterLevel~0 1) .cse1) .cse5) (or (not (= |old(~waterLevel~0)| 1)) .cse2 .cse3 .cse4 .cse6) (or (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse5)))) [2021-12-21 13:17:08,625 INFO L858 garLoopResultBuilder]: For program point L852(lines 852 858) no Hoare annotation was computed. [2021-12-21 13:17:08,625 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 75 101) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse3) (or (not (<= |old(~waterLevel~0)| 1)) .cse2 .cse4 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse4 (not (< 1 |old(~waterLevel~0)|)) .cse3 .cse5)))) [2021-12-21 13:17:08,626 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 75 101) no Hoare annotation was computed. [2021-12-21 13:17:08,626 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2021-12-21 13:17:08,626 INFO L858 garLoopResultBuilder]: For program point L357(lines 357 361) no Hoare annotation was computed. [2021-12-21 13:17:08,626 INFO L854 garLoopResultBuilder]: At program point L836(lines 829 838) the Hoare annotation is: (let ((.cse0 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse0) .cse1 .cse2) (or .cse3 .cse1 .cse4 (not (= |old(~waterLevel~0)| 2))) (or .cse3 .cse1 .cse4 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2021-12-21 13:17:08,626 INFO L854 garLoopResultBuilder]: At program point L357-2(lines 353 364) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (= 1 ~systemActive~0)) (.cse1 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and (<= 1 ~pumpRunning~0) .cse0 (<= ~waterLevel~0 1) .cse7 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse2 (not .cse7)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse2 .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse0 (= ~waterLevel~0 1) .cse1) .cse5) (or (not (= |old(~waterLevel~0)| 1)) .cse2 .cse3 .cse4 .cse6) (or (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse5)))) [2021-12-21 13:17:08,626 INFO L854 garLoopResultBuilder]: At program point L894(lines 890 896) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2021-12-21 13:17:08,627 INFO L854 garLoopResultBuilder]: At program point L341(lines 292 342) the Hoare annotation is: false [2021-12-21 13:17:08,627 INFO L861 garLoopResultBuilder]: At program point L977(lines 969 979) the Hoare annotation is: true [2021-12-21 13:17:08,627 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2021-12-21 13:17:08,627 INFO L858 garLoopResultBuilder]: For program point L990(lines 990 997) no Hoare annotation was computed. [2021-12-21 13:17:08,627 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2021-12-21 13:17:08,627 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2021-12-21 13:17:08,627 INFO L858 garLoopResultBuilder]: For program point L990-2(lines 990 997) no Hoare annotation was computed. [2021-12-21 13:17:08,627 INFO L858 garLoopResultBuilder]: For program point L313(lines 313 319) no Hoare annotation was computed. [2021-12-21 13:17:08,628 INFO L858 garLoopResultBuilder]: For program point L313-1(lines 313 319) no Hoare annotation was computed. [2021-12-21 13:17:08,628 INFO L854 garLoopResultBuilder]: At program point L887(lines 883 889) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2021-12-21 13:17:08,628 INFO L854 garLoopResultBuilder]: At program point L276(lines 271 278) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2) (and .cse3 (= 2 ~waterLevel~0) .cse0 .cse1) (and .cse3 .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)))) [2021-12-21 13:17:08,628 INFO L854 garLoopResultBuilder]: At program point L338(lines 293 340) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= 2 ~waterLevel~0)) (.cse4 (= ~pumpRunning~0 0)) (.cse1 (<= ~waterLevel~0 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)) (and .cse4 .cse5 .cse2 .cse3) (and .cse0 .cse5 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3))) [2021-12-21 13:17:08,628 INFO L854 garLoopResultBuilder]: At program point L305(line 305) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= 2 ~waterLevel~0)) (.cse4 (= ~pumpRunning~0 0)) (.cse1 (<= ~waterLevel~0 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)) (and .cse4 .cse5 .cse2 .cse3) (and .cse0 .cse5 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3))) [2021-12-21 13:17:08,628 INFO L861 garLoopResultBuilder]: At program point L999(lines 980 1002) the Hoare annotation is: true [2021-12-21 13:17:08,628 INFO L854 garLoopResultBuilder]: At program point L966(lines 962 968) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2021-12-21 13:17:08,628 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2021-12-21 13:17:08,629 INFO L854 garLoopResultBuilder]: At program point L826(lines 821 828) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2021-12-21 13:17:08,629 INFO L858 garLoopResultBuilder]: For program point L331(lines 331 335) no Hoare annotation was computed. [2021-12-21 13:17:08,629 INFO L854 garLoopResultBuilder]: At program point L331-2(lines 323 336) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2) (and .cse3 (= 2 ~waterLevel~0) .cse0 .cse1) (and .cse3 .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)))) [2021-12-21 13:17:08,629 INFO L858 garLoopResultBuilder]: For program point L294(lines 293 340) no Hoare annotation was computed. [2021-12-21 13:17:08,629 INFO L858 garLoopResultBuilder]: For program point L323(lines 323 336) no Hoare annotation was computed. [2021-12-21 13:17:08,629 INFO L854 garLoopResultBuilder]: At program point L315(line 315) the Hoare annotation is: (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2) (and .cse3 (= 2 ~waterLevel~0) .cse0 .cse1) (and .cse3 .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)))) [2021-12-21 13:17:08,629 INFO L861 garLoopResultBuilder]: At program point L344(lines 283 348) the Hoare annotation is: true [2021-12-21 13:17:08,630 INFO L858 garLoopResultBuilder]: For program point L303(lines 303 309) no Hoare annotation was computed. [2021-12-21 13:17:08,630 INFO L858 garLoopResultBuilder]: For program point L303-1(lines 303 309) no Hoare annotation was computed. [2021-12-21 13:17:08,631 INFO L858 garLoopResultBuilder]: For program point L295(lines 295 299) no Hoare annotation was computed. [2021-12-21 13:17:08,631 INFO L854 garLoopResultBuilder]: At program point L902(lines 897 905) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2021-12-21 13:17:08,631 INFO L854 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 110 134) the Hoare annotation is: (let ((.cse1 (not (<= ~waterLevel~0 1))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (= ~pumpRunning~0 0)) (.cse0 (not (= 1 ~systemActive~0)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse2 .cse3 .cse0 .cse1) (or .cse2 .cse3 .cse0 (not (= 2 ~waterLevel~0))))) [2021-12-21 13:17:08,632 INFO L854 garLoopResultBuilder]: At program point L124(line 124) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)) (not (<= ~waterLevel~0 2))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2021-12-21 13:17:08,632 INFO L854 garLoopResultBuilder]: At program point L248(lines 233 251) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 1)))) (and (or (and (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)) .cse0 .cse1 .cse2) (or .cse0 (= ~pumpRunning~0 0) .cse1 (not (<= ~waterLevel~0 2))) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2021-12-21 13:17:08,632 INFO L858 garLoopResultBuilder]: For program point L118(lines 118 126) no Hoare annotation was computed. [2021-12-21 13:17:08,632 INFO L858 garLoopResultBuilder]: For program point L114(lines 114 131) no Hoare annotation was computed. [2021-12-21 13:17:08,632 INFO L858 garLoopResultBuilder]: For program point L434(lines 434 440) no Hoare annotation was computed. [2021-12-21 13:17:08,632 INFO L858 garLoopResultBuilder]: For program point L242(lines 242 246) no Hoare annotation was computed. [2021-12-21 13:17:08,632 INFO L858 garLoopResultBuilder]: For program point L242-2(lines 242 246) no Hoare annotation was computed. [2021-12-21 13:17:08,633 INFO L854 garLoopResultBuilder]: At program point L166(lines 161 168) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2021-12-21 13:17:08,633 INFO L854 garLoopResultBuilder]: At program point L129(line 129) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))))) [2021-12-21 13:17:08,633 INFO L858 garLoopResultBuilder]: For program point L129-1(lines 110 134) no Hoare annotation was computed. [2021-12-21 13:17:08,633 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 110 134) no Hoare annotation was computed. [2021-12-21 13:17:08,633 INFO L854 garLoopResultBuilder]: At program point L439(lines 430 443) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 1)) (and .cse1 (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2021-12-21 13:17:08,633 INFO L858 garLoopResultBuilder]: For program point L369-1(lines 365 376) no Hoare annotation was computed. [2021-12-21 13:17:08,633 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 365 376) no Hoare annotation was computed. [2021-12-21 13:17:08,634 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 365 376) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 (not (= |old(~waterLevel~0)| 2)) .cse2) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= ~pumpRunning~0 0)) .cse0 .cse2 (not (<= |old(~waterLevel~0)| 2))))) [2021-12-21 13:17:08,634 INFO L858 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 188 196) no Hoare annotation was computed. [2021-12-21 13:17:08,634 INFO L861 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 188 196) the Hoare annotation is: true [2021-12-21 13:17:08,634 INFO L858 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 188 196) no Hoare annotation was computed. [2021-12-21 13:17:08,637 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2021-12-21 13:17:08,638 INFO L179 ceAbstractionStarter]: Computing trace abstraction results [2021-12-21 13:17:08,673 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 21.12 01:17:08 BoogieIcfgContainer [2021-12-21 13:17:08,673 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2021-12-21 13:17:08,674 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2021-12-21 13:17:08,674 INFO L271 PluginConnector]: Initializing Witness Printer... [2021-12-21 13:17:08,674 INFO L275 PluginConnector]: Witness Printer initialized [2021-12-21 13:17:08,674 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.12 01:16:57" (3/4) ... [2021-12-21 13:17:08,677 INFO L137 WitnessPrinter]: Generating witness for correct program [2021-12-21 13:17:08,682 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2021-12-21 13:17:08,682 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2021-12-21 13:17:08,682 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2021-12-21 13:17:08,683 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2021-12-21 13:17:08,683 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2021-12-21 13:17:08,683 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2021-12-21 13:17:08,683 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2021-12-21 13:17:08,692 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 51 nodes and edges [2021-12-21 13:17:08,692 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2021-12-21 13:17:08,693 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2021-12-21 13:17:08,693 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2021-12-21 13:17:08,693 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2021-12-21 13:17:08,693 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2021-12-21 13:17:08,694 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2021-12-21 13:17:08,709 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && (((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) == 2))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2021-12-21 13:17:08,710 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2021-12-21 13:17:08,710 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && !(\old(pumpRunning) == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && !(\old(pumpRunning) == 0)) && 1 == systemActive) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && 1 == systemActive) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || (((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel) && !(2 <= tmp)))) && (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && !(\old(pumpRunning) == 0)) && \result < 2) && 1 == systemActive) && \old(waterLevel) == waterLevel) && !(2 <= tmp)) && 1 <= switchedOnBeforeTS)) || (((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && \result < 2) && 1 == systemActive) && \old(waterLevel) == waterLevel) && !(2 <= tmp)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && !(\old(pumpRunning) == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((1 <= pumpRunning && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2021-12-21 13:17:08,711 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || (((pumpRunning == 0 && !(tmp == 0)) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && 1 == systemActive) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2021-12-21 13:17:08,711 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2021-12-21 13:17:08,711 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((\result <= waterLevel && pumpRunning == 0) && !(tmp == 0)) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) || (((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((((((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && \result < 2) && 1 == systemActive) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || (((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || (((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) [2021-12-21 13:17:08,711 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2021-12-21 13:17:08,712 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && \result == 1)) || (pumpRunning == 0 && 2 == waterLevel)) || !(waterLevel <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2021-12-21 13:17:08,712 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2021-12-21 13:17:08,712 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((\result == 0 && tmp___0 == 0) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(waterLevel <= 1)) && (((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(waterLevel <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2021-12-21 13:17:08,712 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(1 == systemActive) || (((pumpRunning == 0 && !(tmp == 0)) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && ((((!(\old(waterLevel) == 1) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && !(tmp == 0)) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2021-12-21 13:17:08,712 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2021-12-21 13:17:08,743 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2021-12-21 13:17:08,743 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2021-12-21 13:17:08,744 INFO L158 Benchmark]: Toolchain (without parser) took 11601.89ms. Allocated memory was 81.8MB in the beginning and 186.6MB in the end (delta: 104.9MB). Free memory was 48.8MB in the beginning and 160.5MB in the end (delta: -111.7MB). Peak memory consumption was 103.2MB. Max. memory is 16.1GB. [2021-12-21 13:17:08,744 INFO L158 Benchmark]: CDTParser took 0.16ms. Allocated memory is still 81.8MB. Free memory was 51.6MB in the beginning and 51.6MB in the end (delta: 27.1kB). There was no memory consumed. Max. memory is 16.1GB. [2021-12-21 13:17:08,744 INFO L158 Benchmark]: CACSL2BoogieTranslator took 340.30ms. Allocated memory was 81.8MB in the beginning and 104.9MB in the end (delta: 23.1MB). Free memory was 48.5MB in the beginning and 72.9MB in the end (delta: -24.4MB). Peak memory consumption was 5.9MB. Max. memory is 16.1GB. [2021-12-21 13:17:08,744 INFO L158 Benchmark]: Boogie Procedure Inliner took 67.15ms. Allocated memory is still 104.9MB. Free memory was 72.9MB in the beginning and 70.4MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2021-12-21 13:17:08,745 INFO L158 Benchmark]: Boogie Preprocessor took 29.49ms. Allocated memory is still 104.9MB. Free memory was 70.4MB in the beginning and 68.7MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2021-12-21 13:17:08,745 INFO L158 Benchmark]: RCFGBuilder took 358.25ms. Allocated memory is still 104.9MB. Free memory was 68.7MB in the beginning and 79.0MB in the end (delta: -10.3MB). Peak memory consumption was 17.2MB. Max. memory is 16.1GB. [2021-12-21 13:17:08,746 INFO L158 Benchmark]: TraceAbstraction took 10732.91ms. Allocated memory was 104.9MB in the beginning and 186.6MB in the end (delta: 81.8MB). Free memory was 78.5MB in the beginning and 58.7MB in the end (delta: 19.8MB). Peak memory consumption was 111.3MB. Max. memory is 16.1GB. [2021-12-21 13:17:08,746 INFO L158 Benchmark]: Witness Printer took 69.42ms. Allocated memory is still 186.6MB. Free memory was 58.7MB in the beginning and 160.5MB in the end (delta: -101.8MB). Peak memory consumption was 7.3MB. Max. memory is 16.1GB. [2021-12-21 13:17:08,747 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.16ms. Allocated memory is still 81.8MB. Free memory was 51.6MB in the beginning and 51.6MB in the end (delta: 27.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 340.30ms. Allocated memory was 81.8MB in the beginning and 104.9MB in the end (delta: 23.1MB). Free memory was 48.5MB in the beginning and 72.9MB in the end (delta: -24.4MB). Peak memory consumption was 5.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 67.15ms. Allocated memory is still 104.9MB. Free memory was 72.9MB in the beginning and 70.4MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 29.49ms. Allocated memory is still 104.9MB. Free memory was 70.4MB in the beginning and 68.7MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 358.25ms. Allocated memory is still 104.9MB. Free memory was 68.7MB in the beginning and 79.0MB in the end (delta: -10.3MB). Peak memory consumption was 17.2MB. Max. memory is 16.1GB. * TraceAbstraction took 10732.91ms. Allocated memory was 104.9MB in the beginning and 186.6MB in the end (delta: 81.8MB). Free memory was 78.5MB in the beginning and 58.7MB in the end (delta: 19.8MB). Peak memory consumption was 111.3MB. Max. memory is 16.1GB. * Witness Printer took 69.42ms. Allocated memory is still 186.6MB. Free memory was 58.7MB in the beginning and 160.5MB in the end (delta: -101.8MB). Peak memory consumption was 7.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 93 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 10.7s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 3.1s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 4.3s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2531 SdHoareTripleChecker+Valid, 1.8s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2491 mSDsluCounter, 5541 SdHoareTripleChecker+Invalid, 1.4s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4152 mSDsCounter, 769 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 3367 IncrementalHoareTripleChecker+Invalid, 4136 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 769 mSolverCounterUnsat, 1389 mSDtfsCounter, 3367 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 818 GetRequests, 655 SyntacticMatches, 6 SemanticMatches, 157 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1095 ImplicationChecksByTransitivity, 1.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=592occurred in iteration=10, InterpolantAutomatonStates: 138, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 11 MinimizatonAttempts, 244 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 43 LocationsWithAnnotation, 1363 PreInvPairs, 1644 NumberOfFragments, 2739 HoareAnnotationTreeSize, 1363 FomulaSimplifications, 2399 FormulaSimplificationTreeSizeReduction, 0.3s HoareSimplificationTime, 43 FomulaSimplificationsInter, 22980 FormulaSimplificationTreeSizeReductionInter, 3.9s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 2.0s InterpolantComputationTime, 957 NumberOfCodeBlocks, 957 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 1212 ConstructedInterpolants, 0 QuantifiedInterpolants, 2381 SizeOfPredicates, 6 NumberOfNonLiveVariables, 1156 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 15 InterpolantComputations, 9 PerfectInterpolantSequences, 635/705 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 969]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 271]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((1 <= pumpRunning && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 136]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || (((pumpRunning == 0 && !(tmp == 0)) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && 1 == systemActive) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 962]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 161]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 829]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && (((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) == 2))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 908]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 444]: Loop Invariant Derived loop invariant: (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 918]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 821]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 980]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 293]: Loop Invariant Derived loop invariant: ((((((1 <= pumpRunning && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) || (((pumpRunning == 0 && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || (((1 <= pumpRunning && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || (((pumpRunning == 0 && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 353]: Loop Invariant Derived loop invariant: (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 883]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 292]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 252]: Loop Invariant Derived loop invariant: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 897]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 169]: Loop Invariant Derived loop invariant: ((((((!(1 == systemActive) || (((pumpRunning == 0 && !(tmp == 0)) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && ((((!(\old(waterLevel) == 1) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && !(tmp == 0)) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || ((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 283]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 421]: Loop Invariant Derived loop invariant: (((((((((((\result <= waterLevel && pumpRunning == 0) && !(tmp == 0)) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) || (((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((((((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && \result < 2) && 1 == systemActive) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || (((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || (((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) - InvariantResult [Line: 890]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 233]: Loop Invariant Derived loop invariant: (((((\result == 0 && tmp___0 == 0) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(waterLevel <= 1)) && (((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(waterLevel <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 839]: Loop Invariant Derived loop invariant: ((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && !(\old(pumpRunning) == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && !(\old(pumpRunning) == 0)) && 1 == systemActive) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && 1 == systemActive) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || (((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel) && !(2 <= tmp)))) && (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && !(\old(pumpRunning) == 0)) && \result < 2) && 1 == systemActive) && \old(waterLevel) == waterLevel) && !(2 <= tmp)) && 1 <= switchedOnBeforeTS)) || (((((((!(\old(pumpRunning) == 0) && pumpRunning == 0) && !(tmp == 0)) && \result < 2) && 1 == systemActive) && \old(waterLevel) == waterLevel) && !(2 <= tmp)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && !(\old(pumpRunning) == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((\result <= waterLevel && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && !(tmp == 0)) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((1 <= pumpRunning && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 430]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && \result == 1)) || (pumpRunning == 0 && 2 == waterLevel)) || !(waterLevel <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) RESULT: Ultimate proved your program to be correct! [2021-12-21 13:17:08,789 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE