./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 5e519f3a Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-5e519f3 [2022-11-02 19:50:42,900 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-02 19:50:42,903 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-02 19:50:42,937 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-02 19:50:42,937 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-02 19:50:42,939 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-02 19:50:42,940 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-02 19:50:42,942 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-02 19:50:42,944 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-02 19:50:42,945 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-02 19:50:42,946 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-02 19:50:42,947 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-02 19:50:42,948 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-02 19:50:42,949 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-02 19:50:42,950 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-02 19:50:42,951 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-02 19:50:42,952 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-02 19:50:42,953 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-02 19:50:42,955 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-02 19:50:42,957 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-02 19:50:42,959 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-02 19:50:42,960 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-02 19:50:42,962 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-02 19:50:42,963 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-02 19:50:42,967 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-02 19:50:42,967 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-02 19:50:42,968 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-02 19:50:42,969 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-02 19:50:42,969 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-02 19:50:42,970 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-02 19:50:42,971 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-02 19:50:42,972 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-02 19:50:42,973 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-02 19:50:42,974 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-02 19:50:42,975 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-02 19:50:42,975 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-02 19:50:42,976 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-02 19:50:42,977 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-02 19:50:42,977 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-02 19:50:42,984 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-02 19:50:42,985 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-02 19:50:42,990 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-02 19:50:43,044 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-02 19:50:43,045 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-02 19:50:43,046 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-02 19:50:43,047 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-02 19:50:43,049 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-02 19:50:43,049 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-02 19:50:43,050 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-02 19:50:43,050 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-02 19:50:43,050 INFO L138 SettingsManager]: * Use SBE=true [2022-11-02 19:50:43,051 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-02 19:50:43,052 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-02 19:50:43,052 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-02 19:50:43,053 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-02 19:50:43,053 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-02 19:50:43,053 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-02 19:50:43,053 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-02 19:50:43,054 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-02 19:50:43,054 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-02 19:50:43,054 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-02 19:50:43,054 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-02 19:50:43,055 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-02 19:50:43,055 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-02 19:50:43,055 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-02 19:50:43,056 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-02 19:50:43,056 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-02 19:50:43,056 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-02 19:50:43,056 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-02 19:50:43,057 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-02 19:50:43,057 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-02 19:50:43,057 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-02 19:50:43,057 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-02 19:50:43,058 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-02 19:50:43,058 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-02 19:50:43,058 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 [2022-11-02 19:50:43,317 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-02 19:50:43,346 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-02 19:50:43,350 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-02 19:50:43,352 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-02 19:50:43,353 INFO L275 PluginConnector]: CDTParser initialized [2022-11-02 19:50:43,355 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/../../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2022-11-02 19:50:43,426 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/data/25acb4d8d/63924da36ee8402ab38d1093ee5bf24a/FLAG60582e212 [2022-11-02 19:50:44,058 INFO L306 CDTParser]: Found 1 translation units. [2022-11-02 19:50:44,067 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2022-11-02 19:50:44,079 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/data/25acb4d8d/63924da36ee8402ab38d1093ee5bf24a/FLAG60582e212 [2022-11-02 19:50:44,288 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/data/25acb4d8d/63924da36ee8402ab38d1093ee5bf24a [2022-11-02 19:50:44,291 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-02 19:50:44,292 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-02 19:50:44,294 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-02 19:50:44,294 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-02 19:50:44,303 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-02 19:50:44,304 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:44,306 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6bad486 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44, skipping insertion in model container [2022-11-02 19:50:44,309 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:44,317 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-02 19:50:44,377 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-02 19:50:44,576 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2022-11-02 19:50:44,700 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-02 19:50:44,711 INFO L203 MainTranslator]: Completed pre-run [2022-11-02 19:50:44,739 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2022-11-02 19:50:44,863 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-02 19:50:44,890 INFO L208 MainTranslator]: Completed translation [2022-11-02 19:50:44,890 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44 WrapperNode [2022-11-02 19:50:44,891 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-02 19:50:44,892 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-02 19:50:44,892 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-02 19:50:44,893 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-02 19:50:44,901 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:44,932 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:44,985 INFO L138 Inliner]: procedures = 56, calls = 158, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 259 [2022-11-02 19:50:44,992 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-02 19:50:44,993 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-02 19:50:44,993 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-02 19:50:44,993 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-02 19:50:45,004 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,005 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,024 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,027 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,033 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,057 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,062 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,064 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,066 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-02 19:50:45,067 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-02 19:50:45,068 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-02 19:50:45,068 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-02 19:50:45,069 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (1/1) ... [2022-11-02 19:50:45,077 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-02 19:50:45,091 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 19:50:45,104 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-02 19:50:45,108 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-02 19:50:45,150 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-02 19:50:45,151 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-02 19:50:45,151 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-02 19:50:45,151 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-02 19:50:45,151 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-02 19:50:45,151 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-02 19:50:45,152 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-02 19:50:45,152 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 19:50:45,152 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 19:50:45,152 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-02 19:50:45,152 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-02 19:50:45,153 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-02 19:50:45,153 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-02 19:50:45,153 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-02 19:50:45,153 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-02 19:50:45,153 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-02 19:50:45,154 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-02 19:50:45,154 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-02 19:50:45,154 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-02 19:50:45,154 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-02 19:50:45,239 INFO L235 CfgBuilder]: Building ICFG [2022-11-02 19:50:45,242 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-02 19:50:45,718 INFO L276 CfgBuilder]: Performing block encoding [2022-11-02 19:50:45,728 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-02 19:50:45,729 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-02 19:50:45,731 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 07:50:45 BoogieIcfgContainer [2022-11-02 19:50:45,731 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-02 19:50:45,734 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-02 19:50:45,734 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-02 19:50:45,741 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-02 19:50:45,741 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 02.11 07:50:44" (1/3) ... [2022-11-02 19:50:45,743 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@387f31 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.11 07:50:45, skipping insertion in model container [2022-11-02 19:50:45,743 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 07:50:44" (2/3) ... [2022-11-02 19:50:45,744 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@387f31 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.11 07:50:45, skipping insertion in model container [2022-11-02 19:50:45,744 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 07:50:45" (3/3) ... [2022-11-02 19:50:45,746 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product39.cil.c [2022-11-02 19:50:45,773 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-02 19:50:45,774 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-02 19:50:45,852 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-02 19:50:45,860 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@48171052, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-02 19:50:45,869 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-02 19:50:45,874 INFO L276 IsEmpty]: Start isEmpty. Operand has 97 states, 73 states have (on average 1.36986301369863) internal successors, (100), 82 states have internal predecessors, (100), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2022-11-02 19:50:45,889 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-02 19:50:45,898 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:45,899 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:45,901 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:45,907 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:45,907 INFO L85 PathProgramCache]: Analyzing trace with hash -1244587252, now seen corresponding path program 1 times [2022-11-02 19:50:45,916 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:45,917 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1600122646] [2022-11-02 19:50:45,917 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:45,918 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:46,150 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,296 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-02 19:50:46,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-02 19:50:46,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,322 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 19:50:46,322 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:46,323 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1600122646] [2022-11-02 19:50:46,324 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1600122646] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:46,324 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:46,324 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-02 19:50:46,330 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [656287215] [2022-11-02 19:50:46,332 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:46,339 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-02 19:50:46,339 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:46,379 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-02 19:50:46,381 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-02 19:50:46,385 INFO L87 Difference]: Start difference. First operand has 97 states, 73 states have (on average 1.36986301369863) internal successors, (100), 82 states have internal predecessors, (100), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 19:50:46,452 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:46,452 INFO L93 Difference]: Finished difference Result 185 states and 250 transitions. [2022-11-02 19:50:46,453 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-02 19:50:46,455 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-02 19:50:46,455 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:46,465 INFO L225 Difference]: With dead ends: 185 [2022-11-02 19:50:46,466 INFO L226 Difference]: Without dead ends: 88 [2022-11-02 19:50:46,470 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-02 19:50:46,473 INFO L413 NwaCegarLoop]: 122 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 122 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:46,475 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 122 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 19:50:46,494 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2022-11-02 19:50:46,519 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 88. [2022-11-02 19:50:46,521 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 66 states have (on average 1.303030303030303) internal successors, (86), 74 states have internal predecessors, (86), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-11-02 19:50:46,524 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 113 transitions. [2022-11-02 19:50:46,526 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 113 transitions. Word has length 32 [2022-11-02 19:50:46,527 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:46,527 INFO L495 AbstractCegarLoop]: Abstraction has 88 states and 113 transitions. [2022-11-02 19:50:46,527 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 19:50:46,528 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 113 transitions. [2022-11-02 19:50:46,531 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-11-02 19:50:46,531 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:46,531 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:46,532 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-02 19:50:46,532 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:46,533 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:46,533 INFO L85 PathProgramCache]: Analyzing trace with hash 1577409017, now seen corresponding path program 1 times [2022-11-02 19:50:46,533 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:46,534 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [976636629] [2022-11-02 19:50:46,534 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:46,534 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:46,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,758 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-02 19:50:46,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,763 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-11-02 19:50:46,765 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,768 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 19:50:46,768 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:46,768 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [976636629] [2022-11-02 19:50:46,769 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [976636629] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:46,769 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:46,769 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-02 19:50:46,769 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1398113202] [2022-11-02 19:50:46,770 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:46,771 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-02 19:50:46,771 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:46,772 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-02 19:50:46,772 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 19:50:46,773 INFO L87 Difference]: Start difference. First operand 88 states and 113 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 19:50:46,793 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:46,794 INFO L93 Difference]: Finished difference Result 137 states and 175 transitions. [2022-11-02 19:50:46,794 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-02 19:50:46,795 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-11-02 19:50:46,795 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:46,796 INFO L225 Difference]: With dead ends: 137 [2022-11-02 19:50:46,797 INFO L226 Difference]: Without dead ends: 79 [2022-11-02 19:50:46,798 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 19:50:46,799 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 16 mSDsluCounter, 79 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 179 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:46,800 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 179 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 19:50:46,801 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-11-02 19:50:46,811 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-11-02 19:50:46,811 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 60 states have (on average 1.3166666666666667) internal successors, (79), 68 states have internal predecessors, (79), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-11-02 19:50:46,813 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 101 transitions. [2022-11-02 19:50:46,813 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 101 transitions. Word has length 33 [2022-11-02 19:50:46,813 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:46,814 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 101 transitions. [2022-11-02 19:50:46,814 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 19:50:46,814 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-11-02 19:50:46,816 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-11-02 19:50:46,816 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:46,816 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:46,816 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-02 19:50:46,817 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:46,817 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:46,818 INFO L85 PathProgramCache]: Analyzing trace with hash 1563484802, now seen corresponding path program 1 times [2022-11-02 19:50:46,818 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:46,818 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [654699022] [2022-11-02 19:50:46,819 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:46,819 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:46,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 19:50:46,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,919 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-11-02 19:50:46,921 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:46,923 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 19:50:46,924 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:46,924 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [654699022] [2022-11-02 19:50:46,924 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [654699022] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:46,924 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:46,925 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-02 19:50:46,925 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1281526856] [2022-11-02 19:50:46,925 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:46,926 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-02 19:50:46,926 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:46,927 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-02 19:50:46,927 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 19:50:46,927 INFO L87 Difference]: Start difference. First operand 79 states and 101 transitions. Second operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-02 19:50:46,963 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:46,964 INFO L93 Difference]: Finished difference Result 220 states and 287 transitions. [2022-11-02 19:50:46,964 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-02 19:50:46,965 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-11-02 19:50:46,965 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:46,967 INFO L225 Difference]: With dead ends: 220 [2022-11-02 19:50:46,968 INFO L226 Difference]: Without dead ends: 149 [2022-11-02 19:50:46,969 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 19:50:46,970 INFO L413 NwaCegarLoop]: 124 mSDtfsCounter, 76 mSDsluCounter, 90 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 76 SdHoareTripleChecker+Valid, 214 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:46,971 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [76 Valid, 214 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 19:50:46,973 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 149 states. [2022-11-02 19:50:47,009 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 149 to 146. [2022-11-02 19:50:47,010 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 146 states, 109 states have (on average 1.3394495412844036) internal successors, (146), 124 states have internal predecessors, (146), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2022-11-02 19:50:47,012 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 146 states to 146 states and 190 transitions. [2022-11-02 19:50:47,012 INFO L78 Accepts]: Start accepts. Automaton has 146 states and 190 transitions. Word has length 37 [2022-11-02 19:50:47,013 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:47,013 INFO L495 AbstractCegarLoop]: Abstraction has 146 states and 190 transitions. [2022-11-02 19:50:47,014 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-02 19:50:47,014 INFO L276 IsEmpty]: Start isEmpty. Operand 146 states and 190 transitions. [2022-11-02 19:50:47,016 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-11-02 19:50:47,016 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:47,017 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:47,017 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-02 19:50:47,017 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:47,018 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:47,018 INFO L85 PathProgramCache]: Analyzing trace with hash 209384056, now seen corresponding path program 1 times [2022-11-02 19:50:47,019 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:47,019 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [476343739] [2022-11-02 19:50:47,019 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:47,020 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:47,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:47,226 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-02 19:50:47,229 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:47,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-11-02 19:50:47,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:47,265 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-02 19:50:47,266 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:47,266 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [476343739] [2022-11-02 19:50:47,266 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [476343739] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:47,267 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:47,268 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 19:50:47,268 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1461211768] [2022-11-02 19:50:47,268 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:47,270 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 19:50:47,271 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:47,271 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 19:50:47,272 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 19:50:47,273 INFO L87 Difference]: Start difference. First operand 146 states and 190 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 19:50:47,493 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:47,493 INFO L93 Difference]: Finished difference Result 386 states and 515 transitions. [2022-11-02 19:50:47,494 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-02 19:50:47,494 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-11-02 19:50:47,495 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:47,497 INFO L225 Difference]: With dead ends: 386 [2022-11-02 19:50:47,497 INFO L226 Difference]: Without dead ends: 248 [2022-11-02 19:50:47,499 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-02 19:50:47,500 INFO L413 NwaCegarLoop]: 114 mSDtfsCounter, 49 mSDsluCounter, 369 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 50 SdHoareTripleChecker+Valid, 483 SdHoareTripleChecker+Invalid, 79 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:47,501 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [50 Valid, 483 Invalid, 79 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-02 19:50:47,502 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 248 states. [2022-11-02 19:50:47,529 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 248 to 235. [2022-11-02 19:50:47,530 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 235 states, 176 states have (on average 1.2954545454545454) internal successors, (228), 191 states have internal predecessors, (228), 32 states have call successors, (32), 26 states have call predecessors, (32), 26 states have return successors, (40), 29 states have call predecessors, (40), 32 states have call successors, (40) [2022-11-02 19:50:47,533 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 235 states to 235 states and 300 transitions. [2022-11-02 19:50:47,533 INFO L78 Accepts]: Start accepts. Automaton has 235 states and 300 transitions. Word has length 41 [2022-11-02 19:50:47,534 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:47,534 INFO L495 AbstractCegarLoop]: Abstraction has 235 states and 300 transitions. [2022-11-02 19:50:47,534 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 19:50:47,534 INFO L276 IsEmpty]: Start isEmpty. Operand 235 states and 300 transitions. [2022-11-02 19:50:47,536 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-02 19:50:47,537 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:47,537 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:47,537 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-02 19:50:47,537 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:47,538 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:47,538 INFO L85 PathProgramCache]: Analyzing trace with hash -1528927009, now seen corresponding path program 1 times [2022-11-02 19:50:47,538 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:47,539 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [770160466] [2022-11-02 19:50:47,539 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:47,539 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:47,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:47,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 19:50:47,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:47,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-02 19:50:47,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:47,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-02 19:50:47,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:47,692 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 19:50:47,693 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:47,693 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [770160466] [2022-11-02 19:50:47,693 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [770160466] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:47,693 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:47,694 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 19:50:47,701 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1752535263] [2022-11-02 19:50:47,702 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:47,702 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 19:50:47,703 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:47,703 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 19:50:47,703 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 19:50:47,704 INFO L87 Difference]: Start difference. First operand 235 states and 300 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-02 19:50:47,959 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:47,959 INFO L93 Difference]: Finished difference Result 522 states and 677 transitions. [2022-11-02 19:50:47,960 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-02 19:50:47,960 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-11-02 19:50:47,963 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:47,970 INFO L225 Difference]: With dead ends: 522 [2022-11-02 19:50:47,970 INFO L226 Difference]: Without dead ends: 295 [2022-11-02 19:50:47,972 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-02 19:50:47,980 INFO L413 NwaCegarLoop]: 95 mSDtfsCounter, 65 mSDsluCounter, 290 mSDsCounter, 0 mSdLazyCounter, 112 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 385 SdHoareTripleChecker+Invalid, 134 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 112 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:47,982 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [68 Valid, 385 Invalid, 134 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 112 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-02 19:50:47,987 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 295 states. [2022-11-02 19:50:48,048 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 295 to 287. [2022-11-02 19:50:48,051 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 287 states, 218 states have (on average 1.275229357798165) internal successors, (278), 233 states have internal predecessors, (278), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2022-11-02 19:50:48,054 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 287 states to 287 states and 364 transitions. [2022-11-02 19:50:48,055 INFO L78 Accepts]: Start accepts. Automaton has 287 states and 364 transitions. Word has length 51 [2022-11-02 19:50:48,055 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:48,055 INFO L495 AbstractCegarLoop]: Abstraction has 287 states and 364 transitions. [2022-11-02 19:50:48,056 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-02 19:50:48,056 INFO L276 IsEmpty]: Start isEmpty. Operand 287 states and 364 transitions. [2022-11-02 19:50:48,068 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-02 19:50:48,068 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:48,069 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:48,069 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-02 19:50:48,069 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:48,070 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:48,070 INFO L85 PathProgramCache]: Analyzing trace with hash 1077096545, now seen corresponding path program 1 times [2022-11-02 19:50:48,070 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:48,070 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [728503954] [2022-11-02 19:50:48,071 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:48,071 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:48,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 19:50:48,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,185 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-02 19:50:48,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,224 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-02 19:50:48,225 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,227 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 19:50:48,227 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:48,227 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [728503954] [2022-11-02 19:50:48,228 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [728503954] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:48,228 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:48,228 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 19:50:48,228 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2061416052] [2022-11-02 19:50:48,228 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:48,229 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 19:50:48,229 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:48,229 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 19:50:48,230 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 19:50:48,230 INFO L87 Difference]: Start difference. First operand 287 states and 364 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-02 19:50:48,649 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:48,649 INFO L93 Difference]: Finished difference Result 596 states and 773 transitions. [2022-11-02 19:50:48,650 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-02 19:50:48,651 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 51 [2022-11-02 19:50:48,654 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:48,657 INFO L225 Difference]: With dead ends: 596 [2022-11-02 19:50:48,658 INFO L226 Difference]: Without dead ends: 317 [2022-11-02 19:50:48,660 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 17 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=54, Invalid=102, Unknown=0, NotChecked=0, Total=156 [2022-11-02 19:50:48,666 INFO L413 NwaCegarLoop]: 117 mSDtfsCounter, 213 mSDsluCounter, 320 mSDsCounter, 0 mSdLazyCounter, 163 mSolverCounterSat, 62 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 220 SdHoareTripleChecker+Valid, 437 SdHoareTripleChecker+Invalid, 225 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 62 IncrementalHoareTripleChecker+Valid, 163 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:48,669 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [220 Valid, 437 Invalid, 225 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [62 Valid, 163 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-02 19:50:48,671 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 317 states. [2022-11-02 19:50:48,712 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 317 to 291. [2022-11-02 19:50:48,713 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 291 states, 222 states have (on average 1.2702702702702702) internal successors, (282), 237 states have internal predecessors, (282), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2022-11-02 19:50:48,715 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 291 states to 291 states and 368 transitions. [2022-11-02 19:50:48,716 INFO L78 Accepts]: Start accepts. Automaton has 291 states and 368 transitions. Word has length 51 [2022-11-02 19:50:48,716 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:48,716 INFO L495 AbstractCegarLoop]: Abstraction has 291 states and 368 transitions. [2022-11-02 19:50:48,716 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-02 19:50:48,717 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 368 transitions. [2022-11-02 19:50:48,720 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-02 19:50:48,720 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:48,721 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:48,721 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-02 19:50:48,721 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:48,722 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:48,722 INFO L85 PathProgramCache]: Analyzing trace with hash 1499798371, now seen corresponding path program 1 times [2022-11-02 19:50:48,722 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:48,722 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1578182806] [2022-11-02 19:50:48,722 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:48,723 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:48,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,823 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 19:50:48,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,832 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-02 19:50:48,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-02 19:50:48,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:48,857 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 19:50:48,858 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:48,859 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1578182806] [2022-11-02 19:50:48,859 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1578182806] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:48,859 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:48,859 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-02 19:50:48,860 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1205069540] [2022-11-02 19:50:48,860 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:48,862 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-02 19:50:48,862 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:48,863 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-02 19:50:48,863 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-02 19:50:48,863 INFO L87 Difference]: Start difference. First operand 291 states and 368 transitions. Second operand has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-02 19:50:49,207 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:49,207 INFO L93 Difference]: Finished difference Result 846 states and 1109 transitions. [2022-11-02 19:50:49,208 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-02 19:50:49,208 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-11-02 19:50:49,208 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:49,213 INFO L225 Difference]: With dead ends: 846 [2022-11-02 19:50:49,214 INFO L226 Difference]: Without dead ends: 563 [2022-11-02 19:50:49,217 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-02 19:50:49,224 INFO L413 NwaCegarLoop]: 149 mSDtfsCounter, 219 mSDsluCounter, 183 mSDsCounter, 0 mSdLazyCounter, 152 mSolverCounterSat, 67 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 226 SdHoareTripleChecker+Valid, 332 SdHoareTripleChecker+Invalid, 219 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 67 IncrementalHoareTripleChecker+Valid, 152 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:49,225 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [226 Valid, 332 Invalid, 219 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [67 Valid, 152 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-02 19:50:49,226 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 563 states. [2022-11-02 19:50:49,275 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 563 to 556. [2022-11-02 19:50:49,277 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 556 states, 421 states have (on average 1.2351543942992873) internal successors, (520), 445 states have internal predecessors, (520), 73 states have call successors, (73), 59 states have call predecessors, (73), 61 states have return successors, (111), 72 states have call predecessors, (111), 73 states have call successors, (111) [2022-11-02 19:50:49,281 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 556 states to 556 states and 704 transitions. [2022-11-02 19:50:49,281 INFO L78 Accepts]: Start accepts. Automaton has 556 states and 704 transitions. Word has length 51 [2022-11-02 19:50:49,281 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:49,282 INFO L495 AbstractCegarLoop]: Abstraction has 556 states and 704 transitions. [2022-11-02 19:50:49,282 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-02 19:50:49,282 INFO L276 IsEmpty]: Start isEmpty. Operand 556 states and 704 transitions. [2022-11-02 19:50:49,283 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2022-11-02 19:50:49,284 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:49,284 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:49,284 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-02 19:50:49,284 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:49,285 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:49,285 INFO L85 PathProgramCache]: Analyzing trace with hash -85847159, now seen corresponding path program 1 times [2022-11-02 19:50:49,285 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:49,286 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1892332701] [2022-11-02 19:50:49,286 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:49,286 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:49,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:49,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 19:50:49,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:49,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-02 19:50:49,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:49,559 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-11-02 19:50:49,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:49,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-11-02 19:50:49,583 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:49,587 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 19:50:49,588 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:49,588 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1892332701] [2022-11-02 19:50:49,588 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1892332701] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:49,588 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:49,588 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-02 19:50:49,589 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1619676316] [2022-11-02 19:50:49,593 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:49,594 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-02 19:50:49,594 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:49,595 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-02 19:50:49,595 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2022-11-02 19:50:49,595 INFO L87 Difference]: Start difference. First operand 556 states and 704 transitions. Second operand has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 19:50:50,952 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:50,953 INFO L93 Difference]: Finished difference Result 1787 states and 2374 transitions. [2022-11-02 19:50:50,954 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2022-11-02 19:50:50,954 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 55 [2022-11-02 19:50:50,955 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:50,962 INFO L225 Difference]: With dead ends: 1787 [2022-11-02 19:50:50,962 INFO L226 Difference]: Without dead ends: 1342 [2022-11-02 19:50:50,965 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 10 SyntacticMatches, 1 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 294 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=221, Invalid=969, Unknown=0, NotChecked=0, Total=1190 [2022-11-02 19:50:50,966 INFO L413 NwaCegarLoop]: 171 mSDtfsCounter, 519 mSDsluCounter, 747 mSDsCounter, 0 mSdLazyCounter, 862 mSolverCounterSat, 194 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 529 SdHoareTripleChecker+Valid, 918 SdHoareTripleChecker+Invalid, 1056 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 194 IncrementalHoareTripleChecker+Valid, 862 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:50,967 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [529 Valid, 918 Invalid, 1056 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [194 Valid, 862 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-11-02 19:50:50,969 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1342 states. [2022-11-02 19:50:51,092 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1342 to 1083. [2022-11-02 19:50:51,095 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1083 states, 820 states have (on average 1.2317073170731707) internal successors, (1010), 873 states have internal predecessors, (1010), 142 states have call successors, (142), 104 states have call predecessors, (142), 120 states have return successors, (220), 140 states have call predecessors, (220), 142 states have call successors, (220) [2022-11-02 19:50:51,103 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1083 states to 1083 states and 1372 transitions. [2022-11-02 19:50:51,105 INFO L78 Accepts]: Start accepts. Automaton has 1083 states and 1372 transitions. Word has length 55 [2022-11-02 19:50:51,105 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:51,105 INFO L495 AbstractCegarLoop]: Abstraction has 1083 states and 1372 transitions. [2022-11-02 19:50:51,106 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 19:50:51,106 INFO L276 IsEmpty]: Start isEmpty. Operand 1083 states and 1372 transitions. [2022-11-02 19:50:51,108 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-11-02 19:50:51,108 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:51,108 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:51,109 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-02 19:50:51,109 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:51,110 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:51,110 INFO L85 PathProgramCache]: Analyzing trace with hash 1602781584, now seen corresponding path program 1 times [2022-11-02 19:50:51,110 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:51,110 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [468380152] [2022-11-02 19:50:51,110 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:51,111 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:51,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:51,202 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 19:50:51,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:51,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-02 19:50:51,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:51,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:51,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:51,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 19:50:51,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:51,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-11-02 19:50:51,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:51,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-11-02 19:50:51,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:51,275 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 18 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-02 19:50:51,276 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:51,276 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [468380152] [2022-11-02 19:50:51,276 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [468380152] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:51,276 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:51,276 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-11-02 19:50:51,276 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2033402579] [2022-11-02 19:50:51,276 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:51,277 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-11-02 19:50:51,277 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:51,277 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-11-02 19:50:51,277 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2022-11-02 19:50:51,278 INFO L87 Difference]: Start difference. First operand 1083 states and 1372 transitions. Second operand has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-11-02 19:50:51,722 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:51,723 INFO L93 Difference]: Finished difference Result 1319 states and 1661 transitions. [2022-11-02 19:50:51,723 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-02 19:50:51,724 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) Word has length 85 [2022-11-02 19:50:51,724 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:51,727 INFO L225 Difference]: With dead ends: 1319 [2022-11-02 19:50:51,728 INFO L226 Difference]: Without dead ends: 556 [2022-11-02 19:50:51,730 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2022-11-02 19:50:51,731 INFO L413 NwaCegarLoop]: 136 mSDtfsCounter, 304 mSDsluCounter, 223 mSDsCounter, 0 mSdLazyCounter, 198 mSolverCounterSat, 108 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 313 SdHoareTripleChecker+Valid, 359 SdHoareTripleChecker+Invalid, 306 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 108 IncrementalHoareTripleChecker+Valid, 198 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:51,731 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [313 Valid, 359 Invalid, 306 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [108 Valid, 198 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-02 19:50:51,733 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 556 states. [2022-11-02 19:50:51,793 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 556 to 530. [2022-11-02 19:50:51,794 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 530 states, 402 states have (on average 1.1965174129353233) internal successors, (481), 426 states have internal predecessors, (481), 68 states have call successors, (68), 51 states have call predecessors, (68), 59 states have return successors, (107), 68 states have call predecessors, (107), 68 states have call successors, (107) [2022-11-02 19:50:51,798 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 530 states to 530 states and 656 transitions. [2022-11-02 19:50:51,798 INFO L78 Accepts]: Start accepts. Automaton has 530 states and 656 transitions. Word has length 85 [2022-11-02 19:50:51,799 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:51,799 INFO L495 AbstractCegarLoop]: Abstraction has 530 states and 656 transitions. [2022-11-02 19:50:51,799 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-11-02 19:50:51,800 INFO L276 IsEmpty]: Start isEmpty. Operand 530 states and 656 transitions. [2022-11-02 19:50:51,801 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 95 [2022-11-02 19:50:51,801 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:51,802 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:51,802 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-02 19:50:51,802 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:51,803 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:51,803 INFO L85 PathProgramCache]: Analyzing trace with hash 1627346287, now seen corresponding path program 1 times [2022-11-02 19:50:51,803 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:51,803 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1570266725] [2022-11-02 19:50:51,803 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:51,804 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:51,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 19:50:52,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-02 19:50:52,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:52,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,097 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 19:50:52,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-11-02 19:50:52,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,129 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-11-02 19:50:52,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 19:50:52,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-11-02 19:50:52,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,143 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 8 proven. 18 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-02 19:50:52,143 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:52,144 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1570266725] [2022-11-02 19:50:52,145 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1570266725] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-02 19:50:52,145 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [82709570] [2022-11-02 19:50:52,145 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:52,146 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 19:50:52,146 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 19:50:52,152 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-02 19:50:52,159 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-02 19:50:52,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:52,294 INFO L263 TraceCheckSpWp]: Trace formula consists of 466 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-02 19:50:52,301 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-02 19:50:52,569 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 24 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-02 19:50:52,569 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-02 19:50:52,859 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 18 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-02 19:50:52,860 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [82709570] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-02 19:50:52,860 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-02 19:50:52,860 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-11-02 19:50:52,860 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [381492403] [2022-11-02 19:50:52,861 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-02 19:50:52,861 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-02 19:50:52,861 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:52,862 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-02 19:50:52,862 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-11-02 19:50:52,863 INFO L87 Difference]: Start difference. First operand 530 states and 656 transitions. Second operand has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-11-02 19:50:54,263 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:54,263 INFO L93 Difference]: Finished difference Result 1149 states and 1458 transitions. [2022-11-02 19:50:54,264 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2022-11-02 19:50:54,264 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) Word has length 94 [2022-11-02 19:50:54,264 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:54,268 INFO L225 Difference]: With dead ends: 1149 [2022-11-02 19:50:54,268 INFO L226 Difference]: Without dead ends: 675 [2022-11-02 19:50:54,271 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 255 GetRequests, 209 SyntacticMatches, 4 SemanticMatches, 42 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 463 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=441, Invalid=1451, Unknown=0, NotChecked=0, Total=1892 [2022-11-02 19:50:54,272 INFO L413 NwaCegarLoop]: 206 mSDtfsCounter, 461 mSDsluCounter, 624 mSDsCounter, 0 mSdLazyCounter, 595 mSolverCounterSat, 257 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 465 SdHoareTripleChecker+Valid, 830 SdHoareTripleChecker+Invalid, 852 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 257 IncrementalHoareTripleChecker+Valid, 595 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:54,273 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [465 Valid, 830 Invalid, 852 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [257 Valid, 595 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-11-02 19:50:54,274 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 675 states. [2022-11-02 19:50:54,355 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 675 to 591. [2022-11-02 19:50:54,356 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 591 states, 442 states have (on average 1.1787330316742082) internal successors, (521), 474 states have internal predecessors, (521), 78 states have call successors, (78), 65 states have call predecessors, (78), 70 states have return successors, (103), 73 states have call predecessors, (103), 78 states have call successors, (103) [2022-11-02 19:50:54,359 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 591 states to 591 states and 702 transitions. [2022-11-02 19:50:54,360 INFO L78 Accepts]: Start accepts. Automaton has 591 states and 702 transitions. Word has length 94 [2022-11-02 19:50:54,361 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:54,361 INFO L495 AbstractCegarLoop]: Abstraction has 591 states and 702 transitions. [2022-11-02 19:50:54,362 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-11-02 19:50:54,362 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 702 transitions. [2022-11-02 19:50:54,371 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-11-02 19:50:54,371 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:54,371 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:54,423 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-02 19:50:54,586 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 19:50:54,586 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:54,587 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:54,587 INFO L85 PathProgramCache]: Analyzing trace with hash -299983089, now seen corresponding path program 1 times [2022-11-02 19:50:54,587 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:54,587 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [684074810] [2022-11-02 19:50:54,588 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:54,588 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:54,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,795 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 19:50:54,797 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,807 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-02 19:50:54,813 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,819 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:54,821 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 19:50:54,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,832 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-11-02 19:50:54,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:54,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,847 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 19:50:54,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 19:50:54,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,853 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-11-02 19:50:54,859 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,973 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:54,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 19:50:54,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-11-02 19:50:54,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-11-02 19:50:54,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:54,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-11-02 19:50:54,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:55,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-11-02 19:50:55,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:55,003 INFO L134 CoverageAnalysis]: Checked inductivity of 188 backedges. 79 proven. 0 refuted. 0 times theorem prover too weak. 109 trivial. 0 not checked. [2022-11-02 19:50:55,004 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:55,004 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [684074810] [2022-11-02 19:50:55,004 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [684074810] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:55,004 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 19:50:55,004 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-02 19:50:55,005 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [233706014] [2022-11-02 19:50:55,005 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:55,005 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-02 19:50:55,005 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:55,006 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-02 19:50:55,006 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2022-11-02 19:50:55,006 INFO L87 Difference]: Start difference. First operand 591 states and 702 transitions. Second operand has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) [2022-11-02 19:50:56,084 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:56,084 INFO L93 Difference]: Finished difference Result 1686 states and 2029 transitions. [2022-11-02 19:50:56,085 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 22 states. [2022-11-02 19:50:56,085 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) Word has length 171 [2022-11-02 19:50:56,085 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:56,092 INFO L225 Difference]: With dead ends: 1686 [2022-11-02 19:50:56,092 INFO L226 Difference]: Without dead ends: 1103 [2022-11-02 19:50:56,096 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 40 SyntacticMatches, 0 SemanticMatches, 26 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 150 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=178, Invalid=578, Unknown=0, NotChecked=0, Total=756 [2022-11-02 19:50:56,097 INFO L413 NwaCegarLoop]: 207 mSDtfsCounter, 494 mSDsluCounter, 455 mSDsCounter, 0 mSdLazyCounter, 534 mSolverCounterSat, 192 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 498 SdHoareTripleChecker+Valid, 662 SdHoareTripleChecker+Invalid, 726 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 192 IncrementalHoareTripleChecker+Valid, 534 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:56,098 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [498 Valid, 662 Invalid, 726 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [192 Valid, 534 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-11-02 19:50:56,100 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1103 states. [2022-11-02 19:50:56,263 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1103 to 1101. [2022-11-02 19:50:56,265 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1101 states, 824 states have (on average 1.145631067961165) internal successors, (944), 879 states have internal predecessors, (944), 146 states have call successors, (146), 124 states have call predecessors, (146), 130 states have return successors, (189), 133 states have call predecessors, (189), 146 states have call successors, (189) [2022-11-02 19:50:56,273 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1101 states to 1101 states and 1279 transitions. [2022-11-02 19:50:56,274 INFO L78 Accepts]: Start accepts. Automaton has 1101 states and 1279 transitions. Word has length 171 [2022-11-02 19:50:56,274 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:56,276 INFO L495 AbstractCegarLoop]: Abstraction has 1101 states and 1279 transitions. [2022-11-02 19:50:56,276 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) [2022-11-02 19:50:56,276 INFO L276 IsEmpty]: Start isEmpty. Operand 1101 states and 1279 transitions. [2022-11-02 19:50:56,284 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-11-02 19:50:56,284 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:56,284 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:56,285 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-11-02 19:50:56,285 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:56,285 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:56,286 INFO L85 PathProgramCache]: Analyzing trace with hash -1382549873, now seen corresponding path program 1 times [2022-11-02 19:50:56,286 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:56,286 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [854592789] [2022-11-02 19:50:56,287 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:56,287 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:56,324 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 19:50:56,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,474 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 19:50:56,475 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-02 19:50:56,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,499 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:56,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,507 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 19:50:56,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-11-02 19:50:56,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:56,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 19:50:56,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 19:50:56,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-11-02 19:50:56,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:56,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 19:50:56,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-11-02 19:50:56,622 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,624 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-11-02 19:50:56,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-11-02 19:50:56,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,635 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 83 proven. 10 refuted. 0 times theorem prover too weak. 91 trivial. 0 not checked. [2022-11-02 19:50:56,636 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:56,636 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [854592789] [2022-11-02 19:50:56,636 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [854592789] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-02 19:50:56,636 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [124220802] [2022-11-02 19:50:56,637 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:56,637 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 19:50:56,638 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 19:50:56,639 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-02 19:50:56,662 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-02 19:50:56,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:56,812 INFO L263 TraceCheckSpWp]: Trace formula consists of 671 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-02 19:50:56,847 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-02 19:50:57,058 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 127 proven. 0 refuted. 0 times theorem prover too weak. 57 trivial. 0 not checked. [2022-11-02 19:50:57,058 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-02 19:50:57,059 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [124220802] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 19:50:57,059 INFO L184 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-11-02 19:50:57,059 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [11] total 15 [2022-11-02 19:50:57,059 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [116350381] [2022-11-02 19:50:57,060 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 19:50:57,061 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 19:50:57,061 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:57,061 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 19:50:57,062 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=173, Unknown=0, NotChecked=0, Total=210 [2022-11-02 19:50:57,062 INFO L87 Difference]: Start difference. First operand 1101 states and 1279 transitions. Second operand has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-11-02 19:50:57,272 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:50:57,272 INFO L93 Difference]: Finished difference Result 2020 states and 2353 transitions. [2022-11-02 19:50:57,273 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-02 19:50:57,273 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 171 [2022-11-02 19:50:57,274 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:50:57,279 INFO L225 Difference]: With dead ends: 2020 [2022-11-02 19:50:57,279 INFO L226 Difference]: Without dead ends: 1023 [2022-11-02 19:50:57,282 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 209 GetRequests, 194 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 29 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=52, Invalid=220, Unknown=0, NotChecked=0, Total=272 [2022-11-02 19:50:57,283 INFO L413 NwaCegarLoop]: 162 mSDtfsCounter, 69 mSDsluCounter, 254 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 69 SdHoareTripleChecker+Valid, 416 SdHoareTripleChecker+Invalid, 75 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-02 19:50:57,284 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [69 Valid, 416 Invalid, 75 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-02 19:50:57,285 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1023 states. [2022-11-02 19:50:57,387 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1023 to 1008. [2022-11-02 19:50:57,414 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1008 states, 760 states have (on average 1.138157894736842) internal successors, (865), 806 states have internal predecessors, (865), 131 states have call successors, (131), 113 states have call predecessors, (131), 116 states have return successors, (167), 119 states have call predecessors, (167), 131 states have call successors, (167) [2022-11-02 19:50:57,419 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1008 states to 1008 states and 1163 transitions. [2022-11-02 19:50:57,420 INFO L78 Accepts]: Start accepts. Automaton has 1008 states and 1163 transitions. Word has length 171 [2022-11-02 19:50:57,420 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:50:57,420 INFO L495 AbstractCegarLoop]: Abstraction has 1008 states and 1163 transitions. [2022-11-02 19:50:57,421 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-11-02 19:50:57,421 INFO L276 IsEmpty]: Start isEmpty. Operand 1008 states and 1163 transitions. [2022-11-02 19:50:57,425 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-11-02 19:50:57,426 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 19:50:57,426 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:50:57,466 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-02 19:50:57,650 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2022-11-02 19:50:57,650 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 19:50:57,651 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 19:50:57,651 INFO L85 PathProgramCache]: Analyzing trace with hash 2106216135, now seen corresponding path program 2 times [2022-11-02 19:50:57,651 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 19:50:57,651 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [926954985] [2022-11-02 19:50:57,651 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 19:50:57,652 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 19:50:57,680 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 19:50:57,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-02 19:50:57,857 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,861 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:57,862 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 19:50:57,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-11-02 19:50:57,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:57,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 19:50:57,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,887 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 19:50:57,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,896 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-11-02 19:50:57,897 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,899 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-11-02 19:50:57,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 19:50:57,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 19:50:57,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-11-02 19:50:57,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-11-02 19:50:57,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-11-02 19:50:57,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 19:50:57,995 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 66 proven. 5 refuted. 0 times theorem prover too weak. 113 trivial. 0 not checked. [2022-11-02 19:50:57,995 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 19:50:57,995 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [926954985] [2022-11-02 19:50:57,996 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [926954985] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-02 19:50:57,996 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1767597391] [2022-11-02 19:50:57,996 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-02 19:50:57,996 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 19:50:57,997 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 19:50:57,998 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-02 19:50:58,008 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-02 19:50:58,170 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-02 19:50:58,170 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-02 19:50:58,174 INFO L263 TraceCheckSpWp]: Trace formula consists of 671 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-02 19:50:58,178 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-02 19:50:58,480 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 134 proven. 4 refuted. 0 times theorem prover too weak. 46 trivial. 0 not checked. [2022-11-02 19:50:58,480 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-02 19:50:59,187 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 77 proven. 39 refuted. 0 times theorem prover too weak. 68 trivial. 0 not checked. [2022-11-02 19:50:59,187 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1767597391] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-02 19:50:59,187 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-02 19:50:59,187 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 10, 11] total 26 [2022-11-02 19:50:59,190 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [286078881] [2022-11-02 19:50:59,190 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-02 19:50:59,192 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-11-02 19:50:59,192 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 19:50:59,193 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-11-02 19:50:59,193 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=121, Invalid=529, Unknown=0, NotChecked=0, Total=650 [2022-11-02 19:50:59,194 INFO L87 Difference]: Start difference. First operand 1008 states and 1163 transitions. Second operand has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) [2022-11-02 19:51:01,193 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 19:51:01,193 INFO L93 Difference]: Finished difference Result 2117 states and 2508 transitions. [2022-11-02 19:51:01,194 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 31 states. [2022-11-02 19:51:01,194 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) Word has length 171 [2022-11-02 19:51:01,194 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 19:51:01,195 INFO L225 Difference]: With dead ends: 2117 [2022-11-02 19:51:01,195 INFO L226 Difference]: Without dead ends: 0 [2022-11-02 19:51:01,201 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 416 GetRequests, 361 SyntacticMatches, 5 SemanticMatches, 50 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 531 ImplicationChecksByTransitivity, 1.0s TimeCoverageRelationStatistics Valid=557, Invalid=2095, Unknown=0, NotChecked=0, Total=2652 [2022-11-02 19:51:01,203 INFO L413 NwaCegarLoop]: 124 mSDtfsCounter, 658 mSDsluCounter, 421 mSDsCounter, 0 mSdLazyCounter, 1527 mSolverCounterSat, 290 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 661 SdHoareTripleChecker+Valid, 545 SdHoareTripleChecker+Invalid, 1817 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 290 IncrementalHoareTripleChecker+Valid, 1527 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-02 19:51:01,203 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [661 Valid, 545 Invalid, 1817 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [290 Valid, 1527 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2022-11-02 19:51:01,204 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-02 19:51:01,204 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-02 19:51:01,204 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-02 19:51:01,204 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-02 19:51:01,205 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 171 [2022-11-02 19:51:01,205 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 19:51:01,205 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-02 19:51:01,205 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) [2022-11-02 19:51:01,206 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-02 19:51:01,206 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-02 19:51:01,212 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-02 19:51:01,265 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-11-02 19:51:01,438 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable12 [2022-11-02 19:51:01,440 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-02 19:51:17,872 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 206 213) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|))) (and (or .cse0 (not (= 1 ~systemActive~0))) (or .cse0 (not (<= 2 ~waterLevel~0)) (= 0 ~systemActive~0)))) [2022-11-02 19:51:17,872 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 206 213) no Hoare annotation was computed. [2022-11-02 19:51:17,872 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 206 213) no Hoare annotation was computed. [2022-11-02 19:51:17,872 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 139 145) no Hoare annotation was computed. [2022-11-02 19:51:17,872 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 139 145) the Hoare annotation is: true [2022-11-02 19:51:17,873 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 915 926) the Hoare annotation is: (let ((.cse0 (not (< 1 ~waterLevel~0))) (.cse6 (not (<= 1 ~pumpRunning~0))) (.cse7 (not (<= 1 |old(~methaneLevelCritical~0)|))) (.cse5 (not (<= ~waterLevel~0 2))) (.cse1 (not (= |old(~methaneLevelCritical~0)| 0))) (.cse2 (not (= ~pumpRunning~0 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse4 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse8 (not (<= ~waterLevel~0 1)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse3 .cse4 .cse6 .cse5 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse1 .cse3 (not (= 2 ~waterLevel~0)) .cse4 .cse6) (or .cse0 .cse2 .cse3 .cse4 .cse7 .cse5) (or .cse2 .cse3 .cse4 .cse7 .cse8) (or .cse3 .cse4 (not (<= 2 ~waterLevel~0)) .cse6 .cse7 .cse5) (or .cse1 .cse2 .cse3 .cse4 .cse8))) [2022-11-02 19:51:17,873 INFO L899 garLoopResultBuilder]: For program point L919-1(lines 915 926) no Hoare annotation was computed. [2022-11-02 19:51:17,873 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 915 926) no Hoare annotation was computed. [2022-11-02 19:51:17,873 INFO L899 garLoopResultBuilder]: For program point L320(lines 320 324) no Hoare annotation was computed. [2022-11-02 19:51:17,874 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 306 335) no Hoare annotation was computed. [2022-11-02 19:51:17,874 INFO L902 garLoopResultBuilder]: At program point L320-1(lines 320 324) the Hoare annotation is: true [2022-11-02 19:51:17,874 INFO L899 garLoopResultBuilder]: For program point L317(line 317) no Hoare annotation was computed. [2022-11-02 19:51:17,874 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 306 335) the Hoare annotation is: true [2022-11-02 19:51:17,874 INFO L902 garLoopResultBuilder]: At program point L316-2(lines 316 330) the Hoare annotation is: true [2022-11-02 19:51:17,874 INFO L902 garLoopResultBuilder]: At program point L312(line 312) the Hoare annotation is: true [2022-11-02 19:51:17,875 INFO L899 garLoopResultBuilder]: For program point L312-1(line 312) no Hoare annotation was computed. [2022-11-02 19:51:17,875 INFO L902 garLoopResultBuilder]: At program point L331(lines 306 335) the Hoare annotation is: true [2022-11-02 19:51:17,875 INFO L899 garLoopResultBuilder]: For program point L327(line 327) no Hoare annotation was computed. [2022-11-02 19:51:17,875 INFO L895 garLoopResultBuilder]: At program point L192(line 192) the Hoare annotation is: (let ((.cse9 (not (< 1 |old(~waterLevel~0)|))) (.cse8 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse6 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (= ~methaneLevelCritical~0 0))) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse5 .cse6 .cse1 .cse7) (or .cse5 .cse6 .cse1 .cse7 .cse8) (or .cse1 .cse2 .cse9 .cse3 .cse10) (or .cse1 .cse2 .cse9 .cse7 .cse10) (or .cse5 .cse6 .cse1 .cse3 .cse8) (or .cse0 .cse5 .cse6 .cse1 .cse3) (or .cse1 .cse2 .cse7 .cse10 .cse4) (or .cse5 (not (= 0 ~systemActive~0))))) [2022-11-02 19:51:17,883 INFO L895 garLoopResultBuilder]: At program point L192-1(lines 173 197) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse25 (= 1 ~systemActive~0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse26 (<= 1 ~methaneLevelCritical~0)) (.cse9 (= ~pumpRunning~0 0)) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse18 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse27 (<= ~waterLevel~0 1)) (.cse19 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse28 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse20 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse21 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse22 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse4 (<= 1 ~pumpRunning~0)) (.cse17 (and .cse18 .cse10 .cse27 .cse19 .cse28 .cse20 .cse21 .cse11 .cse22)) (.cse1 (and .cse9 .cse5)) (.cse16 (not (= |old(~waterLevel~0)| 1))) (.cse3 (not .cse26)) (.cse13 (and .cse8 .cse9 .cse26 .cse10 .cse27 .cse25 .cse28 .cse11 .cse12)) (.cse14 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse24 (= ~waterLevel~0 1)) (.cse2 (not .cse25)) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse23 (not (< 1 |old(~waterLevel~0)|))) (.cse15 (not (= ~methaneLevelCritical~0 0))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5) .cse6) (or .cse2 .cse7 (and .cse8 .cse9 .cse10 .cse5 .cse11 .cse12) .cse3 .cse13 .cse6 .cse14) (or .cse0 .cse1 .cse2 .cse15 .cse6 (and .cse4 (= 2 ~waterLevel~0) .cse5)) (or .cse2 .cse7 .cse3 .cse13 (not (= |old(~waterLevel~0)| 2))) (or .cse16 .cse2 .cse17 .cse7 .cse15 .cse14) (or .cse2 .cse17 .cse7 .cse15 (and .cse18 .cse10 .cse19 .cse20 .cse21 .cse5 .cse11 .cse22) .cse6 .cse14) (or .cse2 .cse7 .cse23 .cse3 .cse24 .cse6) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3) (or .cse16 .cse2 .cse7 .cse3 .cse13 .cse14) (or (and .cse18 .cse10 .cse19 .cse20 .cse21 .cse24 .cse11 .cse22) .cse2 .cse7 .cse23 .cse15 .cse6) (or .cse0 (not (= 0 ~systemActive~0)))))) [2022-11-02 19:51:17,884 INFO L895 garLoopResultBuilder]: At program point L221(lines 214 224) the Hoare annotation is: (let ((.cse9 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse19 (<= 1 ~methaneLevelCritical~0)) (.cse21 (= 1 ~systemActive~0)) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse20 (<= ~waterLevel~0 1)) (.cse22 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse12 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse14 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (= ~waterLevel~0 1)) (.cse10 (and .cse5 .cse6 .cse20 .cse22 .cse12 .cse8 .cse14)) (.cse11 (not (= ~methaneLevelCritical~0 0))) (.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse17 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not .cse21)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not .cse19)) (.cse18 (and (<= 1 ~pumpRunning~0) .cse5 .cse19 .cse6 .cse20 .cse21 .cse22 .cse8 .cse9)) (.cse15 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse16 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 (and .cse5 .cse6 .cse7 .cse8 .cse9)) (or .cse0 .cse1 .cse10 .cse11 .cse4 (and .cse5 .cse6 .cse12 .cse13 .cse8 .cse14) .cse15) (or .cse16 .cse0 .cse11 (not (= |old(~waterLevel~0)| 2))) (or (not (<= |old(~waterLevel~0)| 1)) .cse16 .cse0 .cse11) (or .cse0 .cse1 .cse2 .cse11 (and .cse5 .cse6 .cse12 .cse7 .cse8 .cse14) .cse4) (or .cse17 .cse0 .cse1 .cse10 .cse11 .cse15) (or .cse16 .cse0 .cse3 .cse4) (or (and .cse5 .cse6 .cse13 .cse8 .cse9) .cse0 .cse1 .cse3 .cse4 .cse18 .cse15) (or .cse17 .cse0 .cse1 .cse3 .cse18 .cse15) (or .cse16 (not (= 0 ~systemActive~0)))))) [2022-11-02 19:51:17,884 INFO L899 garLoopResultBuilder]: For program point L126-1(lines 126 132) no Hoare annotation was computed. [2022-11-02 19:51:17,884 INFO L899 garLoopResultBuilder]: For program point L506(lines 506 512) no Hoare annotation was computed. [2022-11-02 19:51:17,884 INFO L895 garLoopResultBuilder]: At program point L490(lines 483 492) the Hoare annotation is: (let ((.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse12 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (= 1 ~systemActive~0)) (.cse14 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (and .cse13 (let ((.cse15 (<= 1 ~pumpRunning~0))) (or (and .cse15 .cse12 .cse11 (= ~waterLevel~0 1) .cse14) (and .cse15 .cse12 (<= 2 ~waterLevel~0) .cse11 .cse14))))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (and (= ~pumpRunning~0 0) .cse13)) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (and .cse12 .cse13 .cse14)) (.cse0 (not .cse11)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 (not (= 0 ~systemActive~0))) (or .cse7 .cse5 .cse6 .cse0 .cse2) (or .cse5 .cse6 .cse0 .cse2 .cse4) (or .cse0 .cse1 .cse8 .cse3 .cse4) (or .cse7 .cse9 .cse0 .cse1 .cse8 .cse10) (or .cse5 .cse6 .cse0 .cse8 .cse4) (or .cse7 .cse5 .cse6 .cse0 .cse8) (or .cse7 .cse9 .cse0 .cse1 .cse2 .cse10)))) [2022-11-02 19:51:17,885 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 112 138) no Hoare annotation was computed. [2022-11-02 19:51:17,885 INFO L895 garLoopResultBuilder]: At program point L932(lines 927 935) the Hoare annotation is: (let ((.cse14 (<= 1 ~methaneLevelCritical~0)) (.cse16 (<= 1 ~pumpRunning~0)) (.cse17 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse22 (= ~methaneLevelCritical~0 0)) (.cse18 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse19 (<= ~waterLevel~0 1)) (.cse15 (= 1 ~systemActive~0)) (.cse20 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse21 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse6 (not (= |old(~waterLevel~0)| 1))) (.cse8 (and .cse16 .cse17 .cse22 .cse18 .cse19 .cse15 .cse20 .cse21)) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (and .cse17 .cse18 (= ~waterLevel~0 1) .cse21)) (.cse7 (not .cse22)) (.cse12 (not (<= |old(~waterLevel~0)| 1))) (.cse13 (and .cse17 .cse18 (= |old(~waterLevel~0)| ~waterLevel~0) .cse21)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse11 (and .cse16 .cse17 .cse14 .cse18 .cse19 .cse15 .cse20 .cse21)) (.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse15)) (.cse3 (not .cse14)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse0 .cse1 .cse7 .cse8 .cse9) (or .cse10 .cse0 .cse7 (not (= |old(~waterLevel~0)| 2))) (or .cse6 .cse0 .cse1 .cse3 .cse11 .cse9) (or .cse12 .cse13 .cse0 .cse1 .cse7 .cse8 .cse9) (or .cse0 .cse1 .cse2 .cse7 .cse4 .cse5) (or .cse12 .cse10 .cse0 .cse7) (or .cse12 .cse13 .cse0 .cse1 .cse3 .cse11 .cse9) (or .cse10 .cse0 .cse3 .cse5) (or .cse10 (not (= 0 ~systemActive~0)))))) [2022-11-02 19:51:17,886 INFO L899 garLoopResultBuilder]: For program point L895(lines 895 899) no Hoare annotation was computed. [2022-11-02 19:51:17,886 INFO L895 garLoopResultBuilder]: At program point L895-2(lines 891 902) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse16 (<= 1 ~methaneLevelCritical~0)) (.cse18 (<= ~waterLevel~0 1)) (.cse17 (= 1 ~systemActive~0)) (.cse19 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse10 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse13 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse14 (and (<= 1 ~pumpRunning~0) .cse8 .cse16 .cse18 .cse17 .cse19 .cse10)) (.cse15 (and .cse8 (= |old(~waterLevel~0)| ~waterLevel~0) .cse10)) (.cse4 (and .cse8 .cse18 .cse17 .cse19 .cse10)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse9 (= ~waterLevel~0 1)) (.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse7 (not .cse16)) (.cse11 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse6 .cse7 (and .cse8 .cse9 .cse10) .cse11) (or .cse12 .cse1 .cse3 .cse13) (or .cse1 .cse2 .cse3 .cse13 .cse4) (or .cse0 .cse1 .cse2 .cse14 .cse7 .cse5) (or .cse15 .cse1 .cse2 .cse14 .cse7 .cse11 .cse5) (or .cse15 .cse1 .cse2 .cse3 .cse4 .cse11 .cse5) (or .cse1 .cse2 .cse6 .cse3 .cse9 .cse11) (or (not (<= |old(~waterLevel~0)| 1)) .cse12 .cse1 .cse3) (or .cse12 .cse1 .cse7 .cse11) (or .cse12 (not (= 0 ~systemActive~0)))))) [2022-11-02 19:51:17,886 INFO L899 garLoopResultBuilder]: For program point L119(lines 119 125) no Hoare annotation was computed. [2022-11-02 19:51:17,887 INFO L895 garLoopResultBuilder]: At program point L503(line 503) the Hoare annotation is: (let ((.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse24 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse25 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse26 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse27 (<= 0 |timeShift_isMethaneAlarm_#res#1|)) (.cse3 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse4 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse5 (= ~pumpRunning~0 0)) (.cse32 (<= 1 ~methaneLevelCritical~0)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse20 (<= ~waterLevel~0 1)) (.cse30 (= 1 ~systemActive~0)) (.cse31 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse7 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| ~waterLevel~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse10 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse22 (not (= 0 ~systemActive~0))) (.cse8 (= ~waterLevel~0 1)) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse12 (not (<= |old(~waterLevel~0)| 2))) (.cse19 (not (= |old(~pumpRunning~0)| 0))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse15 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse16 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse17 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (and .cse3 .cse4 .cse5 .cse32 .cse6 .cse20 .cse30 .cse31 .cse7 .cse9 .cse10)) (.cse11 (not .cse32)) (.cse29 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not .cse30)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse21 (not (= ~methaneLevelCritical~0 0))) (.cse28 (and .cse23 .cse3 .cse6 .cse20 .cse30 .cse24 .cse31 .cse25 .cse26 .cse7 .cse9 .cse27)) (.cse18 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5 .cse6 .cse7 .cse8 .cse9 .cse10) .cse11 .cse12) (or .cse13 .cse14 .cse0 .cse1 .cse11 (and .cse4 .cse5 .cse15 .cse6 .cse16 .cse17 .cse9 .cse10) .cse18) (or .cse19 .cse0 (and .cse5 .cse15 .cse20 .cse16 .cse17) .cse11 .cse12) (or .cse19 .cse0 .cse21 (not (= |old(~waterLevel~0)| 2))) (or .cse19 (and .cse5 .cse17) .cse22) (or .cse19 .cse2 .cse12 .cse22) (or (and .cse23 .cse3 .cse6 .cse24 .cse25 .cse26 .cse7 .cse8 .cse9 .cse27) .cse0 .cse1 .cse2 .cse21 .cse12) (or .cse13 .cse19 .cse0 .cse21 (and .cse5 .cse15 .cse16 .cse17)) (or .cse13 .cse0 .cse1 (and .cse23 .cse15 .cse6 .cse24 .cse25 .cse26 .cse16 .cse17 .cse9 .cse27) .cse21 .cse28 .cse18) (or .cse29 .cse14 .cse0 .cse1 .cse11 .cse18) (or .cse29 .cse0 .cse1 .cse21 .cse28 .cse18)))) [2022-11-02 19:51:17,887 INFO L899 garLoopResultBuilder]: For program point L503-1(line 503) no Hoare annotation was computed. [2022-11-02 19:51:17,888 INFO L899 garLoopResultBuilder]: For program point L119-2(lines 115 137) no Hoare annotation was computed. [2022-11-02 19:51:17,888 INFO L899 garLoopResultBuilder]: For program point L181(lines 181 189) no Hoare annotation was computed. [2022-11-02 19:51:17,888 INFO L899 garLoopResultBuilder]: For program point L177(lines 177 194) no Hoare annotation was computed. [2022-11-02 19:51:17,888 INFO L899 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-11-02 19:51:17,889 INFO L895 garLoopResultBuilder]: At program point L488(line 488) the Hoare annotation is: (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~pumpRunning~0 0)) (.cse15 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse19 (< 1 ~waterLevel~0)) (.cse17 (= 1 ~systemActive~0)) (.cse20 (<= ~waterLevel~0 2))) (let ((.cse4 (and .cse14 .cse18 .cse15 .cse19 .cse17 .cse20)) (.cse5 (not (<= 2 |old(~waterLevel~0)|))) (.cse10 (not (< 1 |old(~waterLevel~0)|))) (.cse11 (and (<= 1 ~pumpRunning~0) .cse14 .cse15 .cse19 .cse17 .cse20)) (.cse6 (and .cse18 .cse15 .cse16)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (and .cse14 .cse15 .cse16)) (.cse13 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse0 .cse1 .cse2) (or .cse6 .cse7 .cse0 .cse1 .cse8) (or .cse0 .cse1 .cse8 .cse3 .cse4 .cse5) (or .cse1 .cse9 .cse10 .cse11 .cse2 .cse3) (or .cse1 .cse9 .cse10 .cse11 .cse8 .cse3) (or .cse6 .cse0 (not (= 0 ~systemActive~0))) (or .cse7 .cse1 .cse9 .cse2 .cse12 .cse13) (or .cse1 .cse9 .cse8 .cse3 .cse12 .cse13)))) [2022-11-02 19:51:17,889 INFO L899 garLoopResultBuilder]: For program point L488-1(line 488) no Hoare annotation was computed. [2022-11-02 19:51:17,889 INFO L895 garLoopResultBuilder]: At program point L187(line 187) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse12 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse13 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse14 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse15 (<= 1 ~switchedOnBeforeTS~0)) (.cse16 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse9 (and .cse10 .cse11 (<= ~waterLevel~0 1) .cse12 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse13 .cse14 .cse15 .cse16)) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse1 .cse6 (not (= |old(~waterLevel~0)| 2))) (or .cse1 .cse2 .cse7 .cse3 .cse8) (or (not (= |old(~waterLevel~0)| 1)) .cse1 .cse9 .cse2 .cse6 .cse4) (or .cse1 .cse9 .cse2 .cse6 (and .cse10 .cse11 .cse12 .cse13 .cse14 (= |old(~waterLevel~0)| ~waterLevel~0) .cse15 .cse16) .cse8 .cse4) (or .cse0 .cse5 .cse1 .cse6) (or .cse5 .cse1 .cse3 .cse8) (or (and .cse10 .cse11 .cse12 .cse13 .cse14 (= ~waterLevel~0 1) .cse15 .cse16) .cse1 .cse2 .cse7 .cse6 .cse8) (or .cse5 (not (= 0 ~systemActive~0)))))) [2022-11-02 19:51:17,889 INFO L899 garLoopResultBuilder]: For program point L505(lines 505 515) no Hoare annotation was computed. [2022-11-02 19:51:17,890 INFO L895 garLoopResultBuilder]: At program point L183(line 183) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse17 (<= 1 ~methaneLevelCritical~0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse16 (= 1 ~systemActive~0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse7 (not (= |old(~waterLevel~0)| 2))) (.cse2 (and (<= 1 ~pumpRunning~0) .cse8 .cse9 .cse17 .cse10 (<= ~waterLevel~0 1) .cse16 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse11 .cse12)) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not .cse17)) (.cse0 (not .cse16)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse15 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse3 .cse7) (or (and .cse8 .cse9 .cse10 (= |old(~waterLevel~0)| ~waterLevel~0) .cse11 .cse12) .cse13 .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse1 .cse14 .cse6 .cse15) (or .cse0 .cse1 .cse14 .cse3 (= ~waterLevel~0 1) .cse15) (or .cse13 .cse5 .cse0 .cse6) (or .cse5 .cse0 .cse3 .cse15) (or .cse0 .cse1 .cse6 .cse15 .cse4) (or .cse5 (not (= 0 ~systemActive~0)))))) [2022-11-02 19:51:17,890 INFO L895 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (let ((.cse7 (not (< 1 |old(~waterLevel~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse1 .cse6 (not (= |old(~waterLevel~0)| 2))) (or .cse1 .cse2 .cse7 .cse3 .cse8) (or .cse1 .cse2 .cse7 .cse6 .cse8) (or .cse0 .cse5 .cse1 .cse6) (or .cse5 .cse1 .cse3 .cse8) (or .cse1 .cse2 .cse6 .cse8 .cse4) (or .cse5 (not (= 0 ~systemActive~0))))) [2022-11-02 19:51:17,890 INFO L899 garLoopResultBuilder]: For program point L501(lines 501 518) no Hoare annotation was computed. [2022-11-02 19:51:17,891 INFO L895 garLoopResultBuilder]: At program point L501-1(lines 493 521) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse9 (= ~pumpRunning~0 0)) (.cse34 (<= 1 ~methaneLevelCritical~0)) (.cse14 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse32 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse21 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse33 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse36 (<= 1 ~pumpRunning~0)) (.cse22 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse37 (= ~methaneLevelCritical~0 0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse30 (<= ~waterLevel~0 1)) (.cse29 (= 1 ~systemActive~0)) (.cse23 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse35 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse24 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse25 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| ~waterLevel~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0)) (.cse26 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse2 (and .cse36 .cse22 .cse7 .cse37 .cse10 .cse30 .cse29 .cse23 .cse35 .cse24 .cse25 .cse11 .cse13 .cse26)) (.cse17 (not (<= |old(~waterLevel~0)| 1))) (.cse12 (= ~waterLevel~0 1)) (.cse19 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse20 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse28 (not (= 0 ~systemActive~0))) (.cse27 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not .cse37)) (.cse31 (and .cse36 .cse32 (<= 2 ~waterLevel~0) .cse29 .cse21 .cse33)) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse18 (and .cse7 .cse8 .cse9 .cse34 .cse10 .cse30 .cse29 .cse35 .cse11 .cse13 .cse14)) (.cse1 (not .cse29)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse15 (not .cse34)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse3 .cse6 (and .cse7 .cse8 .cse9 .cse10 .cse11 .cse12 .cse13 .cse14) .cse15 .cse16) (or .cse17 .cse18 .cse1 .cse3 .cse15 (and .cse8 .cse9 .cse19 .cse10 .cse20 .cse21 .cse13 .cse14) .cse5) (or .cse17 .cse1 .cse2 .cse3 (and .cse22 .cse19 .cse10 .cse23 .cse24 .cse25 .cse20 .cse21 .cse13 .cse26) .cse4 .cse5) (or .cse27 (and .cse9 .cse21) .cse28) (or .cse17 .cse27 .cse1 .cse4 (and .cse22 .cse9 .cse19 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1|)) .cse29 .cse21)) (or (and .cse22 .cse7 .cse10 .cse23 .cse24 .cse25 .cse11 .cse12 .cse13 .cse26) .cse1 .cse3 .cse6 .cse4 .cse16) (or .cse27 .cse1 (and .cse22 .cse9 .cse19 .cse30 .cse29 .cse20 .cse21) .cse15 .cse31 .cse16 (and .cse22 .cse9 (= 2 ~waterLevel~0) .cse32 .cse29 .cse21 .cse33)) (or .cse27 .cse6 (and .cse32 .cse33) .cse16 .cse28) (or .cse27 .cse1 (and .cse22 .cse9 .cse32 .cse29 .cse21 .cse33) .cse4 .cse31 (not (= |old(~waterLevel~0)| 2))) (or .cse0 .cse18 .cse1 .cse3 .cse15 .cse5)))) [2022-11-02 19:51:17,891 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 112 138) the Hoare annotation is: (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~pumpRunning~0 0)) (.cse15 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse19 (< 1 ~waterLevel~0)) (.cse17 (= 1 ~systemActive~0)) (.cse20 (<= ~waterLevel~0 2))) (let ((.cse4 (and .cse14 .cse18 .cse15 .cse19 .cse17 .cse20)) (.cse5 (not (<= 2 |old(~waterLevel~0)|))) (.cse10 (not (< 1 |old(~waterLevel~0)|))) (.cse11 (and (<= 1 ~pumpRunning~0) .cse14 .cse15 .cse19 .cse17 .cse20)) (.cse6 (and .cse18 .cse15 .cse16)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (and .cse14 .cse15 .cse16)) (.cse13 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse0 .cse1 .cse2) (or .cse6 .cse7 .cse0 .cse1 .cse8) (or .cse0 .cse1 .cse8 .cse3 .cse4 .cse5) (or .cse1 .cse9 .cse10 .cse11 .cse2 .cse3) (or .cse1 .cse9 .cse10 .cse11 .cse8 .cse3) (or .cse6 .cse0 (not (= 0 ~systemActive~0))) (or .cse7 .cse1 .cse9 .cse2 .cse12 .cse13) (or .cse1 .cse9 .cse8 .cse3 .cse12 .cse13)))) [2022-11-02 19:51:17,891 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 112 138) no Hoare annotation was computed. [2022-11-02 19:51:17,892 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-11-02 19:51:17,893 INFO L895 garLoopResultBuilder]: At program point L964(lines 959 967) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse4 (= ~pumpRunning~0 0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse31 (<= 1 ~methaneLevelCritical~0)) (.cse20 (<= 1 ~pumpRunning~0)) (.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse34 (= ~methaneLevelCritical~0 0)) (.cse9 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse17 (<= ~waterLevel~0 1)) (.cse32 (= 1 ~systemActive~0)) (.cse24 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse33 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse25 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse26 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse27 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse21 (not (= 0 ~systemActive~0))) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse10 (= ~waterLevel~0 1)) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse5 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse22 (and .cse20 .cse23 .cse7 .cse34 .cse9 .cse17 .cse32 .cse24 .cse33 .cse25 .cse26 .cse11 .cse27)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not .cse34)) (.cse19 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse30 (not (= |old(~waterLevel~0)| 1))) (.cse2 (not .cse32)) (.cse13 (not (<= 1 |old(~pumpRunning~0)|))) (.cse15 (not .cse31)) (.cse29 (and .cse7 .cse8 .cse4 .cse31 .cse9 .cse17 .cse32 .cse33 .cse11 .cse12)) (.cse28 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5 .cse6)) (or (and .cse7 .cse8 .cse4 .cse9 .cse10 .cse11 .cse12) .cse2 .cse13 .cse14 .cse15 .cse16) (let ((.cse18 (= 2 ~waterLevel~0))) (or .cse1 .cse2 .cse15 (and .cse4 .cse5 .cse17 .cse6) (and .cse4 .cse18 .cse19 .cse6) .cse16 (and .cse20 .cse18 .cse19 .cse6))) (or .cse1 (and .cse4 .cse6) .cse21) (or .cse1 .cse19 .cse14 .cse16 .cse21) (or .cse0 .cse2 .cse13 .cse3 .cse22 (and .cse23 .cse5 .cse9 .cse24 .cse25 .cse26 .cse6 .cse11 .cse27) .cse28) (or .cse2 .cse13 .cse14 .cse3 .cse16 (and .cse23 .cse7 .cse9 .cse24 .cse25 .cse26 .cse10 .cse11 .cse27)) (or .cse0 (and .cse8 .cse4 .cse5 .cse9 .cse6 .cse11 .cse12) .cse2 .cse13 .cse15 .cse29 .cse28) (or .cse30 .cse2 .cse13 .cse3 .cse22 .cse28) (or (and .cse4 .cse19 .cse6) .cse1 .cse2 .cse3 (and .cse20 .cse19 .cse6) .cse16 (not (<= 2 |old(~waterLevel~0)|))) (or .cse30 .cse2 .cse13 .cse15 .cse29 .cse28)))) [2022-11-02 19:51:17,893 INFO L899 garLoopResultBuilder]: For program point L436(lines 436 442) no Hoare annotation was computed. [2022-11-02 19:51:17,893 INFO L899 garLoopResultBuilder]: For program point L436-1(lines 436 442) no Hoare annotation was computed. [2022-11-02 19:51:17,894 INFO L895 garLoopResultBuilder]: At program point L366(lines 362 368) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 19:51:17,894 INFO L895 garLoopResultBuilder]: At program point L77(lines 73 79) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 19:51:17,894 INFO L895 garLoopResultBuilder]: At program point L461(lines 416 463) the Hoare annotation is: (let ((.cse6 (<= 1 ~methaneLevelCritical~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse6 .cse7 .cse3 .cse4) (and .cse0 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse4 (= 0 ~systemActive~0)) (and .cse5 .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse2 .cse7 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse5 .cse2 .cse7 .cse3 .cse4))) [2022-11-02 19:51:17,894 INFO L895 garLoopResultBuilder]: At program point L428(line 428) the Hoare annotation is: (let ((.cse6 (<= 1 ~methaneLevelCritical~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse6 .cse7 .cse3 .cse4) (and .cse0 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse4 (= 0 ~systemActive~0)) (and .cse5 .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse2 .cse7 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse5 .cse2 .cse7 .cse3 .cse4))) [2022-11-02 19:51:17,895 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-02 19:51:17,895 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-02 19:51:17,895 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-02 19:51:17,895 INFO L902 garLoopResultBuilder]: At program point L379(lines 371 381) the Hoare annotation is: true [2022-11-02 19:51:17,895 INFO L895 garLoopResultBuilder]: At program point L301(lines 289 303) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= 0 ~systemActive~0)) [2022-11-02 19:51:17,895 INFO L899 garLoopResultBuilder]: For program point L392(lines 392 399) no Hoare annotation was computed. [2022-11-02 19:51:17,895 INFO L899 garLoopResultBuilder]: For program point L392-2(lines 392 399) no Hoare annotation was computed. [2022-11-02 19:51:17,896 INFO L899 garLoopResultBuilder]: For program point L293(lines 293 299) no Hoare annotation was computed. [2022-11-02 19:51:17,896 INFO L899 garLoopResultBuilder]: For program point L293-1(lines 293 299) no Hoare annotation was computed. [2022-11-02 19:51:17,896 INFO L899 garLoopResultBuilder]: For program point L417(lines 416 463) no Hoare annotation was computed. [2022-11-02 19:51:17,896 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-02 19:51:17,896 INFO L899 garLoopResultBuilder]: For program point L446(lines 446 459) no Hoare annotation was computed. [2022-11-02 19:51:17,897 INFO L895 garLoopResultBuilder]: At program point L438(line 438) the Hoare annotation is: (let ((.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse2 (< 1 ~waterLevel~0)) (.cse5 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse8 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse1 .cse3 .cse4 .cse5) (and .cse0 .cse7 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse4 (= 0 ~systemActive~0)) (and .cse6 (= 2 ~waterLevel~0) .cse7 .cse3 .cse4) (and .cse0 .cse7 .cse8 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse6 .cse7 .cse8 .cse3 .cse4))) [2022-11-02 19:51:17,898 INFO L902 garLoopResultBuilder]: At program point L467(lines 406 471) the Hoare annotation is: true [2022-11-02 19:51:17,898 INFO L902 garLoopResultBuilder]: At program point L401(lines 382 404) the Hoare annotation is: true [2022-11-02 19:51:17,898 INFO L899 garLoopResultBuilder]: For program point L426(lines 426 432) no Hoare annotation was computed. [2022-11-02 19:51:17,898 INFO L899 garLoopResultBuilder]: For program point L426-1(lines 426 432) no Hoare annotation was computed. [2022-11-02 19:51:17,899 INFO L899 garLoopResultBuilder]: For program point L418(lines 418 422) no Hoare annotation was computed. [2022-11-02 19:51:17,899 INFO L895 garLoopResultBuilder]: At program point L480(lines 475 482) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 19:51:17,899 INFO L895 garLoopResultBuilder]: At program point L92(lines 87 95) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 19:51:17,900 INFO L895 garLoopResultBuilder]: At program point L84(lines 80 86) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 19:51:17,902 INFO L895 garLoopResultBuilder]: At program point L464(lines 415 465) the Hoare annotation is: false [2022-11-02 19:51:17,902 INFO L895 garLoopResultBuilder]: At program point L295(line 295) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (= 1 ~systemActive~0) .cse0) (and (<= 2 ~waterLevel~0) .cse0 (not (= 0 ~systemActive~0))))) [2022-11-02 19:51:17,902 INFO L899 garLoopResultBuilder]: For program point L452(lines 452 458) no Hoare annotation was computed. [2022-11-02 19:51:17,904 INFO L895 garLoopResultBuilder]: At program point L452-2(lines 446 459) the Hoare annotation is: (let ((.cse2 (< 1 ~waterLevel~0)) (.cse5 (<= ~waterLevel~0 2)) (.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse8 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse1 .cse3 .cse4 .cse5) (and .cse0 .cse7 .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse8 .cse3 .cse4 .cse9) (and .cse6 .cse4 (= 0 ~systemActive~0)) (and .cse6 (= 2 ~waterLevel~0) .cse7 .cse3 .cse4) (and .cse0 .cse7 .cse8 .cse3 .cse4 .cse9) (and .cse6 .cse7 .cse8 .cse3 .cse4))) [2022-11-02 19:51:17,904 INFO L895 garLoopResultBuilder]: At program point L161(line 161) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) .cse2 .cse3) (or .cse0 .cse1 .cse4 .cse2 .cse3) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 19:51:17,905 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 147 171) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse3 (not (<= 2 ~waterLevel~0))) (.cse7 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse6 (not (<= ~waterLevel~0 1)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse1 .cse2 .cse4 .cse6) (or .cse0 .cse1 .cse2 .cse7 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse7 .cse5) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 .cse6 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 19:51:17,905 INFO L895 garLoopResultBuilder]: At program point L285(lines 270 288) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0)) (.cse8 (= 1 ~systemActive~0))) (let ((.cse4 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not .cse8)) (.cse3 (= 2 ~waterLevel~0)) (.cse7 (not (= ~methaneLevelCritical~0 0))) (.cse6 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~2#1| 0)) .cse1 .cse8 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)))) (and (or .cse0 .cse1 .cse2 (not .cse3) .cse4) (or .cse0 .cse2 .cse4 .cse5 .cse6) (or .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse7 .cse5 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse2 (and .cse1 .cse3) .cse7 (not (<= ~waterLevel~0 2)) .cse6)))) [2022-11-02 19:51:17,905 INFO L899 garLoopResultBuilder]: For program point L155(lines 155 163) no Hoare annotation was computed. [2022-11-02 19:51:17,905 INFO L899 garLoopResultBuilder]: For program point L151(lines 151 168) no Hoare annotation was computed. [2022-11-02 19:51:17,905 INFO L899 garLoopResultBuilder]: For program point L279(lines 279 283) no Hoare annotation was computed. [2022-11-02 19:51:17,906 INFO L899 garLoopResultBuilder]: For program point L279-2(lines 279 283) no Hoare annotation was computed. [2022-11-02 19:51:17,906 INFO L895 garLoopResultBuilder]: At program point L977(lines 968 981) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0))) (let ((.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse6 (and .cse1 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)))) (.cse7 (not (<= ~waterLevel~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 2 ~waterLevel~0))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse6 .cse4 .cse7) (or .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 .cse7 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse2 .cse6 .cse8 .cse7) (or .cse0 .cse1 .cse2 .cse3 .cse8 .cse5)))) [2022-11-02 19:51:17,906 INFO L895 garLoopResultBuilder]: At program point L203(lines 198 205) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse3 (not (<= ~waterLevel~0 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 ~methaneLevelCritical~0)) .cse3) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse2 .cse4 .cse3))) [2022-11-02 19:51:17,906 INFO L895 garLoopResultBuilder]: At program point L166(line 166) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) .cse2) (or .cse0 .cse1 .cse3 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse3 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 19:51:17,907 INFO L899 garLoopResultBuilder]: For program point L166-1(lines 147 171) no Hoare annotation was computed. [2022-11-02 19:51:17,907 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 147 171) no Hoare annotation was computed. [2022-11-02 19:51:17,907 INFO L899 garLoopResultBuilder]: For program point L972(lines 972 978) no Hoare annotation was computed. [2022-11-02 19:51:17,907 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 903 914) no Hoare annotation was computed. [2022-11-02 19:51:17,907 INFO L899 garLoopResultBuilder]: For program point L907-1(lines 903 914) no Hoare annotation was computed. [2022-11-02 19:51:17,908 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 903 914) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~methaneLevelCritical~0))) (.cse6 (not (= ~pumpRunning~0 0))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 ~pumpRunning~0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 (not (= |old(~waterLevel~0)| 2)) .cse3) (or .cse0 .cse4 .cse2 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse6 .cse0 .cse1 .cse3 .cse5) (or .cse6 .cse3 (not (= 0 ~systemActive~0))) (or .cse6 .cse0 .cse4 .cse3 .cse5) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse4 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 19:51:17,908 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 225 233) no Hoare annotation was computed. [2022-11-02 19:51:17,908 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 225 233) the Hoare annotation is: true [2022-11-02 19:51:17,909 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 225 233) no Hoare annotation was computed. [2022-11-02 19:51:17,912 INFO L444 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 19:51:17,915 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-02 19:51:17,997 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 02.11 07:51:17 BoogieIcfgContainer [2022-11-02 19:51:17,997 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-02 19:51:17,998 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-02 19:51:17,998 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-02 19:51:17,999 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-02 19:51:17,999 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 07:50:45" (3/4) ... [2022-11-02 19:51:18,002 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-02 19:51:18,009 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-02 19:51:18,009 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-02 19:51:18,009 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-02 19:51:18,009 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-02 19:51:18,009 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-02 19:51:18,010 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 19:51:18,010 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-02 19:51:18,010 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-02 19:51:18,024 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 52 nodes and edges [2022-11-02 19:51:18,024 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-11-02 19:51:18,025 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-11-02 19:51:18,025 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-02 19:51:18,026 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-02 19:51:18,026 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-02 19:51:18,027 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-02 19:51:18,058 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 19:51:18,059 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-02 19:51:18,060 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || (((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && !(2 <= tmp)) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && waterLevel <= 1) && 1 == systemActive) && tmp < 2) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2))) && ((((!(\old(pumpRunning) == 0) || !(1 < \old(waterLevel))) || (2 == \result && tmp == 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(methaneLevelCritical == 0)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 19:51:18,061 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-02 19:51:18,061 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-02 19:51:18,062 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel)) && (((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || ((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result))) && ((((((!(\old(waterLevel) <= 1) || ((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 19:51:18,062 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-02 19:51:18,063 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-02 19:51:18,063 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1))) && (((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) [2022-11-02 19:51:18,063 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 == waterLevel)) || !(1 <= methaneLevelCritical)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0)) [2022-11-02 19:51:18,064 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) [2022-11-02 19:51:18,107 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/witness.graphml [2022-11-02 19:51:18,108 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-02 19:51:18,108 INFO L158 Benchmark]: Toolchain (without parser) took 33816.27ms. Allocated memory was 96.5MB in the beginning and 312.5MB in the end (delta: 216.0MB). Free memory was 72.8MB in the beginning and 244.0MB in the end (delta: -171.2MB). Peak memory consumption was 44.5MB. Max. memory is 16.1GB. [2022-11-02 19:51:18,109 INFO L158 Benchmark]: CDTParser took 0.34ms. Allocated memory is still 96.5MB. Free memory was 66.6MB in the beginning and 66.6MB in the end (delta: 45.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-02 19:51:18,109 INFO L158 Benchmark]: CACSL2BoogieTranslator took 597.38ms. Allocated memory is still 96.5MB. Free memory was 72.5MB in the beginning and 62.3MB in the end (delta: 10.2MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-11-02 19:51:18,110 INFO L158 Benchmark]: Boogie Procedure Inliner took 99.94ms. Allocated memory is still 96.5MB. Free memory was 62.1MB in the beginning and 59.7MB in the end (delta: 2.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-02 19:51:18,110 INFO L158 Benchmark]: Boogie Preprocessor took 74.08ms. Allocated memory is still 96.5MB. Free memory was 59.7MB in the beginning and 58.0MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-02 19:51:18,111 INFO L158 Benchmark]: RCFGBuilder took 663.89ms. Allocated memory is still 96.5MB. Free memory was 58.0MB in the beginning and 39.1MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-02 19:51:18,112 INFO L158 Benchmark]: TraceAbstraction took 32263.17ms. Allocated memory was 96.5MB in the beginning and 312.5MB in the end (delta: 216.0MB). Free memory was 38.4MB in the beginning and 250.3MB in the end (delta: -211.9MB). Peak memory consumption was 159.4MB. Max. memory is 16.1GB. [2022-11-02 19:51:18,112 INFO L158 Benchmark]: Witness Printer took 109.58ms. Allocated memory is still 312.5MB. Free memory was 250.3MB in the beginning and 244.0MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-02 19:51:18,115 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.34ms. Allocated memory is still 96.5MB. Free memory was 66.6MB in the beginning and 66.6MB in the end (delta: 45.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 597.38ms. Allocated memory is still 96.5MB. Free memory was 72.5MB in the beginning and 62.3MB in the end (delta: 10.2MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 99.94ms. Allocated memory is still 96.5MB. Free memory was 62.1MB in the beginning and 59.7MB in the end (delta: 2.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 74.08ms. Allocated memory is still 96.5MB. Free memory was 59.7MB in the beginning and 58.0MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 663.89ms. Allocated memory is still 96.5MB. Free memory was 58.0MB in the beginning and 39.1MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 32263.17ms. Allocated memory was 96.5MB in the beginning and 312.5MB in the end (delta: 216.0MB). Free memory was 38.4MB in the beginning and 250.3MB in the end (delta: -211.9MB). Peak memory consumption was 159.4MB. Max. memory is 16.1GB. * Witness Printer took 109.58ms. Allocated memory is still 312.5MB. Free memory was 250.3MB in the beginning and 244.0MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 97 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 32.1s, OverallIterations: 13, TraceHistogramMax: 5, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.1s, AutomataDifference: 8.1s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 16.4s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 3195 SdHoareTripleChecker+Valid, 4.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 3143 mSDsluCounter, 5882 SdHoareTripleChecker+Invalid, 3.7s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4055 mSDsCounter, 1210 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 4284 IncrementalHoareTripleChecker+Invalid, 5494 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1210 mSolverCounterUnsat, 1827 mSDtfsCounter, 4284 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1101 GetRequests, 880 SyntacticMatches, 10 SemanticMatches, 211 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1515 ImplicationChecksByTransitivity, 2.9s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1101occurred in iteration=11, InterpolantAutomatonStates: 176, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.9s AutomataMinimizationTime, 13 MinimizatonAttempts, 443 StatesRemovedByMinimization, 10 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 45 LocationsWithAnnotation, 3262 PreInvPairs, 3716 NumberOfFragments, 6464 HoareAnnotationTreeSize, 3262 FomulaSimplifications, 8247 FormulaSimplificationTreeSizeReduction, 1.6s HoareSimplificationTime, 45 FomulaSimplificationsInter, 48935 FormulaSimplificationTreeSizeReductionInter, 14.6s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.5s SatisfiabilityAnalysisTime, 4.6s InterpolantComputationTime, 1479 NumberOfCodeBlocks, 1479 NumberOfCodeBlocksAsserted, 17 NumberOfCheckSat, 1726 ConstructedInterpolants, 0 QuantifiedInterpolants, 3493 SizeOfPredicates, 11 NumberOfNonLiveVariables, 1808 ConjunctsInSsa, 28 ConjunctsInUnsatCore, 18 InterpolantComputations, 11 PerfectInterpolantSequences, 1165/1258 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 80]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 416]: Loop Invariant Derived loop invariant: ((((((((((1 <= pumpRunning && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0)) || ((((1 <= pumpRunning && 1 <= methaneLevelCritical) && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || ((pumpRunning == 0 && splverifierCounter == 0) && 0 == systemActive)) || ((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0)) || (((((1 <= pumpRunning && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS)) || ((((pumpRunning == 0 && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 371]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 493]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || (((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && !(2 <= tmp)) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && waterLevel <= 1) && 1 == systemActive) && tmp < 2) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2))) && ((((!(\old(pumpRunning) == 0) || !(1 < \old(waterLevel))) || (2 == \result && tmp == 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(methaneLevelCritical == 0)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 289]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && splverifierCounter == 0) && 0 == systemActive - InvariantResult [Line: 927]: Loop Invariant Derived loop invariant: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 415]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 968]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1))) && (((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) - InvariantResult [Line: 198]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) - InvariantResult [Line: 959]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel)) && (((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || ((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result))) && ((((((!(\old(waterLevel) <= 1) || ((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 382]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 316]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 73]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 362]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 214]: Loop Invariant Derived loop invariant: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 87]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: ((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 406]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 483]: Loop Invariant Derived loop invariant: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 475]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 891]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 173]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 306]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 270]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 == waterLevel)) || !(1 <= methaneLevelCritical)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0)) RESULT: Ultimate proved your program to be correct! [2022-11-02 19:51:18,203 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c63f89b-1776-4f18-8525-ebb0941ed6b9/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE