./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 5e519f3a Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 7bcd24ea8f621c8db79e853f5aaf064ffcae573e6c1e9f03eb1f84bb0c15fc3c --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-5e519f3 [2022-11-02 20:56:28,966 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-02 20:56:28,968 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-02 20:56:28,995 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-02 20:56:28,995 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-02 20:56:28,996 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-02 20:56:28,998 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-02 20:56:28,999 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-02 20:56:29,001 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-02 20:56:29,002 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-02 20:56:29,003 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-02 20:56:29,012 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-02 20:56:29,012 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-02 20:56:29,013 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-02 20:56:29,014 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-02 20:56:29,016 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-02 20:56:29,016 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-02 20:56:29,017 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-02 20:56:29,019 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-02 20:56:29,021 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-02 20:56:29,022 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-02 20:56:29,023 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-02 20:56:29,024 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-02 20:56:29,025 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-02 20:56:29,029 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-02 20:56:29,029 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-02 20:56:29,030 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-02 20:56:29,031 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-02 20:56:29,031 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-02 20:56:29,032 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-02 20:56:29,032 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-02 20:56:29,033 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-02 20:56:29,034 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-02 20:56:29,035 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-02 20:56:29,036 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-02 20:56:29,036 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-02 20:56:29,037 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-02 20:56:29,037 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-02 20:56:29,038 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-02 20:56:29,039 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-02 20:56:29,039 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-02 20:56:29,040 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-02 20:56:29,071 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-02 20:56:29,071 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-02 20:56:29,077 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-02 20:56:29,079 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-02 20:56:29,080 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-02 20:56:29,080 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-02 20:56:29,081 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-02 20:56:29,081 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-02 20:56:29,081 INFO L138 SettingsManager]: * Use SBE=true [2022-11-02 20:56:29,082 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-02 20:56:29,083 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-02 20:56:29,083 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-02 20:56:29,083 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-02 20:56:29,084 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-02 20:56:29,084 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-02 20:56:29,084 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-02 20:56:29,084 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-02 20:56:29,084 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-02 20:56:29,084 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-02 20:56:29,085 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-02 20:56:29,085 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-02 20:56:29,085 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-02 20:56:29,085 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-02 20:56:29,086 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-02 20:56:29,086 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-02 20:56:29,086 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-02 20:56:29,091 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-02 20:56:29,092 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-02 20:56:29,092 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-02 20:56:29,092 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-02 20:56:29,092 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-02 20:56:29,092 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-02 20:56:29,093 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-02 20:56:29,093 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 7bcd24ea8f621c8db79e853f5aaf064ffcae573e6c1e9f03eb1f84bb0c15fc3c [2022-11-02 20:56:29,380 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-02 20:56:29,405 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-02 20:56:29,408 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-02 20:56:29,409 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-02 20:56:29,410 INFO L275 PluginConnector]: CDTParser initialized [2022-11-02 20:56:29,412 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/../../sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c [2022-11-02 20:56:29,514 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/data/489d0f237/2d2c943306ea424499263cf74fa95bc3/FLAG34d57d1b2 [2022-11-02 20:56:30,015 INFO L306 CDTParser]: Found 1 translation units. [2022-11-02 20:56:30,020 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c [2022-11-02 20:56:30,031 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/data/489d0f237/2d2c943306ea424499263cf74fa95bc3/FLAG34d57d1b2 [2022-11-02 20:56:30,352 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/data/489d0f237/2d2c943306ea424499263cf74fa95bc3 [2022-11-02 20:56:30,355 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-02 20:56:30,356 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-02 20:56:30,361 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-02 20:56:30,361 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-02 20:56:30,365 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-02 20:56:30,366 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:30,369 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@228185a8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30, skipping insertion in model container [2022-11-02 20:56:30,369 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:30,376 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-02 20:56:30,438 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-02 20:56:30,775 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c[8146,8159] [2022-11-02 20:56:30,869 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-02 20:56:30,884 INFO L203 MainTranslator]: Completed pre-run [2022-11-02 20:56:30,934 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c[8146,8159] [2022-11-02 20:56:30,965 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-02 20:56:30,982 INFO L208 MainTranslator]: Completed translation [2022-11-02 20:56:30,983 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30 WrapperNode [2022-11-02 20:56:30,983 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-02 20:56:30,985 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-02 20:56:30,986 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-02 20:56:30,986 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-02 20:56:30,993 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,007 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,036 INFO L138 Inliner]: procedures = 60, calls = 164, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 294 [2022-11-02 20:56:31,036 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-02 20:56:31,037 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-02 20:56:31,037 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-02 20:56:31,037 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-02 20:56:31,046 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,046 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,049 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,050 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,056 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,061 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,062 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,064 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,067 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-02 20:56:31,068 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-02 20:56:31,068 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-02 20:56:31,068 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-02 20:56:31,069 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (1/1) ... [2022-11-02 20:56:31,088 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-02 20:56:31,108 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 20:56:31,120 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-02 20:56:31,128 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-02 20:56:31,167 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-02 20:56:31,167 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-02 20:56:31,167 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-02 20:56:31,168 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-02 20:56:31,168 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-02 20:56:31,168 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-02 20:56:31,168 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-02 20:56:31,170 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 20:56:31,171 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 20:56:31,171 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-02 20:56:31,172 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-02 20:56:31,172 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-02 20:56:31,172 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-02 20:56:31,172 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-02 20:56:31,172 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-02 20:56:31,172 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-02 20:56:31,172 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-02 20:56:31,173 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-02 20:56:31,173 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-02 20:56:31,173 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-02 20:56:31,173 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-02 20:56:31,173 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-02 20:56:31,251 INFO L235 CfgBuilder]: Building ICFG [2022-11-02 20:56:31,253 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-02 20:56:31,687 INFO L276 CfgBuilder]: Performing block encoding [2022-11-02 20:56:31,699 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-02 20:56:31,699 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-02 20:56:31,702 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 08:56:31 BoogieIcfgContainer [2022-11-02 20:56:31,702 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-02 20:56:31,704 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-02 20:56:31,704 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-02 20:56:31,711 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-02 20:56:31,711 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 02.11 08:56:30" (1/3) ... [2022-11-02 20:56:31,712 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@d8f9583 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.11 08:56:31, skipping insertion in model container [2022-11-02 20:56:31,713 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:56:30" (2/3) ... [2022-11-02 20:56:31,713 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@d8f9583 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.11 08:56:31, skipping insertion in model container [2022-11-02 20:56:31,713 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 08:56:31" (3/3) ... [2022-11-02 20:56:31,714 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product56.cil.c [2022-11-02 20:56:31,738 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-02 20:56:31,738 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-02 20:56:31,793 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-02 20:56:31,800 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@240cc2f0, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-02 20:56:31,800 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-02 20:56:31,805 INFO L276 IsEmpty]: Start isEmpty. Operand has 110 states, 82 states have (on average 1.3658536585365855) internal successors, (112), 93 states have internal predecessors, (112), 17 states have call successors, (17), 9 states have call predecessors, (17), 9 states have return successors, (17), 12 states have call predecessors, (17), 17 states have call successors, (17) [2022-11-02 20:56:31,816 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-02 20:56:31,816 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:31,817 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:31,817 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:31,822 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:31,823 INFO L85 PathProgramCache]: Analyzing trace with hash 2077500872, now seen corresponding path program 1 times [2022-11-02 20:56:31,832 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:31,833 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1782714528] [2022-11-02 20:56:31,833 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:31,834 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:31,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-02 20:56:32,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,071 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-02 20:56:32,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,094 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:56:32,094 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:32,095 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1782714528] [2022-11-02 20:56:32,096 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1782714528] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:32,096 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:32,096 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-02 20:56:32,098 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [540941904] [2022-11-02 20:56:32,121 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:32,125 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-02 20:56:32,125 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:32,168 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-02 20:56:32,169 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-02 20:56:32,173 INFO L87 Difference]: Start difference. First operand has 110 states, 82 states have (on average 1.3658536585365855) internal successors, (112), 93 states have internal predecessors, (112), 17 states have call successors, (17), 9 states have call predecessors, (17), 9 states have return successors, (17), 12 states have call predecessors, (17), 17 states have call successors, (17) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:56:32,228 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:32,228 INFO L93 Difference]: Finished difference Result 211 states and 286 transitions. [2022-11-02 20:56:32,229 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-02 20:56:32,231 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-02 20:56:32,231 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:32,244 INFO L225 Difference]: With dead ends: 211 [2022-11-02 20:56:32,244 INFO L226 Difference]: Without dead ends: 101 [2022-11-02 20:56:32,248 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-02 20:56:32,252 INFO L413 NwaCegarLoop]: 140 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 140 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:32,253 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 140 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 20:56:32,270 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 101 states. [2022-11-02 20:56:32,296 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 101 to 101. [2022-11-02 20:56:32,298 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 101 states, 75 states have (on average 1.3066666666666666) internal successors, (98), 85 states have internal predecessors, (98), 17 states have call successors, (17), 9 states have call predecessors, (17), 8 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-02 20:56:32,300 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 101 states to 101 states and 131 transitions. [2022-11-02 20:56:32,302 INFO L78 Accepts]: Start accepts. Automaton has 101 states and 131 transitions. Word has length 32 [2022-11-02 20:56:32,303 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:32,303 INFO L495 AbstractCegarLoop]: Abstraction has 101 states and 131 transitions. [2022-11-02 20:56:32,303 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:56:32,304 INFO L276 IsEmpty]: Start isEmpty. Operand 101 states and 131 transitions. [2022-11-02 20:56:32,306 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-11-02 20:56:32,306 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:32,307 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:32,307 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-02 20:56:32,307 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:32,308 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:32,308 INFO L85 PathProgramCache]: Analyzing trace with hash 604529845, now seen corresponding path program 1 times [2022-11-02 20:56:32,308 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:32,309 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [275268443] [2022-11-02 20:56:32,309 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:32,309 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:32,372 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-02 20:56:32,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-11-02 20:56:32,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,532 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:56:32,534 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:32,535 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [275268443] [2022-11-02 20:56:32,535 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [275268443] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:32,536 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:32,536 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-02 20:56:32,536 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [394580637] [2022-11-02 20:56:32,537 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:32,538 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-02 20:56:32,540 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:32,541 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-02 20:56:32,541 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:56:32,541 INFO L87 Difference]: Start difference. First operand 101 states and 131 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:56:32,561 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:32,562 INFO L93 Difference]: Finished difference Result 162 states and 210 transitions. [2022-11-02 20:56:32,562 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-02 20:56:32,562 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-11-02 20:56:32,563 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:32,564 INFO L225 Difference]: With dead ends: 162 [2022-11-02 20:56:32,564 INFO L226 Difference]: Without dead ends: 92 [2022-11-02 20:56:32,565 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:56:32,566 INFO L413 NwaCegarLoop]: 118 mSDtfsCounter, 17 mSDsluCounter, 96 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 214 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:32,567 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 214 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 20:56:32,568 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 92 states. [2022-11-02 20:56:32,577 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 92 to 92. [2022-11-02 20:56:32,577 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 92 states, 69 states have (on average 1.318840579710145) internal successors, (91), 79 states have internal predecessors, (91), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 9 states have call predecessors, (14), 14 states have call successors, (14) [2022-11-02 20:56:32,579 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 92 states to 92 states and 119 transitions. [2022-11-02 20:56:32,579 INFO L78 Accepts]: Start accepts. Automaton has 92 states and 119 transitions. Word has length 33 [2022-11-02 20:56:32,579 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:32,580 INFO L495 AbstractCegarLoop]: Abstraction has 92 states and 119 transitions. [2022-11-02 20:56:32,580 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:56:32,580 INFO L276 IsEmpty]: Start isEmpty. Operand 92 states and 119 transitions. [2022-11-02 20:56:32,582 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-11-02 20:56:32,582 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:32,582 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:32,582 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-02 20:56:32,583 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:32,583 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:32,584 INFO L85 PathProgramCache]: Analyzing trace with hash -1594505260, now seen corresponding path program 1 times [2022-11-02 20:56:32,584 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:32,584 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [268930388] [2022-11-02 20:56:32,584 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:32,585 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:32,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-02 20:56:32,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,673 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-11-02 20:56:32,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:32,677 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:56:32,677 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:32,678 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [268930388] [2022-11-02 20:56:32,678 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [268930388] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:32,678 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:32,678 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-02 20:56:32,678 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1893007697] [2022-11-02 20:56:32,679 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:32,679 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-02 20:56:32,679 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:32,680 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-02 20:56:32,680 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:56:32,680 INFO L87 Difference]: Start difference. First operand 92 states and 119 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-02 20:56:32,720 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:32,720 INFO L93 Difference]: Finished difference Result 258 states and 340 transitions. [2022-11-02 20:56:32,720 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-02 20:56:32,721 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-11-02 20:56:32,721 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:32,723 INFO L225 Difference]: With dead ends: 258 [2022-11-02 20:56:32,723 INFO L226 Difference]: Without dead ends: 174 [2022-11-02 20:56:32,724 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:56:32,726 INFO L413 NwaCegarLoop]: 146 mSDtfsCounter, 107 mSDsluCounter, 106 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 107 SdHoareTripleChecker+Valid, 252 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:32,726 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [107 Valid, 252 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 20:56:32,727 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 174 states. [2022-11-02 20:56:32,747 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 174 to 171. [2022-11-02 20:56:32,748 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 126 states have (on average 1.3412698412698412) internal successors, (169), 145 states have internal predecessors, (169), 28 states have call successors, (28), 16 states have call predecessors, (28), 16 states have return successors, (28), 17 states have call predecessors, (28), 28 states have call successors, (28) [2022-11-02 20:56:32,750 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 225 transitions. [2022-11-02 20:56:32,751 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 225 transitions. Word has length 38 [2022-11-02 20:56:32,751 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:32,751 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 225 transitions. [2022-11-02 20:56:32,752 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-02 20:56:32,752 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 225 transitions. [2022-11-02 20:56:32,754 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-11-02 20:56:32,754 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:32,754 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:32,755 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-02 20:56:32,755 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:32,755 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:32,756 INFO L85 PathProgramCache]: Analyzing trace with hash -969732780, now seen corresponding path program 1 times [2022-11-02 20:56:32,756 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:32,756 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1232380110] [2022-11-02 20:56:32,756 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:32,757 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:32,815 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-02 20:56:33,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-11-02 20:56:33,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,081 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-02 20:56:33,081 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:33,082 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1232380110] [2022-11-02 20:56:33,082 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1232380110] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:33,082 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:33,082 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 20:56:33,082 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1947752165] [2022-11-02 20:56:33,084 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:33,084 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 20:56:33,085 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:33,085 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 20:56:33,086 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 20:56:33,086 INFO L87 Difference]: Start difference. First operand 171 states and 225 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:56:33,305 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:33,306 INFO L93 Difference]: Finished difference Result 445 states and 602 transitions. [2022-11-02 20:56:33,307 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-02 20:56:33,307 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-11-02 20:56:33,307 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:33,312 INFO L225 Difference]: With dead ends: 445 [2022-11-02 20:56:33,313 INFO L226 Difference]: Without dead ends: 282 [2022-11-02 20:56:33,315 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-02 20:56:33,316 INFO L413 NwaCegarLoop]: 133 mSDtfsCounter, 57 mSDsluCounter, 435 mSDsCounter, 0 mSdLazyCounter, 78 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 58 SdHoareTripleChecker+Valid, 568 SdHoareTripleChecker+Invalid, 91 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 78 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:33,317 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [58 Valid, 568 Invalid, 91 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 78 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-02 20:56:33,318 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 282 states. [2022-11-02 20:56:33,348 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 282 to 269. [2022-11-02 20:56:33,352 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 269 states, 200 states have (on average 1.29) internal successors, (258), 217 states have internal predecessors, (258), 38 states have call successors, (38), 30 states have call predecessors, (38), 30 states have return successors, (50), 33 states have call predecessors, (50), 38 states have call successors, (50) [2022-11-02 20:56:33,356 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 269 states to 269 states and 346 transitions. [2022-11-02 20:56:33,360 INFO L78 Accepts]: Start accepts. Automaton has 269 states and 346 transitions. Word has length 41 [2022-11-02 20:56:33,361 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:33,361 INFO L495 AbstractCegarLoop]: Abstraction has 269 states and 346 transitions. [2022-11-02 20:56:33,361 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:56:33,362 INFO L276 IsEmpty]: Start isEmpty. Operand 269 states and 346 transitions. [2022-11-02 20:56:33,364 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-02 20:56:33,368 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:33,369 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:33,369 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-02 20:56:33,369 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:33,370 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:33,370 INFO L85 PathProgramCache]: Analyzing trace with hash -1724941251, now seen corresponding path program 1 times [2022-11-02 20:56:33,370 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:33,371 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1657920424] [2022-11-02 20:56:33,371 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:33,371 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:33,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-02 20:56:33,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-02 20:56:33,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:33,568 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-11-02 20:56:33,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:33,613 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:56:33,613 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:33,613 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1657920424] [2022-11-02 20:56:33,614 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1657920424] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:33,614 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:33,614 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 20:56:33,615 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1856782389] [2022-11-02 20:56:33,616 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:33,617 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 20:56:33,617 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:33,618 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 20:56:33,618 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 20:56:33,619 INFO L87 Difference]: Start difference. First operand 269 states and 346 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:56:34,015 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:34,016 INFO L93 Difference]: Finished difference Result 853 states and 1148 transitions. [2022-11-02 20:56:34,016 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-11-02 20:56:34,017 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 57 [2022-11-02 20:56:34,017 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:34,021 INFO L225 Difference]: With dead ends: 853 [2022-11-02 20:56:34,025 INFO L226 Difference]: Without dead ends: 592 [2022-11-02 20:56:34,027 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 19 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=45, Invalid=111, Unknown=0, NotChecked=0, Total=156 [2022-11-02 20:56:34,029 INFO L413 NwaCegarLoop]: 130 mSDtfsCounter, 193 mSDsluCounter, 343 mSDsCounter, 0 mSdLazyCounter, 190 mSolverCounterSat, 58 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 199 SdHoareTripleChecker+Valid, 473 SdHoareTripleChecker+Invalid, 248 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 58 IncrementalHoareTripleChecker+Valid, 190 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:34,033 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [199 Valid, 473 Invalid, 248 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [58 Valid, 190 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-02 20:56:34,035 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 592 states. [2022-11-02 20:56:34,122 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 592 to 529. [2022-11-02 20:56:34,124 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 529 states, 396 states have (on average 1.2575757575757576) internal successors, (498), 418 states have internal predecessors, (498), 69 states have call successors, (69), 53 states have call predecessors, (69), 63 states have return successors, (107), 72 states have call predecessors, (107), 69 states have call successors, (107) [2022-11-02 20:56:34,129 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 529 states to 529 states and 674 transitions. [2022-11-02 20:56:34,130 INFO L78 Accepts]: Start accepts. Automaton has 529 states and 674 transitions. Word has length 57 [2022-11-02 20:56:34,130 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:34,130 INFO L495 AbstractCegarLoop]: Abstraction has 529 states and 674 transitions. [2022-11-02 20:56:34,131 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:56:34,131 INFO L276 IsEmpty]: Start isEmpty. Operand 529 states and 674 transitions. [2022-11-02 20:56:34,142 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-02 20:56:34,142 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:34,142 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:34,143 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-02 20:56:34,143 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:34,143 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:34,143 INFO L85 PathProgramCache]: Analyzing trace with hash 80497083, now seen corresponding path program 1 times [2022-11-02 20:56:34,144 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:34,144 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [39542074] [2022-11-02 20:56:34,144 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:34,144 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:34,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-02 20:56:34,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-02 20:56:34,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:34,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-11-02 20:56:34,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,276 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:56:34,276 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:34,276 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [39542074] [2022-11-02 20:56:34,276 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [39542074] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:34,276 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:34,277 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 20:56:34,277 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [136074015] [2022-11-02 20:56:34,277 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:34,277 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 20:56:34,277 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:34,278 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 20:56:34,278 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 20:56:34,278 INFO L87 Difference]: Start difference. First operand 529 states and 674 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-02 20:56:34,495 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:34,495 INFO L93 Difference]: Finished difference Result 1076 states and 1397 transitions. [2022-11-02 20:56:34,495 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-02 20:56:34,496 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 57 [2022-11-02 20:56:34,496 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:34,499 INFO L225 Difference]: With dead ends: 1076 [2022-11-02 20:56:34,499 INFO L226 Difference]: Without dead ends: 555 [2022-11-02 20:56:34,501 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-02 20:56:34,502 INFO L413 NwaCegarLoop]: 112 mSDtfsCounter, 74 mSDsluCounter, 340 mSDsCounter, 0 mSdLazyCounter, 139 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 77 SdHoareTripleChecker+Valid, 452 SdHoareTripleChecker+Invalid, 164 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 139 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:34,502 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [77 Valid, 452 Invalid, 164 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 139 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-02 20:56:34,504 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 555 states. [2022-11-02 20:56:34,546 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 555 to 541. [2022-11-02 20:56:34,548 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 541 states, 408 states have (on average 1.25) internal successors, (510), 430 states have internal predecessors, (510), 69 states have call successors, (69), 53 states have call predecessors, (69), 63 states have return successors, (107), 72 states have call predecessors, (107), 69 states have call successors, (107) [2022-11-02 20:56:34,551 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 541 states to 541 states and 686 transitions. [2022-11-02 20:56:34,552 INFO L78 Accepts]: Start accepts. Automaton has 541 states and 686 transitions. Word has length 57 [2022-11-02 20:56:34,552 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:34,552 INFO L495 AbstractCegarLoop]: Abstraction has 541 states and 686 transitions. [2022-11-02 20:56:34,552 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-02 20:56:34,552 INFO L276 IsEmpty]: Start isEmpty. Operand 541 states and 686 transitions. [2022-11-02 20:56:34,554 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-02 20:56:34,554 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:34,554 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:34,554 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-02 20:56:34,554 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:34,555 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:34,555 INFO L85 PathProgramCache]: Analyzing trace with hash 503198909, now seen corresponding path program 1 times [2022-11-02 20:56:34,555 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:34,555 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [980290965] [2022-11-02 20:56:34,555 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:34,555 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:34,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-02 20:56:34,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-02 20:56:34,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:34,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-11-02 20:56:34,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:34,731 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:56:34,731 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:34,731 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [980290965] [2022-11-02 20:56:34,731 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [980290965] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:34,731 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:34,731 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 20:56:34,732 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2075175553] [2022-11-02 20:56:34,732 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:34,732 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 20:56:34,732 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:34,733 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 20:56:34,733 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 20:56:34,733 INFO L87 Difference]: Start difference. First operand 541 states and 686 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:56:35,096 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:35,097 INFO L93 Difference]: Finished difference Result 996 states and 1286 transitions. [2022-11-02 20:56:35,097 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-11-02 20:56:35,097 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 57 [2022-11-02 20:56:35,097 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:35,100 INFO L225 Difference]: With dead ends: 996 [2022-11-02 20:56:35,100 INFO L226 Difference]: Without dead ends: 463 [2022-11-02 20:56:35,101 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2022-11-02 20:56:35,102 INFO L413 NwaCegarLoop]: 121 mSDtfsCounter, 250 mSDsluCounter, 336 mSDsCounter, 0 mSdLazyCounter, 188 mSolverCounterSat, 67 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 258 SdHoareTripleChecker+Valid, 457 SdHoareTripleChecker+Invalid, 255 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 67 IncrementalHoareTripleChecker+Valid, 188 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:35,103 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [258 Valid, 457 Invalid, 255 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [67 Valid, 188 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-02 20:56:35,104 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 463 states. [2022-11-02 20:56:35,135 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 463 to 447. [2022-11-02 20:56:35,136 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 447 states, 336 states have (on average 1.2291666666666667) internal successors, (413), 355 states have internal predecessors, (413), 58 states have call successors, (58), 44 states have call predecessors, (58), 52 states have return successors, (80), 59 states have call predecessors, (80), 58 states have call successors, (80) [2022-11-02 20:56:35,138 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 447 states to 447 states and 551 transitions. [2022-11-02 20:56:35,138 INFO L78 Accepts]: Start accepts. Automaton has 447 states and 551 transitions. Word has length 57 [2022-11-02 20:56:35,139 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:35,139 INFO L495 AbstractCegarLoop]: Abstraction has 447 states and 551 transitions. [2022-11-02 20:56:35,139 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:56:35,139 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 551 transitions. [2022-11-02 20:56:35,140 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2022-11-02 20:56:35,140 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:35,140 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:35,141 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-02 20:56:35,141 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:35,141 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:35,141 INFO L85 PathProgramCache]: Analyzing trace with hash 924671973, now seen corresponding path program 1 times [2022-11-02 20:56:35,141 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:35,142 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [969470403] [2022-11-02 20:56:35,142 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:35,142 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:35,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:35,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:56:35,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:35,365 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-11-02 20:56:35,367 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:35,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-11-02 20:56:35,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:35,396 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:35,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:35,405 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-11-02 20:56:35,407 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:35,408 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:56:35,408 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:35,408 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [969470403] [2022-11-02 20:56:35,408 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [969470403] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:35,409 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:35,409 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-02 20:56:35,409 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [123223871] [2022-11-02 20:56:35,409 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:35,409 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-02 20:56:35,409 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:35,410 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-02 20:56:35,410 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2022-11-02 20:56:35,410 INFO L87 Difference]: Start difference. First operand 447 states and 551 transitions. Second operand has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-02 20:56:36,789 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:36,790 INFO L93 Difference]: Finished difference Result 1669 states and 2221 transitions. [2022-11-02 20:56:36,790 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2022-11-02 20:56:36,790 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) Word has length 61 [2022-11-02 20:56:36,791 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:36,797 INFO L225 Difference]: With dead ends: 1669 [2022-11-02 20:56:36,797 INFO L226 Difference]: Without dead ends: 1344 [2022-11-02 20:56:36,799 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 47 GetRequests, 13 SyntacticMatches, 1 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 297 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=221, Invalid=969, Unknown=0, NotChecked=0, Total=1190 [2022-11-02 20:56:36,800 INFO L413 NwaCegarLoop]: 191 mSDtfsCounter, 624 mSDsluCounter, 772 mSDsCounter, 0 mSdLazyCounter, 1027 mSolverCounterSat, 244 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 634 SdHoareTripleChecker+Valid, 963 SdHoareTripleChecker+Invalid, 1271 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 244 IncrementalHoareTripleChecker+Valid, 1027 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:36,801 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [634 Valid, 963 Invalid, 1271 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [244 Valid, 1027 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-11-02 20:56:36,803 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1344 states. [2022-11-02 20:56:36,909 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1344 to 1190. [2022-11-02 20:56:36,911 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1190 states, 887 states have (on average 1.2232243517474635) internal successors, (1085), 944 states have internal predecessors, (1085), 160 states have call successors, (160), 118 states have call predecessors, (160), 142 states have return successors, (260), 162 states have call predecessors, (260), 160 states have call successors, (260) [2022-11-02 20:56:36,917 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1190 states to 1190 states and 1505 transitions. [2022-11-02 20:56:36,918 INFO L78 Accepts]: Start accepts. Automaton has 1190 states and 1505 transitions. Word has length 61 [2022-11-02 20:56:36,918 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:36,918 INFO L495 AbstractCegarLoop]: Abstraction has 1190 states and 1505 transitions. [2022-11-02 20:56:36,918 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-02 20:56:36,918 INFO L276 IsEmpty]: Start isEmpty. Operand 1190 states and 1505 transitions. [2022-11-02 20:56:36,920 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 92 [2022-11-02 20:56:36,921 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:36,921 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:36,921 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-02 20:56:36,921 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:36,921 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:36,922 INFO L85 PathProgramCache]: Analyzing trace with hash 798113011, now seen corresponding path program 1 times [2022-11-02 20:56:36,922 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:36,922 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1560133660] [2022-11-02 20:56:36,922 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:36,922 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:36,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:36,971 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:56:36,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:36,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-02 20:56:36,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:37,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 20:56:37,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,014 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:37,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,019 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-11-02 20:56:37,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-11-02 20:56:37,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,023 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-02 20:56:37,023 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:37,023 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1560133660] [2022-11-02 20:56:37,024 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1560133660] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:37,024 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:37,024 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-11-02 20:56:37,024 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1703766387] [2022-11-02 20:56:37,024 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:37,024 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-11-02 20:56:37,025 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:37,025 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-11-02 20:56:37,025 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2022-11-02 20:56:37,025 INFO L87 Difference]: Start difference. First operand 1190 states and 1505 transitions. Second operand has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 4 states have internal predecessors, (72), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-02 20:56:37,421 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:37,421 INFO L93 Difference]: Finished difference Result 2008 states and 2529 transitions. [2022-11-02 20:56:37,422 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-02 20:56:37,422 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 4 states have internal predecessors, (72), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) Word has length 91 [2022-11-02 20:56:37,422 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:37,426 INFO L225 Difference]: With dead ends: 2008 [2022-11-02 20:56:37,426 INFO L226 Difference]: Without dead ends: 826 [2022-11-02 20:56:37,429 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 31 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2022-11-02 20:56:37,430 INFO L413 NwaCegarLoop]: 153 mSDtfsCounter, 345 mSDsluCounter, 228 mSDsCounter, 0 mSdLazyCounter, 226 mSolverCounterSat, 135 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 354 SdHoareTripleChecker+Valid, 381 SdHoareTripleChecker+Invalid, 361 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 135 IncrementalHoareTripleChecker+Valid, 226 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:37,430 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [354 Valid, 381 Invalid, 361 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [135 Valid, 226 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-02 20:56:37,432 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 826 states. [2022-11-02 20:56:37,518 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 826 to 790. [2022-11-02 20:56:37,519 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 790 states, 594 states have (on average 1.2121212121212122) internal successors, (720), 633 states have internal predecessors, (720), 104 states have call successors, (104), 79 states have call predecessors, (104), 91 states have return successors, (155), 105 states have call predecessors, (155), 104 states have call successors, (155) [2022-11-02 20:56:37,523 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 790 states to 790 states and 979 transitions. [2022-11-02 20:56:37,524 INFO L78 Accepts]: Start accepts. Automaton has 790 states and 979 transitions. Word has length 91 [2022-11-02 20:56:37,524 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:37,524 INFO L495 AbstractCegarLoop]: Abstraction has 790 states and 979 transitions. [2022-11-02 20:56:37,524 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 4 states have internal predecessors, (72), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-02 20:56:37,524 INFO L276 IsEmpty]: Start isEmpty. Operand 790 states and 979 transitions. [2022-11-02 20:56:37,526 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-11-02 20:56:37,526 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:37,526 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:37,526 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-02 20:56:37,527 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:37,527 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:37,527 INFO L85 PathProgramCache]: Analyzing trace with hash -726468575, now seen corresponding path program 1 times [2022-11-02 20:56:37,527 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:37,527 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1559231540] [2022-11-02 20:56:37,528 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:37,528 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:37,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,678 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:56:37,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-02 20:56:37,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:37,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,723 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 20:56:37,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,733 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:37,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-11-02 20:56:37,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-11-02 20:56:37,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,762 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-02 20:56:37,763 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:37,765 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-11-02 20:56:37,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,772 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 16 proven. 13 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-02 20:56:37,772 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:37,772 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1559231540] [2022-11-02 20:56:37,772 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1559231540] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-02 20:56:37,773 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [323617649] [2022-11-02 20:56:37,773 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:37,773 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 20:56:37,773 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 20:56:37,780 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-02 20:56:37,784 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-02 20:56:37,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:37,966 INFO L263 TraceCheckSpWp]: Trace formula consists of 512 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-02 20:56:37,989 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-02 20:56:38,217 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 27 proven. 11 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-02 20:56:38,217 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-02 20:56:38,489 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 10 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-02 20:56:38,489 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [323617649] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-02 20:56:38,489 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-02 20:56:38,489 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-11-02 20:56:38,490 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1204749650] [2022-11-02 20:56:38,490 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-02 20:56:38,490 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-02 20:56:38,490 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:38,491 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-02 20:56:38,491 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-11-02 20:56:38,491 INFO L87 Difference]: Start difference. First operand 790 states and 979 transitions. Second operand has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) [2022-11-02 20:56:40,133 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:40,134 INFO L93 Difference]: Finished difference Result 1832 states and 2348 transitions. [2022-11-02 20:56:40,134 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 49 states. [2022-11-02 20:56:40,135 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) Word has length 111 [2022-11-02 20:56:40,136 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:40,142 INFO L225 Difference]: With dead ends: 1832 [2022-11-02 20:56:40,142 INFO L226 Difference]: Without dead ends: 1139 [2022-11-02 20:56:40,145 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 310 GetRequests, 252 SyntacticMatches, 4 SemanticMatches, 54 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 919 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=621, Invalid=2459, Unknown=0, NotChecked=0, Total=3080 [2022-11-02 20:56:40,147 INFO L413 NwaCegarLoop]: 255 mSDtfsCounter, 590 mSDsluCounter, 883 mSDsCounter, 0 mSdLazyCounter, 958 mSolverCounterSat, 303 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 599 SdHoareTripleChecker+Valid, 1138 SdHoareTripleChecker+Invalid, 1261 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 303 IncrementalHoareTripleChecker+Valid, 958 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:40,148 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [599 Valid, 1138 Invalid, 1261 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [303 Valid, 958 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-11-02 20:56:40,150 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1139 states. [2022-11-02 20:56:40,255 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1139 to 887. [2022-11-02 20:56:40,256 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 887 states, 659 states have (on average 1.1881638846737481) internal successors, (783), 710 states have internal predecessors, (783), 121 states have call successors, (121), 100 states have call predecessors, (121), 106 states have return successors, (154), 111 states have call predecessors, (154), 121 states have call successors, (154) [2022-11-02 20:56:40,260 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 887 states to 887 states and 1058 transitions. [2022-11-02 20:56:40,261 INFO L78 Accepts]: Start accepts. Automaton has 887 states and 1058 transitions. Word has length 111 [2022-11-02 20:56:40,262 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:40,262 INFO L495 AbstractCegarLoop]: Abstraction has 887 states and 1058 transitions. [2022-11-02 20:56:40,262 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) [2022-11-02 20:56:40,263 INFO L276 IsEmpty]: Start isEmpty. Operand 887 states and 1058 transitions. [2022-11-02 20:56:40,267 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 192 [2022-11-02 20:56:40,268 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:40,268 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:40,308 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-02 20:56:40,484 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 20:56:40,484 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:40,484 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:40,484 INFO L85 PathProgramCache]: Analyzing trace with hash 605285009, now seen corresponding path program 1 times [2022-11-02 20:56:40,485 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:40,485 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [92730017] [2022-11-02 20:56:40,485 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:40,485 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:40,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:56:40,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-02 20:56:40,648 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:40,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 20:56:40,683 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,686 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:40,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-11-02 20:56:40,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,703 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:40,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 20:56:40,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,709 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-02 20:56:40,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,712 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:40,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-11-02 20:56:40,718 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,765 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:40,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 20:56:40,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-11-02 20:56:40,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,773 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-11-02 20:56:40,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:40,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,782 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 183 [2022-11-02 20:56:40,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:40,785 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 81 proven. 0 refuted. 0 times theorem prover too weak. 122 trivial. 0 not checked. [2022-11-02 20:56:40,786 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:40,786 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [92730017] [2022-11-02 20:56:40,786 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [92730017] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:56:40,786 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:56:40,786 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-02 20:56:40,787 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [791783055] [2022-11-02 20:56:40,787 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:56:40,787 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-02 20:56:40,787 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:40,788 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-02 20:56:40,788 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=71, Unknown=0, NotChecked=0, Total=90 [2022-11-02 20:56:40,789 INFO L87 Difference]: Start difference. First operand 887 states and 1058 transitions. Second operand has 10 states, 10 states have (on average 9.7) internal successors, (97), 7 states have internal predecessors, (97), 4 states have call successors, (13), 5 states have call predecessors, (13), 2 states have return successors, (13), 4 states have call predecessors, (13), 4 states have call successors, (13) [2022-11-02 20:56:41,824 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:41,824 INFO L93 Difference]: Finished difference Result 2536 states and 3071 transitions. [2022-11-02 20:56:41,824 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2022-11-02 20:56:41,825 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 9.7) internal successors, (97), 7 states have internal predecessors, (97), 4 states have call successors, (13), 5 states have call predecessors, (13), 2 states have return successors, (13), 4 states have call predecessors, (13), 4 states have call successors, (13) Word has length 191 [2022-11-02 20:56:41,825 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:41,833 INFO L225 Difference]: With dead ends: 2536 [2022-11-02 20:56:41,833 INFO L226 Difference]: Without dead ends: 1657 [2022-11-02 20:56:41,837 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 78 GetRequests, 46 SyntacticMatches, 0 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 251 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=229, Invalid=893, Unknown=0, NotChecked=0, Total=1122 [2022-11-02 20:56:41,838 INFO L413 NwaCegarLoop]: 229 mSDtfsCounter, 434 mSDsluCounter, 674 mSDsCounter, 0 mSdLazyCounter, 857 mSolverCounterSat, 154 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 440 SdHoareTripleChecker+Valid, 903 SdHoareTripleChecker+Invalid, 1011 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 154 IncrementalHoareTripleChecker+Valid, 857 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:41,839 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [440 Valid, 903 Invalid, 1011 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [154 Valid, 857 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-11-02 20:56:41,841 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1657 states. [2022-11-02 20:56:41,994 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1657 to 1648. [2022-11-02 20:56:41,997 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1648 states, 1231 states have (on average 1.1551584077985377) internal successors, (1422), 1318 states have internal predecessors, (1422), 221 states have call successors, (221), 188 states have call predecessors, (221), 195 states have return successors, (277), 205 states have call predecessors, (277), 221 states have call successors, (277) [2022-11-02 20:56:42,007 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1648 states to 1648 states and 1920 transitions. [2022-11-02 20:56:42,008 INFO L78 Accepts]: Start accepts. Automaton has 1648 states and 1920 transitions. Word has length 191 [2022-11-02 20:56:42,008 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:42,008 INFO L495 AbstractCegarLoop]: Abstraction has 1648 states and 1920 transitions. [2022-11-02 20:56:42,009 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 9.7) internal successors, (97), 7 states have internal predecessors, (97), 4 states have call successors, (13), 5 states have call predecessors, (13), 2 states have return successors, (13), 4 states have call predecessors, (13), 4 states have call successors, (13) [2022-11-02 20:56:42,009 INFO L276 IsEmpty]: Start isEmpty. Operand 1648 states and 1920 transitions. [2022-11-02 20:56:42,015 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 196 [2022-11-02 20:56:42,015 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:56:42,017 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:56:42,017 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-11-02 20:56:42,017 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:56:42,017 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:56:42,018 INFO L85 PathProgramCache]: Analyzing trace with hash -1124053067, now seen corresponding path program 1 times [2022-11-02 20:56:42,018 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:56:42,018 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1859482620] [2022-11-02 20:56:42,018 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:42,018 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:56:42,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:56:42,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,278 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-02 20:56:42,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:42,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 20:56:42,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,326 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:42,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-11-02 20:56:42,337 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,433 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:42,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,436 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 20:56:42,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,443 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-02 20:56:42,445 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:42,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-11-02 20:56:42,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,462 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-11-02 20:56:42,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:56:42,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-02 20:56:42,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-11-02 20:56:42,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 166 [2022-11-02 20:56:42,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:56:42,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 187 [2022-11-02 20:56:42,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,496 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 92 proven. 28 refuted. 0 times theorem prover too weak. 83 trivial. 0 not checked. [2022-11-02 20:56:42,496 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:56:42,496 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1859482620] [2022-11-02 20:56:42,497 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1859482620] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-02 20:56:42,497 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [995589029] [2022-11-02 20:56:42,497 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:56:42,497 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 20:56:42,498 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 20:56:42,500 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-02 20:56:42,511 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-02 20:56:42,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:56:42,667 INFO L263 TraceCheckSpWp]: Trace formula consists of 733 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-02 20:56:42,672 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-02 20:56:42,895 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 147 proven. 4 refuted. 0 times theorem prover too weak. 52 trivial. 0 not checked. [2022-11-02 20:56:42,895 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-02 20:56:43,413 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 81 proven. 39 refuted. 0 times theorem prover too weak. 83 trivial. 0 not checked. [2022-11-02 20:56:43,414 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [995589029] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-02 20:56:43,414 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-02 20:56:43,414 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 10, 11] total 26 [2022-11-02 20:56:43,414 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [45048158] [2022-11-02 20:56:43,414 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-02 20:56:43,415 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-11-02 20:56:43,416 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:56:43,416 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-11-02 20:56:43,417 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=123, Invalid=527, Unknown=0, NotChecked=0, Total=650 [2022-11-02 20:56:43,417 INFO L87 Difference]: Start difference. First operand 1648 states and 1920 transitions. Second operand has 26 states, 26 states have (on average 8.538461538461538) internal successors, (222), 22 states have internal predecessors, (222), 10 states have call successors, (39), 9 states have call predecessors, (39), 9 states have return successors, (34), 9 states have call predecessors, (34), 10 states have call successors, (34) [2022-11-02 20:56:45,355 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:56:45,355 INFO L93 Difference]: Finished difference Result 3617 states and 4344 transitions. [2022-11-02 20:56:45,355 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-11-02 20:56:45,356 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 26 states have (on average 8.538461538461538) internal successors, (222), 22 states have internal predecessors, (222), 10 states have call successors, (39), 9 states have call predecessors, (39), 9 states have return successors, (34), 9 states have call predecessors, (34), 10 states have call successors, (34) Word has length 195 [2022-11-02 20:56:45,356 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:56:45,358 INFO L225 Difference]: With dead ends: 3617 [2022-11-02 20:56:45,358 INFO L226 Difference]: Without dead ends: 0 [2022-11-02 20:56:45,365 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 479 GetRequests, 421 SyntacticMatches, 5 SemanticMatches, 53 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 628 ImplicationChecksByTransitivity, 0.9s TimeCoverageRelationStatistics Valid=613, Invalid=2357, Unknown=0, NotChecked=0, Total=2970 [2022-11-02 20:56:45,366 INFO L413 NwaCegarLoop]: 155 mSDtfsCounter, 924 mSDsluCounter, 471 mSDsCounter, 0 mSdLazyCounter, 1560 mSolverCounterSat, 426 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 930 SdHoareTripleChecker+Valid, 626 SdHoareTripleChecker+Invalid, 1986 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 426 IncrementalHoareTripleChecker+Valid, 1560 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-02 20:56:45,366 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [930 Valid, 626 Invalid, 1986 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [426 Valid, 1560 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-11-02 20:56:45,366 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-02 20:56:45,367 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-02 20:56:45,367 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-02 20:56:45,367 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-02 20:56:45,368 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 195 [2022-11-02 20:56:45,368 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:56:45,368 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-02 20:56:45,368 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 26 states have (on average 8.538461538461538) internal successors, (222), 22 states have internal predecessors, (222), 10 states have call successors, (39), 9 states have call predecessors, (39), 9 states have return successors, (34), 9 states have call predecessors, (34), 10 states have call successors, (34) [2022-11-02 20:56:45,368 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-02 20:56:45,368 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-02 20:56:45,372 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-02 20:56:45,412 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-02 20:56:45,587 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2022-11-02 20:56:45,589 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-02 20:57:04,240 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 293 300) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (< 1 ~waterLevel~0)) .cse0 .cse1 .cse2 (not (<= ~waterLevel~0 2))))) [2022-11-02 20:57:04,240 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 293 300) no Hoare annotation was computed. [2022-11-02 20:57:04,240 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 293 300) no Hoare annotation was computed. [2022-11-02 20:57:04,241 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 200 206) no Hoare annotation was computed. [2022-11-02 20:57:04,241 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 200 206) the Hoare annotation is: true [2022-11-02 20:57:04,241 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 84 95) the Hoare annotation is: (let ((.cse2 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~pumpRunning~0 0))) (.cse1 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse3 (not (<= ~waterLevel~0 2)))) (and (or (not (= |old(~methaneLevelCritical~0)| 0)) .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (< 1 ~waterLevel~0)) .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse0 .cse1 .cse3) (or .cse4 .cse1 .cse3 (not (= 0 ~systemActive~0))))) [2022-11-02 20:57:04,241 INFO L899 garLoopResultBuilder]: For program point L88-1(lines 84 95) no Hoare annotation was computed. [2022-11-02 20:57:04,241 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 84 95) no Hoare annotation was computed. [2022-11-02 20:57:04,242 INFO L902 garLoopResultBuilder]: At program point L962-2(lines 962 976) the Hoare annotation is: true [2022-11-02 20:57:04,242 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 952 981) no Hoare annotation was computed. [2022-11-02 20:57:04,242 INFO L902 garLoopResultBuilder]: At program point L958(line 958) the Hoare annotation is: true [2022-11-02 20:57:04,242 INFO L899 garLoopResultBuilder]: For program point L958-1(line 958) no Hoare annotation was computed. [2022-11-02 20:57:04,242 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 952 981) the Hoare annotation is: true [2022-11-02 20:57:04,242 INFO L902 garLoopResultBuilder]: At program point L977(lines 952 981) the Hoare annotation is: true [2022-11-02 20:57:04,250 INFO L899 garLoopResultBuilder]: For program point L973(line 973) no Hoare annotation was computed. [2022-11-02 20:57:04,250 INFO L899 garLoopResultBuilder]: For program point L966(lines 966 970) no Hoare annotation was computed. [2022-11-02 20:57:04,250 INFO L902 garLoopResultBuilder]: At program point L966-1(lines 966 970) the Hoare annotation is: true [2022-11-02 20:57:04,250 INFO L899 garLoopResultBuilder]: For program point L963(line 963) no Hoare annotation was computed. [2022-11-02 20:57:04,250 INFO L899 garLoopResultBuilder]: For program point L64(lines 64 68) no Hoare annotation was computed. [2022-11-02 20:57:04,251 INFO L895 garLoopResultBuilder]: At program point L64-2(lines 60 71) the Hoare annotation is: (let ((.cse6 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (= 0 ~systemActive~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse0 .cse5) (or .cse6 .cse4 .cse0) (or .cse6 .cse4 .cse7) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse8 (= ~waterLevel~0 1) .cse9) .cse10) (or .cse4 .cse5 .cse7) (or (and .cse8 (= |old(~waterLevel~0)| ~waterLevel~0) .cse9) .cse0 .cse1 (and .cse8 .cse2 .cse9) .cse10 .cse3))) [2022-11-02 20:57:04,251 INFO L899 garLoopResultBuilder]: For program point L568(lines 568 574) no Hoare annotation was computed. [2022-11-02 20:57:04,251 INFO L895 garLoopResultBuilder]: At program point L279(line 279) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse4 .cse0 .cse5) (or .cse6 .cse3 .cse7) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2) (or .cse6 .cse3 .cse4 .cse0) (or .cse3 .cse5 .cse7))) [2022-11-02 20:57:04,252 INFO L895 garLoopResultBuilder]: At program point L279-1(lines 260 284) the Hoare annotation is: (let ((.cse19 (= ~methaneLevelCritical~0 0))) (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse15 (= ~pumpRunning~0 0)) (.cse10 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse11 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse24 (<= ~waterLevel~0 1)) (.cse25 (= 1 ~systemActive~0)) (.cse4 (not .cse19)) (.cse26 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse12 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse17 (not (<= |old(~waterLevel~0)| 1))) (.cse1 (not (= |old(~waterLevel~0)| 1))) (.cse20 (and .cse9 .cse15 .cse10 .cse11 .cse24 .cse25 .cse4 .cse26 .cse12)) (.cse14 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (= |old(~waterLevel~0)| 2))) (.cse21 (not (= 0 ~systemActive~0))) (.cse8 (not (< 1 |old(~waterLevel~0)|))) (.cse0 (and .cse23 .cse9 .cse10 .cse11 .cse24 .cse26 .cse12)) (.cse18 (and .cse9 .cse15 .cse10 .cse11 .cse16 .cse12)) (.cse2 (not .cse25)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (and .cse9 .cse15 .cse10 .cse19 .cse11 .cse24 .cse25 .cse26 .cse12)) (.cse13 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse0 .cse2 .cse3 .cse4 .cse5 .cse7) (or .cse2 .cse3 .cse8 (and .cse9 .cse10 .cse11 .cse12) .cse13) (or .cse14 (and .cse15 .cse16) .cse2 .cse13 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) .cse16)) (or .cse17 .cse18 .cse19 .cse2 .cse3 .cse20 .cse6) (or .cse17 .cse14 .cse21) (or .cse1 .cse19 .cse2 .cse3 .cse20 .cse6) (or .cse14 .cse7 .cse21) (let ((.cse22 (= ~waterLevel~0 1))) (or .cse2 .cse3 .cse8 (and .cse15 .cse22) .cse13 (and .cse19 .cse22))) (or .cse0 .cse18 .cse2 .cse3 .cse4 (and .cse23 .cse9 .cse10 .cse11 .cse16 .cse12) .cse5 .cse13 .cse6))))) [2022-11-02 20:57:04,252 INFO L899 garLoopResultBuilder]: For program point L180(lines 180 186) no Hoare annotation was computed. [2022-11-02 20:57:04,253 INFO L895 garLoopResultBuilder]: At program point L308(lines 301 311) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse18 (<= 1 ~pumpRunning~0)) (.cse13 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse14 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse15 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse19 (<= ~waterLevel~0 1)) (.cse20 (= 1 ~systemActive~0)) (.cse10 (not .cse1)) (.cse21 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse16 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse4 (and .cse18 .cse13 .cse14 .cse15 .cse19 .cse20 .cse10 .cse21 .cse16)) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse9 (not (= |old(~waterLevel~0)| 2))) (.cse17 (not (= 0 ~systemActive~0))) (.cse12 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not .cse20)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (and .cse13 .cse14 .cse15 (= |old(~waterLevel~0)| ~waterLevel~0) .cse16)) (.cse11 (and .cse18 .cse13 .cse14 .cse1 .cse15 .cse19 .cse20 .cse21 .cse16)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse3 .cse4 .cse6 .cse7 .cse5) (or .cse8 .cse2 .cse9) (or .cse0 .cse2 .cse3 .cse10 .cse11 .cse5) (or .cse12 .cse8 .cse2) (or .cse2 (and .cse13 .cse14 .cse15 (= ~waterLevel~0 1) .cse16) .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse6) (or .cse12 .cse8 .cse17) (or .cse8 .cse9 .cse17) (or .cse12 .cse2 .cse3 .cse10 .cse7 .cse11 .cse5))))) [2022-11-02 20:57:04,253 INFO L899 garLoopResultBuilder]: For program point L531(line 531) no Hoare annotation was computed. [2022-11-02 20:57:04,253 INFO L899 garLoopResultBuilder]: For program point L180-2(lines 176 198) no Hoare annotation was computed. [2022-11-02 20:57:04,254 INFO L895 garLoopResultBuilder]: At program point L552(lines 545 554) the Hoare annotation is: (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (and (= ~pumpRunning~0 0) .cse7)) (.cse1 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse7 (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 .cse5 .cse2 (not (= |old(~waterLevel~0)| 2))) (or .cse4 .cse5 .cse6 (not (= 0 ~systemActive~0))) (or .cse0 .cse4 .cse5 .cse2) (or .cse1 .cse2 .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse6)))) [2022-11-02 20:57:04,254 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 173 199) no Hoare annotation was computed. [2022-11-02 20:57:04,254 INFO L895 garLoopResultBuilder]: At program point L565(line 565) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse20 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse11 (= ~pumpRunning~0 0)) (.cse22 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse16 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse23 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse17 (<= ~waterLevel~0 1)) (.cse12 (= 1 ~systemActive~0)) (.cse7 (not .cse1)) (.cse25 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse24 (<= 1 ~switchedOnBeforeTS~0)) (.cse19 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| ~waterLevel~0))) (let ((.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse4 (and .cse21 .cse11 .cse22 .cse16 .cse23 .cse17 .cse12 .cse7 .cse25 .cse24 .cse19)) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse13 (= ~waterLevel~0 1)) (.cse15 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not .cse12)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (and .cse21 .cse11 .cse22 .cse16 .cse1 .cse23 .cse17 .cse12 .cse25 .cse24 .cse19)) (.cse9 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (and .cse21 .cse11 .cse22 .cse16 .cse23 .cse18 .cse24 .cse19)) (.cse8 (and (<= 1 ~pumpRunning~0) .cse20 .cse21 .cse22 .cse16 .cse1 .cse23 .cse17 .cse12 .cse25 .cse24 .cse19)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse3 .cse6 .cse7 .cse8 .cse5) (or .cse1 .cse2 .cse3 .cse9 .cse4 .cse10 .cse5) (or (and .cse11 .cse12 .cse13) .cse1 .cse2 .cse3 .cse14 .cse9) (or .cse15 .cse2 (not (= |old(~waterLevel~0)| 2))) (or .cse15 .cse9 (and .cse11 .cse16 .cse17 .cse18 .cse19) (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse14 (and .cse20 .cse21 .cse22 .cse16 .cse23 .cse13 .cse24 .cse19) .cse9 (and .cse21 .cse11 .cse22 .cse16 .cse23 .cse12 .cse13 .cse24 .cse19)) (or (not (<= |old(~waterLevel~0)| 1)) .cse15 .cse2 (and .cse11 .cse16 .cse18 .cse19)) (or (and .cse20 .cse21 .cse22 .cse16 .cse23 .cse18 .cse24 .cse19) .cse2 .cse3 .cse6 .cse7 .cse9 .cse10 .cse8 .cse5))))) [2022-11-02 20:57:04,254 INFO L899 garLoopResultBuilder]: For program point L565-1(line 565) no Hoare annotation was computed. [2022-11-02 20:57:04,255 INFO L895 garLoopResultBuilder]: At program point L532(lines 527 534) the Hoare annotation is: (let ((.cse5 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse6 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse0 .cse4) (or .cse5 .cse3 .cse0) (or .cse5 .cse3 .cse6) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2) (or .cse3 .cse4 .cse6))) [2022-11-02 20:57:04,255 INFO L899 garLoopResultBuilder]: For program point L268(lines 268 276) no Hoare annotation was computed. [2022-11-02 20:57:04,255 INFO L899 garLoopResultBuilder]: For program point L264(lines 264 281) no Hoare annotation was computed. [2022-11-02 20:57:04,255 INFO L895 garLoopResultBuilder]: At program point L550(line 550) the Hoare annotation is: (let ((.cse13 (= ~pumpRunning~0 0)) (.cse7 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse12 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and .cse13 .cse7 .cse12)) (.cse10 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse8 (< 1 ~waterLevel~0)) (.cse9 (<= ~waterLevel~0 2)) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse11 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse5 (and .cse6 .cse7 .cse8 .cse9) .cse3) (or .cse0 .cse10 .cse1 .cse11) (or .cse10 .cse2 .cse4 (and .cse6 .cse7 .cse12) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse5 (and .cse13 .cse7 .cse8 .cse9) .cse3 .cse11)))) [2022-11-02 20:57:04,255 INFO L899 garLoopResultBuilder]: For program point L550-1(line 550) no Hoare annotation was computed. [2022-11-02 20:57:04,256 INFO L895 garLoopResultBuilder]: At program point L133(lines 128 136) the Hoare annotation is: (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse20 (= ~methaneLevelCritical~0 0)) (.cse11 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse0 (= ~pumpRunning~0 0)) (.cse12 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse13 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse14 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse23 (<= ~waterLevel~0 1)) (.cse21 (= 1 ~systemActive~0)) (.cse24 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse15 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse18 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (and .cse11 .cse0 .cse12 .cse13 .cse14 .cse23 .cse21 .cse24 .cse15)) (.cse16 (and .cse6 .cse10 .cse11 .cse12 .cse13 .cse20 .cse14 .cse23 .cse21 .cse24 .cse15)) (.cse17 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse4 (not .cse21)) (.cse8 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse19 (and .cse0 .cse13 .cse2)) (.cse7 (not (<= |old(~waterLevel~0)| 2)))) (and (let ((.cse1 (= 2 |timeShift_getWaterLevel_#res#1|))) (or (and .cse0 .cse1 .cse2) .cse3 .cse4 .cse5 (and .cse6 .cse1 .cse2) .cse7)) (or .cse4 .cse8 .cse9 (and .cse10 .cse11 .cse12 .cse13 .cse14 .cse2 .cse15) .cse16 .cse7 (and .cse11 .cse0 .cse12 .cse13 .cse14 .cse2 .cse15) .cse17) (or .cse18 .cse3 .cse4 .cse19) (or .cse18 .cse20 .cse4 .cse8 (and .cse0 .cse21) .cse17) (or (not (= |old(~waterLevel~0)| 1)) .cse4 .cse8 .cse9 .cse16 .cse17) (let ((.cse22 (= ~waterLevel~0 1))) (or (and .cse10 .cse11 .cse12 .cse13 .cse20 .cse14 .cse22 .cse15) .cse4 .cse8 .cse5 (and .cse11 .cse0 .cse12 .cse13 .cse14 .cse22 .cse15) .cse7)) (or .cse3 .cse19 .cse7 (not (= 0 ~systemActive~0)))))) [2022-11-02 20:57:04,256 INFO L899 garLoopResultBuilder]: For program point L187-1(lines 187 193) no Hoare annotation was computed. [2022-11-02 20:57:04,256 INFO L899 garLoopResultBuilder]: For program point L567(lines 567 577) no Hoare annotation was computed. [2022-11-02 20:57:04,256 INFO L899 garLoopResultBuilder]: For program point L563(lines 563 580) no Hoare annotation was computed. [2022-11-02 20:57:04,256 INFO L895 garLoopResultBuilder]: At program point L274(line 274) the Hoare annotation is: (let ((.cse9 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse10 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse11 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse12 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse5 (= ~methaneLevelCritical~0 0)) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse4 (not (= 0 ~systemActive~0))) (.cse14 (and .cse9 .cse10 .cse11 .cse12 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse13)) (.cse3 (not (<= |old(~waterLevel~0)| 1))) (.cse1 (not (= 1 ~systemActive~0))) (.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse0 .cse1) (or .cse3 .cse0 .cse4) (or .cse5 .cse1 .cse6 .cse7 .cse8) (or (and .cse9 .cse10 .cse11 .cse5 .cse12 (= ~waterLevel~0 1) .cse13) .cse1 .cse6 (not (< 1 |old(~waterLevel~0)|)) .cse7) (or .cse0 .cse2 .cse4) (or .cse14 (not (= |old(~waterLevel~0)| 1)) .cse1 .cse6 .cse8) (or .cse14 .cse3 .cse1 .cse6 (and .cse9 .cse10 .cse11 .cse12 (= |old(~waterLevel~0)| ~waterLevel~0) .cse13) .cse8)))) [2022-11-02 20:57:04,257 INFO L895 garLoopResultBuilder]: At program point L563-1(lines 555 583) the Hoare annotation is: (let ((.cse6 (= ~methaneLevelCritical~0 0))) (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse3 (= ~pumpRunning~0 0)) (.cse19 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse15 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse20 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse23 (<= ~waterLevel~0 1)) (.cse4 (= 1 ~systemActive~0)) (.cse14 (not .cse6)) (.cse24 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse21 (<= 1 ~switchedOnBeforeTS~0)) (.cse17 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| ~waterLevel~0))) (let ((.cse8 (and .cse18 .cse3 .cse19 .cse15 .cse20 .cse23 .cse4 .cse14 .cse24 .cse21 .cse17)) (.cse5 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (and .cse18 .cse3 .cse19 .cse15 .cse6 .cse20 .cse23 .cse4 .cse24 .cse21 .cse17)) (.cse13 (and .cse2 .cse18 .cse19 .cse15 .cse20 .cse23 .cse4 .cse24 .cse21 .cse17)) (.cse11 (and .cse18 .cse3 .cse19 .cse15 .cse20 .cse16 .cse21 .cse17)) (.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse1 (not .cse4)) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 (and .cse2 .cse3 .cse4)) (or .cse5 .cse6 .cse1 .cse7 .cse8 .cse9) (or .cse6 .cse1 .cse7 .cse10 .cse8 .cse11 .cse9) (or .cse5 .cse1 .cse7 .cse12 .cse13 .cse14 .cse9) (or .cse0 .cse1 (and .cse2 .cse3 .cse15 .cse4 .cse16 .cse17) .cse10 (and (<= 1 ~pumpRunning~0) .cse15 .cse16 .cse17)) (or .cse0 (and .cse2 .cse3 .cse15 .cse16 .cse17) .cse10 (not (= 0 ~systemActive~0))) (or (and .cse2 .cse18 .cse19 .cse15 .cse20 .cse16 .cse21 .cse17) .cse1 .cse7 .cse12 .cse13 .cse14 .cse10 .cse11 .cse9) (let ((.cse22 (= ~waterLevel~0 1))) (or (and .cse2 .cse18 .cse19 .cse15 .cse6 .cse20 .cse22 .cse21 .cse17) .cse1 .cse7 (not (< 1 |old(~waterLevel~0)|)) (and .cse18 .cse3 .cse19 .cse15 .cse20 .cse22 .cse21 .cse17) .cse10)))))) [2022-11-02 20:57:04,257 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 173 199) the Hoare annotation is: (let ((.cse13 (= ~pumpRunning~0 0)) (.cse7 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse12 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and .cse13 .cse7 .cse12)) (.cse10 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse8 (< 1 ~waterLevel~0)) (.cse9 (<= ~waterLevel~0 2)) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse11 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse5 (and .cse6 .cse7 .cse8 .cse9) .cse3) (or .cse0 .cse10 .cse1 .cse11) (or .cse10 .cse2 .cse4 (and .cse6 .cse7 .cse12) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse5 (and .cse13 .cse7 .cse8 .cse9) .cse3 .cse11)))) [2022-11-02 20:57:04,257 INFO L895 garLoopResultBuilder]: At program point L270(line 270) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse9 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse15 (= 1 ~systemActive~0)) (.cse13 (not (= ~methaneLevelCritical~0 0))) (.cse11 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse4 (and (<= 1 ~pumpRunning~0) .cse7 .cse8 .cse9 .cse10 (<= ~waterLevel~0 1) .cse15 .cse13 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse11)) (.cse6 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse12 (not (= 0 ~systemActive~0))) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse1 (not .cse15)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse14 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or (not (= |old(~waterLevel~0)| 1)) .cse1 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse3 (and .cse7 .cse8 .cse9 .cse10 (= |old(~waterLevel~0)| ~waterLevel~0) .cse11) .cse4 .cse5) (or .cse6 .cse0 .cse1) (or .cse6 .cse0 .cse12) (or .cse0 .cse2 .cse12) (or .cse1 .cse3 .cse13 .cse14 .cse5) (or (and .cse7 .cse8 .cse9 .cse10 .cse13 (= ~waterLevel~0 1) .cse11) .cse1 .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse14)))) [2022-11-02 20:57:04,257 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 173 199) no Hoare annotation was computed. [2022-11-02 20:57:04,257 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 531) no Hoare annotation was computed. [2022-11-02 20:57:04,258 INFO L895 garLoopResultBuilder]: At program point L101(lines 96 104) the Hoare annotation is: (let ((.cse9 (= ~methaneLevelCritical~0 0))) (let ((.cse6 (not .cse9)) (.cse16 (<= 1 ~pumpRunning~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse17 (<= ~waterLevel~0 1)) (.cse18 (= 1 ~systemActive~0)) (.cse19 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse5 (not (= |old(~waterLevel~0)| 1))) (.cse7 (and .cse16 .cse2 .cse9 .cse3 .cse17 .cse18 .cse19 .cse4)) (.cse11 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (not (= |old(~waterLevel~0)| 2))) (.cse15 (not (= 0 ~systemActive~0))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse14 (and .cse2 .cse3 (= |old(~waterLevel~0)| ~waterLevel~0) .cse4)) (.cse0 (not .cse18)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (and .cse16 .cse2 .cse3 .cse17 .cse18 .cse6 .cse19 .cse4)) (.cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse2 .cse3 (= ~waterLevel~0 1) .cse4) (not (<= |old(~waterLevel~0)| 2))) (or .cse5 .cse0 .cse1 .cse6 .cse7 .cse8) (or .cse5 .cse9 .cse0 .cse1 .cse10 .cse8) (or .cse11 .cse0 .cse12) (or .cse13 .cse14 .cse0 .cse1 .cse6 .cse7 .cse8) (or .cse13 .cse11 .cse0) (or .cse13 .cse11 .cse15) (or .cse11 .cse12 .cse15) (or .cse13 .cse14 .cse9 .cse0 .cse1 .cse10 .cse8))))) [2022-11-02 20:57:04,258 INFO L895 garLoopResultBuilder]: At program point L415(lines 410 417) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:57:04,258 INFO L895 garLoopResultBuilder]: At program point L477(lines 430 479) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse4 (<= ~waterLevel~0 1)) (.cse5 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse2 .cse3) (and .cse0 .cse1 .cse5 .cse2) (and .cse6 .cse1 .cse5 .cse2) (and .cse6 (= ~methaneLevelCritical~0 0) .cse4 .cse5 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse4 .cse5 .cse2))) [2022-11-02 20:57:04,258 INFO L899 garLoopResultBuilder]: For program point L440(lines 440 446) no Hoare annotation was computed. [2022-11-02 20:57:04,258 INFO L899 garLoopResultBuilder]: For program point L440-1(lines 440 446) no Hoare annotation was computed. [2022-11-02 20:57:04,258 INFO L895 garLoopResultBuilder]: At program point L407(lines 395 409) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (<= ~waterLevel~0 2) (= 0 ~systemActive~0)) [2022-11-02 20:57:04,258 INFO L902 garLoopResultBuilder]: At program point L1043(lines 1024 1046) the Hoare annotation is: true [2022-11-02 20:57:04,259 INFO L895 garLoopResultBuilder]: At program point L1010(lines 1006 1012) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:57:04,259 INFO L899 garLoopResultBuilder]: For program point L432(lines 432 436) no Hoare annotation was computed. [2022-11-02 20:57:04,259 INFO L899 garLoopResultBuilder]: For program point L399(lines 399 405) no Hoare annotation was computed. [2022-11-02 20:57:04,259 INFO L899 garLoopResultBuilder]: For program point L399-1(lines 399 405) no Hoare annotation was computed. [2022-11-02 20:57:04,259 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-02 20:57:04,259 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-02 20:57:04,259 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-02 20:57:04,260 INFO L895 garLoopResultBuilder]: At program point L507(lines 503 509) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:57:04,260 INFO L902 garLoopResultBuilder]: At program point L483(lines 420 487) the Hoare annotation is: true [2022-11-02 20:57:04,260 INFO L899 garLoopResultBuilder]: For program point L450(lines 450 456) no Hoare annotation was computed. [2022-11-02 20:57:04,260 INFO L899 garLoopResultBuilder]: For program point L450-1(lines 450 456) no Hoare annotation was computed. [2022-11-02 20:57:04,260 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-02 20:57:04,260 INFO L895 garLoopResultBuilder]: At program point L442(line 442) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse4 (<= ~waterLevel~0 1)) (.cse5 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse2 .cse3) (and .cse0 .cse1 .cse5 .cse2) (and .cse6 .cse1 .cse5 .cse2) (and .cse6 (= ~methaneLevelCritical~0 0) .cse4 .cse5 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse4 .cse5 .cse2))) [2022-11-02 20:57:04,261 INFO L895 garLoopResultBuilder]: At program point L401(line 401) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:57:04,261 INFO L895 garLoopResultBuilder]: At program point L480(lines 429 481) the Hoare annotation is: false [2022-11-02 20:57:04,261 INFO L895 garLoopResultBuilder]: At program point L542(lines 537 544) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:57:04,261 INFO L902 garLoopResultBuilder]: At program point L1021(lines 1013 1023) the Hoare annotation is: true [2022-11-02 20:57:04,261 INFO L899 garLoopResultBuilder]: For program point L468(lines 468 474) no Hoare annotation was computed. [2022-11-02 20:57:04,262 INFO L895 garLoopResultBuilder]: At program point L468-2(lines 460 475) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:57:04,262 INFO L899 garLoopResultBuilder]: For program point L431(lines 430 479) no Hoare annotation was computed. [2022-11-02 20:57:04,262 INFO L899 garLoopResultBuilder]: For program point L460(lines 460 475) no Hoare annotation was computed. [2022-11-02 20:57:04,262 INFO L895 garLoopResultBuilder]: At program point L522(lines 517 525) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:57:04,262 INFO L899 garLoopResultBuilder]: For program point L1034(lines 1034 1041) no Hoare annotation was computed. [2022-11-02 20:57:04,262 INFO L899 garLoopResultBuilder]: For program point L1034-2(lines 1034 1041) no Hoare annotation was computed. [2022-11-02 20:57:04,263 INFO L895 garLoopResultBuilder]: At program point L452(line 452) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 (= ~methaneLevelCritical~0 0) (<= ~waterLevel~0 1) .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:57:04,263 INFO L895 garLoopResultBuilder]: At program point L514(lines 510 516) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:57:04,263 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 208 232) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,263 INFO L895 garLoopResultBuilder]: At program point L372(lines 357 375) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2)) (and .cse1 .cse2 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0))) (and .cse1 .cse2 (= 2 ~waterLevel~0)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,263 INFO L899 garLoopResultBuilder]: For program point L366(lines 366 370) no Hoare annotation was computed. [2022-11-02 20:57:04,264 INFO L899 garLoopResultBuilder]: For program point L141(lines 141 147) no Hoare annotation was computed. [2022-11-02 20:57:04,264 INFO L899 garLoopResultBuilder]: For program point L366-2(lines 366 370) no Hoare annotation was computed. [2022-11-02 20:57:04,264 INFO L895 garLoopResultBuilder]: At program point L290(lines 285 292) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2))))) [2022-11-02 20:57:04,264 INFO L895 garLoopResultBuilder]: At program point L222(line 222) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)) (not (<= ~waterLevel~0 2))) (or (not (= ~waterLevel~0 1)) .cse0 .cse1 (and (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0)))) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,264 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 208 232) no Hoare annotation was computed. [2022-11-02 20:57:04,265 INFO L899 garLoopResultBuilder]: For program point L216(lines 216 224) no Hoare annotation was computed. [2022-11-02 20:57:04,265 INFO L899 garLoopResultBuilder]: For program point L212(lines 212 229) no Hoare annotation was computed. [2022-11-02 20:57:04,265 INFO L895 garLoopResultBuilder]: At program point L146(lines 137 150) the Hoare annotation is: (let ((.cse5 (<= ~waterLevel~0 1))) (let ((.cse4 (not .cse5)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (= ~pumpRunning~0 0)) (.cse3 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))) (and (or .cse0 .cse1 (and .cse2 (not .cse3)) .cse4) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) .cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse5 (and .cse2 .cse3) (not (<= ~waterLevel~0 2)))))) [2022-11-02 20:57:04,265 INFO L895 garLoopResultBuilder]: At program point L227(line 227) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,265 INFO L899 garLoopResultBuilder]: For program point L227-1(lines 208 232) no Hoare annotation was computed. [2022-11-02 20:57:04,266 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 72 83) no Hoare annotation was computed. [2022-11-02 20:57:04,266 INFO L899 garLoopResultBuilder]: For program point L76-1(lines 72 83) no Hoare annotation was computed. [2022-11-02 20:57:04,266 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 72 83) the Hoare annotation is: (let ((.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse5 (not (<= 1 ~pumpRunning~0))) (.cse6 (not (= |old(~waterLevel~0)| 2))) (.cse3 (not (= 0 ~systemActive~0))) (.cse1 (not (= ~pumpRunning~0 0))) (.cse4 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse5 .cse6 .cse2) (or .cse0 .cse4 (not (= ~methaneLevelCritical~0 0)) .cse5 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse1 .cse6 .cse2 .cse3) (or .cse1 .cse4 .cse2 (not (<= |old(~waterLevel~0)| 2))))) [2022-11-02 20:57:04,266 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 234 258) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,266 INFO L895 garLoopResultBuilder]: At program point L248(line 248) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,267 INFO L895 garLoopResultBuilder]: At program point L244(line 244) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,267 INFO L899 garLoopResultBuilder]: For program point L242(lines 242 250) no Hoare annotation was computed. [2022-11-02 20:57:04,267 INFO L899 garLoopResultBuilder]: For program point L238(lines 238 255) no Hoare annotation was computed. [2022-11-02 20:57:04,267 INFO L895 garLoopResultBuilder]: At program point L391(lines 376 394) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,267 INFO L899 garLoopResultBuilder]: For program point L385(lines 385 389) no Hoare annotation was computed. [2022-11-02 20:57:04,268 INFO L899 garLoopResultBuilder]: For program point L385-2(lines 385 389) no Hoare annotation was computed. [2022-11-02 20:57:04,268 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 234 258) no Hoare annotation was computed. [2022-11-02 20:57:04,268 INFO L895 garLoopResultBuilder]: At program point L253(line 253) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 (not (<= ~waterLevel~0 2))))) [2022-11-02 20:57:04,268 INFO L895 garLoopResultBuilder]: At program point L156(lines 151 159) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:57:04,268 INFO L899 garLoopResultBuilder]: For program point L253-1(lines 234 258) no Hoare annotation was computed. [2022-11-02 20:57:04,268 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 312 320) no Hoare annotation was computed. [2022-11-02 20:57:04,269 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 312 320) the Hoare annotation is: true [2022-11-02 20:57:04,269 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 312 320) no Hoare annotation was computed. [2022-11-02 20:57:04,272 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:57:04,275 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-02 20:57:04,352 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 02.11 08:57:04 BoogieIcfgContainer [2022-11-02 20:57:04,352 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-02 20:57:04,353 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-02 20:57:04,356 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-02 20:57:04,356 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-02 20:57:04,357 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 08:56:31" (3/4) ... [2022-11-02 20:57:04,360 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-02 20:57:04,367 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-02 20:57:04,367 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-02 20:57:04,368 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-02 20:57:04,368 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-02 20:57:04,368 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-02 20:57:04,368 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 20:57:04,368 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-02 20:57:04,368 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-11-02 20:57:04,369 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-02 20:57:04,384 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 54 nodes and edges [2022-11-02 20:57:04,384 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-11-02 20:57:04,385 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-11-02 20:57:04,385 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-02 20:57:04,385 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-02 20:57:04,385 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-02 20:57:04,386 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-02 20:57:04,412 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) [2022-11-02 20:57:04,412 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || waterLevel + 1 <= \old(waterLevel)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:57:04,413 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 1 == systemActive)) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-11-02 20:57:04,413 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((methaneLevelCritical == \result && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((((!(\old(waterLevel) <= 1) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (pumpRunning == 0 && waterLevel == 1)) || !(\old(waterLevel) <= 2)) || (methaneLevelCritical == 0 && waterLevel == 1))) && ((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:57:04,414 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) [2022-11-02 20:57:04,414 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel))) && (((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (pumpRunning == 0 && 1 == systemActive)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) [2022-11-02 20:57:04,414 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:57:04,415 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((((!(1 == systemActive) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:57:04,415 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-02 20:57:04,415 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 1)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || waterLevel <= 1) || (pumpRunning == 0 && \result == 0)) || !(waterLevel <= 2)) [2022-11-02 20:57:04,416 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-02 20:57:04,416 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && !(\result == 0)) && \result == 0) && tmp___0 == 0) && !(tmp == 0))) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-02 20:57:04,416 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) [2022-11-02 20:57:04,452 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/witness.graphml [2022-11-02 20:57:04,453 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-02 20:57:04,454 INFO L158 Benchmark]: Toolchain (without parser) took 34097.35ms. Allocated memory was 111.1MB in the beginning and 293.6MB in the end (delta: 182.5MB). Free memory was 75.6MB in the beginning and 226.8MB in the end (delta: -151.3MB). Peak memory consumption was 31.9MB. Max. memory is 16.1GB. [2022-11-02 20:57:04,454 INFO L158 Benchmark]: CDTParser took 0.28ms. Allocated memory is still 79.7MB. Free memory was 49.9MB in the beginning and 49.8MB in the end (delta: 30.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-02 20:57:04,454 INFO L158 Benchmark]: CACSL2BoogieTranslator took 622.34ms. Allocated memory is still 111.1MB. Free memory was 75.4MB in the beginning and 79.0MB in the end (delta: -3.6MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-11-02 20:57:04,455 INFO L158 Benchmark]: Boogie Procedure Inliner took 51.13ms. Allocated memory is still 111.1MB. Free memory was 79.0MB in the beginning and 76.3MB in the end (delta: 2.6MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-11-02 20:57:04,455 INFO L158 Benchmark]: Boogie Preprocessor took 30.10ms. Allocated memory is still 111.1MB. Free memory was 76.3MB in the beginning and 74.8MB in the end (delta: 1.6MB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-02 20:57:04,456 INFO L158 Benchmark]: RCFGBuilder took 634.25ms. Allocated memory is still 111.1MB. Free memory was 74.8MB in the beginning and 54.3MB in the end (delta: 20.4MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. [2022-11-02 20:57:04,456 INFO L158 Benchmark]: TraceAbstraction took 32648.55ms. Allocated memory was 111.1MB in the beginning and 293.6MB in the end (delta: 182.5MB). Free memory was 53.8MB in the beginning and 233.1MB in the end (delta: -179.3MB). Peak memory consumption was 154.2MB. Max. memory is 16.1GB. [2022-11-02 20:57:04,457 INFO L158 Benchmark]: Witness Printer took 99.65ms. Allocated memory is still 293.6MB. Free memory was 233.1MB in the beginning and 226.8MB in the end (delta: 6.3MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-11-02 20:57:04,459 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.28ms. Allocated memory is still 79.7MB. Free memory was 49.9MB in the beginning and 49.8MB in the end (delta: 30.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 622.34ms. Allocated memory is still 111.1MB. Free memory was 75.4MB in the beginning and 79.0MB in the end (delta: -3.6MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 51.13ms. Allocated memory is still 111.1MB. Free memory was 79.0MB in the beginning and 76.3MB in the end (delta: 2.6MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 30.10ms. Allocated memory is still 111.1MB. Free memory was 76.3MB in the beginning and 74.8MB in the end (delta: 1.6MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 634.25ms. Allocated memory is still 111.1MB. Free memory was 74.8MB in the beginning and 54.3MB in the end (delta: 20.4MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. * TraceAbstraction took 32648.55ms. Allocated memory was 111.1MB in the beginning and 293.6MB in the end (delta: 182.5MB). Free memory was 53.8MB in the beginning and 233.1MB in the end (delta: -179.3MB). Peak memory consumption was 154.2MB. Max. memory is 16.1GB. * Witness Printer took 99.65ms. Allocated memory is still 293.6MB. Free memory was 233.1MB in the beginning and 226.8MB in the end (delta: 6.3MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 531]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 110 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 32.5s, OverallIterations: 12, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 7.9s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 18.7s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 3677 SdHoareTripleChecker+Valid, 4.6s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 3615 mSDsluCounter, 6567 SdHoareTripleChecker+Invalid, 3.8s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4684 mSDsCounter, 1426 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 5228 IncrementalHoareTripleChecker+Invalid, 6654 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1426 mSolverCounterUnsat, 1883 mSDtfsCounter, 5228 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1042 GetRequests, 811 SyntacticMatches, 10 SemanticMatches, 221 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2151 ImplicationChecksByTransitivity, 2.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1648occurred in iteration=11, InterpolantAutomatonStates: 199, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.8s AutomataMinimizationTime, 12 MinimizatonAttempts, 560 StatesRemovedByMinimization, 9 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 52 LocationsWithAnnotation, 4448 PreInvPairs, 5106 NumberOfFragments, 4967 HoareAnnotationTreeSize, 4448 FomulaSimplifications, 11971 FormulaSimplificationTreeSizeReduction, 2.1s HoareSimplificationTime, 52 FomulaSimplificationsInter, 63385 FormulaSimplificationTreeSizeReductionInter, 16.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 3.6s InterpolantComputationTime, 1270 NumberOfCodeBlocks, 1270 NumberOfCodeBlocksAsserted, 14 NumberOfCheckSat, 1560 ConstructedInterpolants, 0 QuantifiedInterpolants, 3089 SizeOfPredicates, 6 NumberOfNonLiveVariables, 1245 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 16 InterpolantComputations, 10 PerfectInterpolantSequences, 873/978 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 420]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 128]: Loop Invariant Derived loop invariant: ((((((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel))) && (((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (pumpRunning == 0 && 1 == systemActive)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) - InvariantResult [Line: 555]: Loop Invariant Derived loop invariant: (((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 1 == systemActive)) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 376]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 537]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 952]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 527]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) - InvariantResult [Line: 410]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 1 < waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 301]: Loop Invariant Derived loop invariant: ((((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((((!(1 == systemActive) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 510]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 395]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive - InvariantResult [Line: 1024]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 429]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 1006]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 1013]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 96]: Loop Invariant Derived loop invariant: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 545]: Loop Invariant Derived loop invariant: (((((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 503]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 260]: Loop Invariant Derived loop invariant: ((((((((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((methaneLevelCritical == \result && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((((!(\old(waterLevel) <= 1) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (pumpRunning == 0 && waterLevel == 1)) || !(\old(waterLevel) <= 2)) || (methaneLevelCritical == 0 && waterLevel == 1))) && ((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 60]: Loop Invariant Derived loop invariant: (((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || waterLevel + 1 <= \old(waterLevel)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 151]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 430]: Loop Invariant Derived loop invariant: (((((((pumpRunning == 0 && 2 == waterLevel) && splverifierCounter == 0) && 0 == systemActive) || (((pumpRunning == 0 && waterLevel <= 1) && splverifierCounter == 0) && 0 == systemActive)) || (((pumpRunning == 0 && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || (((1 <= pumpRunning && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || (((((1 <= pumpRunning && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS)) || (((pumpRunning == 0 && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 962]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 137]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 1)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || waterLevel <= 1) || (pumpRunning == 0 && \result == 0)) || !(waterLevel <= 2)) - InvariantResult [Line: 357]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && !(\result == 0)) && \result == 0) && tmp___0 == 0) && !(tmp == 0))) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 517]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 285]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) RESULT: Ultimate proved your program to be correct! [2022-11-02 20:57:04,550 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_72a292dc-195b-4787-8580-ea95c37a4864/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE