./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product55.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 5e519f3a Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product55.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 9e826f48819dedbf1a290c3ced69eb835c065ed69febc6d0054f416e73afcb1c --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-5e519f3 [2022-11-02 20:43:41,172 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-02 20:43:41,174 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-02 20:43:41,218 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-02 20:43:41,219 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-02 20:43:41,223 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-02 20:43:41,226 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-02 20:43:41,230 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-02 20:43:41,235 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-02 20:43:41,236 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-02 20:43:41,237 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-02 20:43:41,238 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-02 20:43:41,238 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-02 20:43:41,239 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-02 20:43:41,240 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-02 20:43:41,241 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-02 20:43:41,242 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-02 20:43:41,243 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-02 20:43:41,247 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-02 20:43:41,257 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-02 20:43:41,260 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-02 20:43:41,263 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-02 20:43:41,264 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-02 20:43:41,265 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-02 20:43:41,268 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-02 20:43:41,269 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-02 20:43:41,269 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-02 20:43:41,270 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-02 20:43:41,270 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-02 20:43:41,271 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-02 20:43:41,272 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-02 20:43:41,280 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-02 20:43:41,282 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-02 20:43:41,284 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-02 20:43:41,285 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-02 20:43:41,285 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-02 20:43:41,286 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-02 20:43:41,286 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-02 20:43:41,286 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-02 20:43:41,287 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-02 20:43:41,288 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-02 20:43:41,289 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-02 20:43:41,331 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-02 20:43:41,331 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-02 20:43:41,332 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-02 20:43:41,332 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-02 20:43:41,333 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-02 20:43:41,333 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-02 20:43:41,334 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-02 20:43:41,334 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-02 20:43:41,334 INFO L138 SettingsManager]: * Use SBE=true [2022-11-02 20:43:41,334 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-02 20:43:41,334 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-02 20:43:41,335 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-02 20:43:41,335 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-02 20:43:41,335 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-02 20:43:41,335 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-02 20:43:41,335 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-02 20:43:41,335 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-02 20:43:41,336 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-02 20:43:41,336 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-02 20:43:41,336 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-02 20:43:41,336 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-02 20:43:41,336 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-02 20:43:41,337 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-02 20:43:41,337 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-02 20:43:41,337 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-02 20:43:41,337 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-02 20:43:41,337 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-02 20:43:41,337 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-02 20:43:41,338 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-02 20:43:41,338 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-02 20:43:41,338 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-02 20:43:41,338 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-02 20:43:41,338 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-02 20:43:41,338 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 9e826f48819dedbf1a290c3ced69eb835c065ed69febc6d0054f416e73afcb1c [2022-11-02 20:43:41,616 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-02 20:43:41,647 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-02 20:43:41,650 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-02 20:43:41,651 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-02 20:43:41,652 INFO L275 PluginConnector]: CDTParser initialized [2022-11-02 20:43:41,653 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/../../sv-benchmarks/c/product-lines/minepump_spec5_product55.cil.c [2022-11-02 20:43:41,724 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/data/5b4fd3e57/56b0b4cb6eec4945aafbef9e77c4f720/FLAG1bad2c335 [2022-11-02 20:43:42,348 INFO L306 CDTParser]: Found 1 translation units. [2022-11-02 20:43:42,352 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/sv-benchmarks/c/product-lines/minepump_spec5_product55.cil.c [2022-11-02 20:43:42,375 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/data/5b4fd3e57/56b0b4cb6eec4945aafbef9e77c4f720/FLAG1bad2c335 [2022-11-02 20:43:42,609 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/data/5b4fd3e57/56b0b4cb6eec4945aafbef9e77c4f720 [2022-11-02 20:43:42,612 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-02 20:43:42,613 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-02 20:43:42,615 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-02 20:43:42,615 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-02 20:43:42,619 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-02 20:43:42,620 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.11 08:43:42" (1/1) ... [2022-11-02 20:43:42,621 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2582e9bd and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:42, skipping insertion in model container [2022-11-02 20:43:42,621 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 02.11 08:43:42" (1/1) ... [2022-11-02 20:43:42,631 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-02 20:43:42,695 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-02 20:43:42,945 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/sv-benchmarks/c/product-lines/minepump_spec5_product55.cil.c[13125,13138] [2022-11-02 20:43:42,984 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-02 20:43:42,997 INFO L203 MainTranslator]: Completed pre-run [2022-11-02 20:43:43,094 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/sv-benchmarks/c/product-lines/minepump_spec5_product55.cil.c[13125,13138] [2022-11-02 20:43:43,128 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-02 20:43:43,147 INFO L208 MainTranslator]: Completed translation [2022-11-02 20:43:43,147 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43 WrapperNode [2022-11-02 20:43:43,147 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-02 20:43:43,149 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-02 20:43:43,149 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-02 20:43:43,149 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-02 20:43:43,157 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,180 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,226 INFO L138 Inliner]: procedures = 59, calls = 163, calls flagged for inlining = 26, calls inlined = 23, statements flattened = 291 [2022-11-02 20:43:43,226 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-02 20:43:43,227 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-02 20:43:43,227 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-02 20:43:43,227 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-02 20:43:43,239 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,239 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,250 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,251 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,257 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,265 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,272 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,274 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,286 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-02 20:43:43,287 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-02 20:43:43,287 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-02 20:43:43,287 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-02 20:43:43,288 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (1/1) ... [2022-11-02 20:43:43,295 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-02 20:43:43,309 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 20:43:43,322 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-02 20:43:43,328 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-02 20:43:43,375 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-02 20:43:43,376 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-02 20:43:43,376 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-02 20:43:43,376 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-02 20:43:43,376 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-02 20:43:43,376 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-02 20:43:43,376 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-02 20:43:43,378 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 20:43:43,379 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 20:43:43,379 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-02 20:43:43,379 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-02 20:43:43,379 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-02 20:43:43,380 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-02 20:43:43,380 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-02 20:43:43,380 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-02 20:43:43,381 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-02 20:43:43,381 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-02 20:43:43,381 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-02 20:43:43,381 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-02 20:43:43,381 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-02 20:43:43,381 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-02 20:43:43,381 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-02 20:43:43,466 INFO L235 CfgBuilder]: Building ICFG [2022-11-02 20:43:43,468 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-02 20:43:44,009 INFO L276 CfgBuilder]: Performing block encoding [2022-11-02 20:43:44,016 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-02 20:43:44,016 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-02 20:43:44,019 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 08:43:44 BoogieIcfgContainer [2022-11-02 20:43:44,019 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-02 20:43:44,021 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-02 20:43:44,021 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-02 20:43:44,025 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-02 20:43:44,025 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 02.11 08:43:42" (1/3) ... [2022-11-02 20:43:44,026 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6cefa93f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.11 08:43:44, skipping insertion in model container [2022-11-02 20:43:44,026 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 02.11 08:43:43" (2/3) ... [2022-11-02 20:43:44,027 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6cefa93f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 02.11 08:43:44, skipping insertion in model container [2022-11-02 20:43:44,027 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 08:43:44" (3/3) ... [2022-11-02 20:43:44,028 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product55.cil.c [2022-11-02 20:43:44,047 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-02 20:43:44,047 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-02 20:43:44,101 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-02 20:43:44,109 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@5ed76c56, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-02 20:43:44,109 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-02 20:43:44,114 INFO L276 IsEmpty]: Start isEmpty. Operand has 109 states, 81 states have (on average 1.3703703703703705) internal successors, (111), 92 states have internal predecessors, (111), 17 states have call successors, (17), 9 states have call predecessors, (17), 9 states have return successors, (17), 12 states have call predecessors, (17), 17 states have call successors, (17) [2022-11-02 20:43:44,128 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-02 20:43:44,128 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:44,129 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:44,130 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:44,136 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:44,136 INFO L85 PathProgramCache]: Analyzing trace with hash 158818465, now seen corresponding path program 1 times [2022-11-02 20:43:44,147 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:44,148 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1150506100] [2022-11-02 20:43:44,148 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:44,149 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:44,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:44,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-02 20:43:44,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:44,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-02 20:43:44,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:44,517 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:43:44,517 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:44,518 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1150506100] [2022-11-02 20:43:44,519 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1150506100] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:44,519 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:44,519 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-02 20:43:44,521 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1440166077] [2022-11-02 20:43:44,521 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:44,526 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-02 20:43:44,531 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:44,559 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-02 20:43:44,560 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-02 20:43:44,562 INFO L87 Difference]: Start difference. First operand has 109 states, 81 states have (on average 1.3703703703703705) internal successors, (111), 92 states have internal predecessors, (111), 17 states have call successors, (17), 9 states have call predecessors, (17), 9 states have return successors, (17), 12 states have call predecessors, (17), 17 states have call successors, (17) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:43:44,623 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:44,623 INFO L93 Difference]: Finished difference Result 209 states and 284 transitions. [2022-11-02 20:43:44,624 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-02 20:43:44,626 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-02 20:43:44,626 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:44,641 INFO L225 Difference]: With dead ends: 209 [2022-11-02 20:43:44,641 INFO L226 Difference]: Without dead ends: 100 [2022-11-02 20:43:44,648 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-02 20:43:44,655 INFO L413 NwaCegarLoop]: 139 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 139 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:44,657 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 139 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 20:43:44,675 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 100 states. [2022-11-02 20:43:44,728 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 100 to 100. [2022-11-02 20:43:44,731 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 100 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 84 states have internal predecessors, (97), 17 states have call successors, (17), 9 states have call predecessors, (17), 8 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-02 20:43:44,740 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 100 states to 100 states and 130 transitions. [2022-11-02 20:43:44,746 INFO L78 Accepts]: Start accepts. Automaton has 100 states and 130 transitions. Word has length 32 [2022-11-02 20:43:44,747 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:44,747 INFO L495 AbstractCegarLoop]: Abstraction has 100 states and 130 transitions. [2022-11-02 20:43:44,748 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:43:44,749 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 130 transitions. [2022-11-02 20:43:44,751 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-11-02 20:43:44,754 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:44,755 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:44,755 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-02 20:43:44,756 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:44,756 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:44,757 INFO L85 PathProgramCache]: Analyzing trace with hash -1314152562, now seen corresponding path program 1 times [2022-11-02 20:43:44,757 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:44,758 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [947964698] [2022-11-02 20:43:44,758 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:44,758 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:44,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:44,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-02 20:43:44,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:44,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-11-02 20:43:44,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:44,959 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:43:44,960 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:44,960 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [947964698] [2022-11-02 20:43:44,960 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [947964698] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:44,966 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:44,966 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-02 20:43:44,967 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1529692241] [2022-11-02 20:43:44,967 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:44,970 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-02 20:43:44,973 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:44,974 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-02 20:43:44,974 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:43:44,974 INFO L87 Difference]: Start difference. First operand 100 states and 130 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:43:45,006 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:45,006 INFO L93 Difference]: Finished difference Result 161 states and 209 transitions. [2022-11-02 20:43:45,012 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-02 20:43:45,012 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-11-02 20:43:45,014 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:45,015 INFO L225 Difference]: With dead ends: 161 [2022-11-02 20:43:45,016 INFO L226 Difference]: Without dead ends: 91 [2022-11-02 20:43:45,016 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:43:45,018 INFO L413 NwaCegarLoop]: 117 mSDtfsCounter, 16 mSDsluCounter, 96 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 213 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:45,018 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 213 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 20:43:45,019 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2022-11-02 20:43:45,041 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 91. [2022-11-02 20:43:45,043 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 91 states, 68 states have (on average 1.3235294117647058) internal successors, (90), 78 states have internal predecessors, (90), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 9 states have call predecessors, (14), 14 states have call successors, (14) [2022-11-02 20:43:45,044 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 91 states to 91 states and 118 transitions. [2022-11-02 20:43:45,045 INFO L78 Accepts]: Start accepts. Automaton has 91 states and 118 transitions. Word has length 33 [2022-11-02 20:43:45,046 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:45,047 INFO L495 AbstractCegarLoop]: Abstraction has 91 states and 118 transitions. [2022-11-02 20:43:45,047 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:43:45,047 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 118 transitions. [2022-11-02 20:43:45,050 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-11-02 20:43:45,050 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:45,051 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:45,051 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-02 20:43:45,051 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:45,052 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:45,052 INFO L85 PathProgramCache]: Analyzing trace with hash -1623741410, now seen corresponding path program 1 times [2022-11-02 20:43:45,052 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:45,052 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1014917008] [2022-11-02 20:43:45,052 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:45,053 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:45,093 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:45,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 20:43:45,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:45,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-11-02 20:43:45,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:45,241 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:43:45,241 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:45,241 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1014917008] [2022-11-02 20:43:45,242 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1014917008] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:45,242 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:45,242 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-02 20:43:45,242 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1568282569] [2022-11-02 20:43:45,242 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:45,243 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-02 20:43:45,243 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:45,243 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-02 20:43:45,244 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:43:45,248 INFO L87 Difference]: Start difference. First operand 91 states and 118 transitions. Second operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-02 20:43:45,294 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:45,294 INFO L93 Difference]: Finished difference Result 256 states and 338 transitions. [2022-11-02 20:43:45,296 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-02 20:43:45,297 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-11-02 20:43:45,301 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:45,307 INFO L225 Difference]: With dead ends: 256 [2022-11-02 20:43:45,308 INFO L226 Difference]: Without dead ends: 173 [2022-11-02 20:43:45,309 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-02 20:43:45,313 INFO L413 NwaCegarLoop]: 145 mSDtfsCounter, 93 mSDsluCounter, 107 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 93 SdHoareTripleChecker+Valid, 252 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:45,314 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [93 Valid, 252 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-02 20:43:45,315 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 173 states. [2022-11-02 20:43:45,353 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 173 to 170. [2022-11-02 20:43:45,353 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 170 states, 125 states have (on average 1.344) internal successors, (168), 144 states have internal predecessors, (168), 28 states have call successors, (28), 16 states have call predecessors, (28), 16 states have return successors, (28), 17 states have call predecessors, (28), 28 states have call successors, (28) [2022-11-02 20:43:45,355 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 170 states to 170 states and 224 transitions. [2022-11-02 20:43:45,355 INFO L78 Accepts]: Start accepts. Automaton has 170 states and 224 transitions. Word has length 37 [2022-11-02 20:43:45,355 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:45,356 INFO L495 AbstractCegarLoop]: Abstraction has 170 states and 224 transitions. [2022-11-02 20:43:45,356 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-02 20:43:45,356 INFO L276 IsEmpty]: Start isEmpty. Operand 170 states and 224 transitions. [2022-11-02 20:43:45,358 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-11-02 20:43:45,358 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:45,358 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:45,358 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-02 20:43:45,358 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:45,359 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:45,359 INFO L85 PathProgramCache]: Analyzing trace with hash 1317125140, now seen corresponding path program 1 times [2022-11-02 20:43:45,359 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:45,360 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [513063953] [2022-11-02 20:43:45,366 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:45,366 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:45,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:45,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-02 20:43:45,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:45,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-11-02 20:43:45,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:45,655 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-02 20:43:45,655 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:45,655 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [513063953] [2022-11-02 20:43:45,656 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [513063953] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:45,656 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:45,656 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 20:43:45,660 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [162972286] [2022-11-02 20:43:45,660 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:45,665 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 20:43:45,665 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:45,666 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 20:43:45,667 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 20:43:45,667 INFO L87 Difference]: Start difference. First operand 170 states and 224 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:43:45,887 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:45,887 INFO L93 Difference]: Finished difference Result 442 states and 599 transitions. [2022-11-02 20:43:45,887 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-02 20:43:45,888 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-11-02 20:43:45,888 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:45,894 INFO L225 Difference]: With dead ends: 442 [2022-11-02 20:43:45,894 INFO L226 Difference]: Without dead ends: 280 [2022-11-02 20:43:45,896 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-02 20:43:45,907 INFO L413 NwaCegarLoop]: 133 mSDtfsCounter, 56 mSDsluCounter, 434 mSDsCounter, 0 mSdLazyCounter, 78 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 567 SdHoareTripleChecker+Invalid, 91 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 78 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:45,908 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [57 Valid, 567 Invalid, 91 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 78 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-02 20:43:45,910 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 280 states. [2022-11-02 20:43:45,953 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 280 to 267. [2022-11-02 20:43:45,954 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 267 states, 198 states have (on average 1.292929292929293) internal successors, (256), 215 states have internal predecessors, (256), 38 states have call successors, (38), 30 states have call predecessors, (38), 30 states have return successors, (50), 33 states have call predecessors, (50), 38 states have call successors, (50) [2022-11-02 20:43:45,956 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 267 states to 267 states and 344 transitions. [2022-11-02 20:43:45,957 INFO L78 Accepts]: Start accepts. Automaton has 267 states and 344 transitions. Word has length 41 [2022-11-02 20:43:45,957 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:45,958 INFO L495 AbstractCegarLoop]: Abstraction has 267 states and 344 transitions. [2022-11-02 20:43:45,958 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-02 20:43:45,958 INFO L276 IsEmpty]: Start isEmpty. Operand 267 states and 344 transitions. [2022-11-02 20:43:45,960 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-11-02 20:43:45,960 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:45,960 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:45,961 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-02 20:43:45,961 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:45,961 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:45,962 INFO L85 PathProgramCache]: Analyzing trace with hash -1401707673, now seen corresponding path program 1 times [2022-11-02 20:43:45,962 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:45,962 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1109406678] [2022-11-02 20:43:45,963 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:45,963 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:45,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 20:43:46,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-02 20:43:46,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,089 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:43:46,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,134 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-11-02 20:43:46,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,138 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:43:46,138 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:46,138 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1109406678] [2022-11-02 20:43:46,139 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1109406678] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:46,139 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:46,139 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 20:43:46,139 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1911208514] [2022-11-02 20:43:46,140 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:46,140 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 20:43:46,140 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:46,141 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 20:43:46,141 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 20:43:46,142 INFO L87 Difference]: Start difference. First operand 267 states and 344 transitions. Second operand has 6 states, 6 states have (on average 7.5) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-02 20:43:46,370 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:46,370 INFO L93 Difference]: Finished difference Result 594 states and 777 transitions. [2022-11-02 20:43:46,371 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-02 20:43:46,371 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.5) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 56 [2022-11-02 20:43:46,373 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:46,376 INFO L225 Difference]: With dead ends: 594 [2022-11-02 20:43:46,376 INFO L226 Difference]: Without dead ends: 335 [2022-11-02 20:43:46,378 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-02 20:43:46,383 INFO L413 NwaCegarLoop]: 111 mSDtfsCounter, 74 mSDsluCounter, 336 mSDsCounter, 0 mSdLazyCounter, 135 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 77 SdHoareTripleChecker+Valid, 447 SdHoareTripleChecker+Invalid, 160 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 135 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:46,384 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [77 Valid, 447 Invalid, 160 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 135 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-02 20:43:46,385 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 335 states. [2022-11-02 20:43:46,416 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 335 to 327. [2022-11-02 20:43:46,417 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 327 states, 244 states have (on average 1.2704918032786885) internal successors, (310), 261 states have internal predecessors, (310), 42 states have call successors, (42), 30 states have call predecessors, (42), 40 states have return successors, (64), 45 states have call predecessors, (64), 42 states have call successors, (64) [2022-11-02 20:43:46,419 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 327 states to 327 states and 416 transitions. [2022-11-02 20:43:46,420 INFO L78 Accepts]: Start accepts. Automaton has 327 states and 416 transitions. Word has length 56 [2022-11-02 20:43:46,420 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:46,420 INFO L495 AbstractCegarLoop]: Abstraction has 327 states and 416 transitions. [2022-11-02 20:43:46,420 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.5) internal successors, (45), 5 states have internal predecessors, (45), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-02 20:43:46,421 INFO L276 IsEmpty]: Start isEmpty. Operand 327 states and 416 transitions. [2022-11-02 20:43:46,422 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-11-02 20:43:46,422 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:46,422 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:46,423 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-02 20:43:46,423 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:46,423 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:46,423 INFO L85 PathProgramCache]: Analyzing trace with hash -979005847, now seen corresponding path program 1 times [2022-11-02 20:43:46,424 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:46,424 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1588442008] [2022-11-02 20:43:46,424 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:46,424 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:46,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 20:43:46,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-02 20:43:46,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:43:46,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-11-02 20:43:46,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:46,557 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:43:46,557 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:46,558 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1588442008] [2022-11-02 20:43:46,558 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1588442008] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:46,558 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:46,558 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-02 20:43:46,558 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1475724868] [2022-11-02 20:43:46,558 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:46,559 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-02 20:43:46,559 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:46,559 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-02 20:43:46,560 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-02 20:43:46,560 INFO L87 Difference]: Start difference. First operand 327 states and 416 transitions. Second operand has 6 states, 6 states have (on average 7.5) internal successors, (45), 5 states have internal predecessors, (45), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:43:46,940 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:46,940 INFO L93 Difference]: Finished difference Result 670 states and 875 transitions. [2022-11-02 20:43:46,940 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-11-02 20:43:46,941 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.5) internal successors, (45), 5 states have internal predecessors, (45), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 56 [2022-11-02 20:43:46,941 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:46,944 INFO L225 Difference]: With dead ends: 670 [2022-11-02 20:43:46,944 INFO L226 Difference]: Without dead ends: 351 [2022-11-02 20:43:46,946 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 21 GetRequests, 12 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2022-11-02 20:43:46,947 INFO L413 NwaCegarLoop]: 133 mSDtfsCounter, 230 mSDsluCounter, 365 mSDsCounter, 0 mSdLazyCounter, 196 mSolverCounterSat, 62 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 237 SdHoareTripleChecker+Valid, 498 SdHoareTripleChecker+Invalid, 258 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 62 IncrementalHoareTripleChecker+Valid, 196 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:46,947 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [237 Valid, 498 Invalid, 258 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [62 Valid, 196 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-02 20:43:46,949 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 351 states. [2022-11-02 20:43:46,978 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 351 to 331. [2022-11-02 20:43:46,979 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 331 states, 248 states have (on average 1.2661290322580645) internal successors, (314), 265 states have internal predecessors, (314), 42 states have call successors, (42), 30 states have call predecessors, (42), 40 states have return successors, (64), 45 states have call predecessors, (64), 42 states have call successors, (64) [2022-11-02 20:43:46,984 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 331 states to 331 states and 420 transitions. [2022-11-02 20:43:46,984 INFO L78 Accepts]: Start accepts. Automaton has 331 states and 420 transitions. Word has length 56 [2022-11-02 20:43:46,985 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:46,985 INFO L495 AbstractCegarLoop]: Abstraction has 331 states and 420 transitions. [2022-11-02 20:43:46,986 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.5) internal successors, (45), 5 states have internal predecessors, (45), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:43:46,986 INFO L276 IsEmpty]: Start isEmpty. Operand 331 states and 420 transitions. [2022-11-02 20:43:46,988 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-11-02 20:43:46,988 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:46,989 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:46,989 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-02 20:43:46,989 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:46,989 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:46,990 INFO L85 PathProgramCache]: Analyzing trace with hash 1510523115, now seen corresponding path program 1 times [2022-11-02 20:43:46,990 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:46,990 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1886240728] [2022-11-02 20:43:46,990 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:46,990 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:47,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-02 20:43:47,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-02 20:43:47,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,117 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:43:47,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-11-02 20:43:47,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,133 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:43:47,133 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:47,133 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1886240728] [2022-11-02 20:43:47,133 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1886240728] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:47,134 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:47,134 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-02 20:43:47,134 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [205606110] [2022-11-02 20:43:47,134 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:47,135 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-02 20:43:47,135 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:47,135 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-02 20:43:47,137 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-02 20:43:47,140 INFO L87 Difference]: Start difference. First operand 331 states and 420 transitions. Second operand has 5 states, 5 states have (on average 9.0) internal successors, (45), 4 states have internal predecessors, (45), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:43:47,460 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:47,460 INFO L93 Difference]: Finished difference Result 946 states and 1245 transitions. [2022-11-02 20:43:47,461 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-02 20:43:47,461 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.0) internal successors, (45), 4 states have internal predecessors, (45), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 56 [2022-11-02 20:43:47,461 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:47,464 INFO L225 Difference]: With dead ends: 946 [2022-11-02 20:43:47,465 INFO L226 Difference]: Without dead ends: 623 [2022-11-02 20:43:47,466 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 12 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-02 20:43:47,467 INFO L413 NwaCegarLoop]: 166 mSDtfsCounter, 242 mSDsluCounter, 209 mSDsCounter, 0 mSdLazyCounter, 182 mSolverCounterSat, 77 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 249 SdHoareTripleChecker+Valid, 375 SdHoareTripleChecker+Invalid, 259 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 77 IncrementalHoareTripleChecker+Valid, 182 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:47,467 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [249 Valid, 375 Invalid, 259 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [77 Valid, 182 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-02 20:43:47,468 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 623 states. [2022-11-02 20:43:47,508 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 623 to 616. [2022-11-02 20:43:47,509 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 616 states, 459 states have (on average 1.2287581699346406) internal successors, (564), 485 states have internal predecessors, (564), 83 states have call successors, (83), 67 states have call predecessors, (83), 73 states have return successors, (135), 84 states have call predecessors, (135), 83 states have call successors, (135) [2022-11-02 20:43:47,513 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 616 states to 616 states and 782 transitions. [2022-11-02 20:43:47,513 INFO L78 Accepts]: Start accepts. Automaton has 616 states and 782 transitions. Word has length 56 [2022-11-02 20:43:47,514 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:47,514 INFO L495 AbstractCegarLoop]: Abstraction has 616 states and 782 transitions. [2022-11-02 20:43:47,514 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.0) internal successors, (45), 4 states have internal predecessors, (45), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-02 20:43:47,514 INFO L276 IsEmpty]: Start isEmpty. Operand 616 states and 782 transitions. [2022-11-02 20:43:47,515 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 61 [2022-11-02 20:43:47,515 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:47,515 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:47,516 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-02 20:43:47,516 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:47,516 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:47,516 INFO L85 PathProgramCache]: Analyzing trace with hash -193074427, now seen corresponding path program 1 times [2022-11-02 20:43:47,516 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:47,517 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1722746305] [2022-11-02 20:43:47,517 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:47,517 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:47,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,726 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:43:47,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-02 20:43:47,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,765 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-11-02 20:43:47,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,783 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:43:47,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,796 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-11-02 20:43:47,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:47,800 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-02 20:43:47,800 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:47,800 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1722746305] [2022-11-02 20:43:47,800 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1722746305] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:47,800 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:47,801 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-02 20:43:47,801 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1069657553] [2022-11-02 20:43:47,801 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:47,801 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-02 20:43:47,801 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:47,802 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-02 20:43:47,802 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2022-11-02 20:43:47,803 INFO L87 Difference]: Start difference. First operand 616 states and 782 transitions. Second operand has 10 states, 10 states have (on average 4.7) internal successors, (47), 8 states have internal predecessors, (47), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 4 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-02 20:43:48,910 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:48,910 INFO L93 Difference]: Finished difference Result 1697 states and 2268 transitions. [2022-11-02 20:43:48,910 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 29 states. [2022-11-02 20:43:48,911 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.7) internal successors, (47), 8 states have internal predecessors, (47), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 4 states have call predecessors, (5), 4 states have call successors, (5) Word has length 60 [2022-11-02 20:43:48,911 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:48,917 INFO L225 Difference]: With dead ends: 1697 [2022-11-02 20:43:48,917 INFO L226 Difference]: Without dead ends: 1202 [2022-11-02 20:43:48,920 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 14 SyntacticMatches, 0 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 285 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=258, Invalid=864, Unknown=0, NotChecked=0, Total=1122 [2022-11-02 20:43:48,920 INFO L413 NwaCegarLoop]: 159 mSDtfsCounter, 708 mSDsluCounter, 481 mSDsCounter, 0 mSdLazyCounter, 737 mSolverCounterSat, 285 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 716 SdHoareTripleChecker+Valid, 640 SdHoareTripleChecker+Invalid, 1022 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 285 IncrementalHoareTripleChecker+Valid, 737 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:48,921 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [716 Valid, 640 Invalid, 1022 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [285 Valid, 737 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-11-02 20:43:48,923 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1202 states. [2022-11-02 20:43:49,015 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1202 to 1048. [2022-11-02 20:43:49,017 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1048 states, 782 states have (on average 1.227621483375959) internal successors, (960), 834 states have internal predecessors, (960), 140 states have call successors, (140), 106 states have call predecessors, (140), 125 states have return successors, (230), 139 states have call predecessors, (230), 140 states have call successors, (230) [2022-11-02 20:43:49,023 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1048 states to 1048 states and 1330 transitions. [2022-11-02 20:43:49,024 INFO L78 Accepts]: Start accepts. Automaton has 1048 states and 1330 transitions. Word has length 60 [2022-11-02 20:43:49,024 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:49,024 INFO L495 AbstractCegarLoop]: Abstraction has 1048 states and 1330 transitions. [2022-11-02 20:43:49,024 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.7) internal successors, (47), 8 states have internal predecessors, (47), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 4 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-02 20:43:49,025 INFO L276 IsEmpty]: Start isEmpty. Operand 1048 states and 1330 transitions. [2022-11-02 20:43:49,026 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 91 [2022-11-02 20:43:49,027 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:49,027 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:49,027 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-02 20:43:49,027 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:49,028 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:49,028 INFO L85 PathProgramCache]: Analyzing trace with hash -182301856, now seen corresponding path program 1 times [2022-11-02 20:43:49,028 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:49,028 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [852051361] [2022-11-02 20:43:49,028 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:49,029 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:49,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,075 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:43:49,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,085 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-02 20:43:49,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:43:49,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 20:43:49,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:43:49,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-11-02 20:43:49,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-11-02 20:43:49,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,127 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 18 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-02 20:43:49,127 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:49,127 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [852051361] [2022-11-02 20:43:49,128 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [852051361] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-02 20:43:49,128 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-02 20:43:49,128 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-11-02 20:43:49,128 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1490607044] [2022-11-02 20:43:49,128 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-02 20:43:49,129 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-11-02 20:43:49,129 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:49,129 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-11-02 20:43:49,130 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2022-11-02 20:43:49,130 INFO L87 Difference]: Start difference. First operand 1048 states and 1330 transitions. Second operand has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 4 states have internal predecessors, (71), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-02 20:43:49,549 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:49,550 INFO L93 Difference]: Finished difference Result 1277 states and 1611 transitions. [2022-11-02 20:43:49,550 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-02 20:43:49,550 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 4 states have internal predecessors, (71), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) Word has length 90 [2022-11-02 20:43:49,551 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:49,553 INFO L225 Difference]: With dead ends: 1277 [2022-11-02 20:43:49,553 INFO L226 Difference]: Without dead ends: 520 [2022-11-02 20:43:49,556 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 31 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2022-11-02 20:43:49,556 INFO L413 NwaCegarLoop]: 148 mSDtfsCounter, 342 mSDsluCounter, 215 mSDsCounter, 0 mSdLazyCounter, 224 mSolverCounterSat, 133 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 351 SdHoareTripleChecker+Valid, 363 SdHoareTripleChecker+Invalid, 357 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 133 IncrementalHoareTripleChecker+Valid, 224 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:49,557 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [351 Valid, 363 Invalid, 357 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [133 Valid, 224 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-02 20:43:49,558 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 520 states. [2022-11-02 20:43:49,601 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 520 to 476. [2022-11-02 20:43:49,602 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 476 states, 356 states have (on average 1.1853932584269662) internal successors, (422), 378 states have internal predecessors, (422), 62 states have call successors, (62), 47 states have call predecessors, (62), 57 states have return successors, (104), 62 states have call predecessors, (104), 62 states have call successors, (104) [2022-11-02 20:43:49,605 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 476 states to 476 states and 588 transitions. [2022-11-02 20:43:49,606 INFO L78 Accepts]: Start accepts. Automaton has 476 states and 588 transitions. Word has length 90 [2022-11-02 20:43:49,606 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:49,606 INFO L495 AbstractCegarLoop]: Abstraction has 476 states and 588 transitions. [2022-11-02 20:43:49,606 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.142857142857142) internal successors, (71), 4 states have internal predecessors, (71), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-02 20:43:49,606 INFO L276 IsEmpty]: Start isEmpty. Operand 476 states and 588 transitions. [2022-11-02 20:43:49,608 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-11-02 20:43:49,608 INFO L187 NwaCegarLoop]: Found error trace [2022-11-02 20:43:49,608 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:49,609 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-02 20:43:49,609 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-02 20:43:49,609 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-02 20:43:49,609 INFO L85 PathProgramCache]: Analyzing trace with hash 1799468227, now seen corresponding path program 1 times [2022-11-02 20:43:49,610 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-02 20:43:49,610 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [682322973] [2022-11-02 20:43:49,610 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:49,610 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-02 20:43:49,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-02 20:43:49,776 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-02 20:43:49,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-02 20:43:49,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-02 20:43:49,837 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:43:49,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,854 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-11-02 20:43:49,855 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-11-02 20:43:49,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-02 20:43:49,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,880 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-02 20:43:49,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-11-02 20:43:49,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:49,888 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 8 proven. 20 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-02 20:43:49,889 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-02 20:43:49,889 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [682322973] [2022-11-02 20:43:49,889 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [682322973] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-02 20:43:49,889 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [601065650] [2022-11-02 20:43:49,889 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-02 20:43:49,890 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 20:43:49,890 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 [2022-11-02 20:43:49,896 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-02 20:43:49,912 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-02 20:43:50,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-02 20:43:50,025 INFO L263 TraceCheckSpWp]: Trace formula consists of 506 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-02 20:43:50,032 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-02 20:43:50,269 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 26 proven. 11 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-02 20:43:50,270 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-02 20:43:50,542 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 18 proven. 10 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-02 20:43:50,542 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [601065650] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-02 20:43:50,543 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-02 20:43:50,543 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-11-02 20:43:50,543 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1256032163] [2022-11-02 20:43:50,543 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-02 20:43:50,544 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-02 20:43:50,544 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-02 20:43:50,544 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-02 20:43:50,545 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-11-02 20:43:50,545 INFO L87 Difference]: Start difference. First operand 476 states and 588 transitions. Second operand has 15 states, 15 states have (on average 9.866666666666667) internal successors, (148), 10 states have internal predecessors, (148), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (20), 8 states have call predecessors, (20), 6 states have call successors, (20) [2022-11-02 20:43:51,746 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-02 20:43:51,746 INFO L93 Difference]: Finished difference Result 979 states and 1234 transitions. [2022-11-02 20:43:51,747 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 27 states. [2022-11-02 20:43:51,748 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 9.866666666666667) internal successors, (148), 10 states have internal predecessors, (148), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (20), 8 states have call predecessors, (20), 6 states have call successors, (20) Word has length 109 [2022-11-02 20:43:51,748 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-02 20:43:51,749 INFO L225 Difference]: With dead ends: 979 [2022-11-02 20:43:51,749 INFO L226 Difference]: Without dead ends: 0 [2022-11-02 20:43:51,754 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 284 GetRequests, 243 SyntacticMatches, 4 SemanticMatches, 37 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 339 ImplicationChecksByTransitivity, 0.5s TimeCoverageRelationStatistics Valid=345, Invalid=1137, Unknown=0, NotChecked=0, Total=1482 [2022-11-02 20:43:51,754 INFO L413 NwaCegarLoop]: 211 mSDtfsCounter, 423 mSDsluCounter, 817 mSDsCounter, 0 mSdLazyCounter, 918 mSolverCounterSat, 216 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 427 SdHoareTripleChecker+Valid, 1028 SdHoareTripleChecker+Invalid, 1134 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 216 IncrementalHoareTripleChecker+Valid, 918 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-11-02 20:43:51,756 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [427 Valid, 1028 Invalid, 1134 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [216 Valid, 918 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-11-02 20:43:51,756 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-02 20:43:51,757 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-02 20:43:51,757 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-02 20:43:51,757 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-02 20:43:51,757 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 109 [2022-11-02 20:43:51,757 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-02 20:43:51,758 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-02 20:43:51,758 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 9.866666666666667) internal successors, (148), 10 states have internal predecessors, (148), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (20), 8 states have call predecessors, (20), 6 states have call successors, (20) [2022-11-02 20:43:51,758 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-02 20:43:51,758 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-02 20:43:51,762 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-02 20:43:51,802 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-02 20:43:51,975 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-02 20:43:51,978 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-02 20:43:57,586 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 871 878) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 2 ~waterLevel~0)) .cse1 (= 0 ~systemActive~0)) (or .cse0 (not (= 1 ~systemActive~0)) .cse1))) [2022-11-02 20:43:57,586 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 871 878) no Hoare annotation was computed. [2022-11-02 20:43:57,586 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 871 878) no Hoare annotation was computed. [2022-11-02 20:43:57,586 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 778 784) no Hoare annotation was computed. [2022-11-02 20:43:57,587 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 778 784) the Hoare annotation is: true [2022-11-02 20:43:57,587 INFO L899 garLoopResultBuilder]: For program point L670-1(lines 666 677) no Hoare annotation was computed. [2022-11-02 20:43:57,587 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 666 677) the Hoare annotation is: true [2022-11-02 20:43:57,587 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 666 677) no Hoare annotation was computed. [2022-11-02 20:43:57,588 INFO L895 garLoopResultBuilder]: At program point L1018(line 1018) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 0))) (let ((.cse9 (and .cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse10 (not (= 0 ~systemActive~0))) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse3 .cse4))) (or .cse8 .cse9 .cse0 .cse5) (or .cse8 .cse5 .cse10 .cse6) (or .cse8 .cse9 .cse5 .cse10) (or .cse8 .cse0 .cse5 .cse6) (let ((.cse11 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse7 .cse11 .cse4) .cse5 (and .cse2 .cse11 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))))) [2022-11-02 20:43:57,588 INFO L895 garLoopResultBuilder]: At program point L857(line 857) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1 .cse2) (or .cse1 .cse3 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse3 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 (not (= 0 ~systemActive~0))))) [2022-11-02 20:43:57,588 INFO L899 garLoopResultBuilder]: For program point L1018-1(line 1018) no Hoare annotation was computed. [2022-11-02 20:43:57,589 INFO L895 garLoopResultBuilder]: At program point L857-1(lines 838 862) the Hoare annotation is: (let ((.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= ~pumpRunning~0 0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 (not (<= 2 |old(~waterLevel~0)|)) (and .cse6 .cse3 .cse4))) (let ((.cse8 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse7 (and .cse6 .cse8) .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse8) .cse5)) (or .cse7 .cse5 (not (= 0 ~systemActive~0))) (let ((.cse9 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse6 .cse9 .cse4) .cse5 (and .cse2 .cse9 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-11-02 20:43:57,589 INFO L899 garLoopResultBuilder]: For program point L758(lines 758 764) no Hoare annotation was computed. [2022-11-02 20:43:57,589 INFO L895 garLoopResultBuilder]: At program point L886(lines 879 889) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse1 (and .cse4 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse1) (or .cse2 .cse3 (and .cse4 (= ~waterLevel~0 1) .cse5) .cse1 (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-02 20:43:57,589 INFO L899 garLoopResultBuilder]: For program point L758-2(lines 754 776) no Hoare annotation was computed. [2022-11-02 20:43:57,590 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 751 777) no Hoare annotation was computed. [2022-11-02 20:43:57,590 INFO L899 garLoopResultBuilder]: For program point L561(line 561) no Hoare annotation was computed. [2022-11-02 20:43:57,590 INFO L899 garLoopResultBuilder]: For program point L846(lines 846 854) no Hoare annotation was computed. [2022-11-02 20:43:57,590 INFO L895 garLoopResultBuilder]: At program point L1003(line 1003) the Hoare annotation is: (let ((.cse6 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and (= ~pumpRunning~0 0) .cse6 .cse7)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6 .cse7))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse3 (not (= 0 ~systemActive~0))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-11-02 20:43:57,590 INFO L899 garLoopResultBuilder]: For program point L1003-1(line 1003) no Hoare annotation was computed. [2022-11-02 20:43:57,591 INFO L899 garLoopResultBuilder]: For program point L842(lines 842 859) no Hoare annotation was computed. [2022-11-02 20:43:57,591 INFO L899 garLoopResultBuilder]: For program point L1020(lines 1020 1030) no Hoare annotation was computed. [2022-11-02 20:43:57,591 INFO L899 garLoopResultBuilder]: For program point L1016(lines 1016 1033) no Hoare annotation was computed. [2022-11-02 20:43:57,591 INFO L895 garLoopResultBuilder]: At program point L1016-1(lines 1008 1036) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 0)) (.cse11 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse10 (and .cse7 .cse11)) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (not (= 0 ~systemActive~0))) (.cse9 (and (<= |timeShift_getWaterLevel_#res#1| 2) (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~10#1|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~10#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse3 .cse4))) (or .cse8 .cse0 .cse5 .cse9 .cse6) (or .cse8 .cse10 .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse11) .cse5) (or .cse8 .cse10 .cse5 .cse12) (or .cse8 .cse5 .cse12 .cse9 .cse6) (let ((.cse13 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse7 .cse13 .cse4) .cse5 (and .cse2 .cse13 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))))) [2022-11-02 20:43:57,592 INFO L895 garLoopResultBuilder]: At program point L562(lines 557 564) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse0 .cse2))) [2022-11-02 20:43:57,592 INFO L895 garLoopResultBuilder]: At program point L715(lines 710 718) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 0)) (.cse10 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse9 (and .cse7 .cse10)) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (not (= 0 ~systemActive~0))) (.cse11 (and (<= |timeShift_getWaterLevel_#res#1| 2) (<= 2 |timeShift_getWaterLevel_#res#1|))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse3 .cse4))) (or .cse8 .cse9 .cse0 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse10) .cse5) (or .cse8 .cse0 .cse5 .cse11 .cse6) (or .cse8 .cse9 .cse5 .cse12) (or .cse8 .cse5 .cse12 .cse11 .cse6) (let ((.cse13 (<= ~waterLevel~0 2))) (or .cse0 .cse1 (and .cse7 .cse13 .cse4) .cse5 (and .cse2 .cse13 .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))))) [2022-11-02 20:43:57,592 INFO L899 garLoopResultBuilder]: For program point L1021(lines 1021 1027) no Hoare annotation was computed. [2022-11-02 20:43:57,593 INFO L899 garLoopResultBuilder]: For program point L765-1(lines 765 771) no Hoare annotation was computed. [2022-11-02 20:43:57,593 INFO L895 garLoopResultBuilder]: At program point L852(line 852) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse1 (and .cse4 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse1) (or .cse2 .cse3 (and .cse4 (= ~waterLevel~0 1) .cse5) .cse1 (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-02 20:43:57,593 INFO L895 garLoopResultBuilder]: At program point L848(line 848) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse1 (and .cse4 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse1) (or .cse2 .cse3 (and .cse4 (= ~waterLevel~0 1) .cse5) .cse1 (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-02 20:43:57,593 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 751 777) the Hoare annotation is: (let ((.cse6 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and (= ~pumpRunning~0 0) .cse6 .cse7)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6 .cse7))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse3 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse3 (not (= 0 ~systemActive~0))) (or .cse2 .cse4 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-11-02 20:43:57,594 INFO L895 garLoopResultBuilder]: At program point L1005(lines 998 1007) the Hoare annotation is: (let ((.cse6 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (and (= ~pumpRunning~0 0) .cse6)) (.cse4 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6 (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse2 .cse5 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse3 (not (= 0 ~systemActive~0))) (or .cse4 .cse2 .cse5 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-11-02 20:43:57,594 INFO L895 garLoopResultBuilder]: At program point L683(lines 678 686) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse1 (and .cse4 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse1) (or .cse2 .cse3 (and .cse4 (= ~waterLevel~0 1) .cse5) .cse1 (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-02 20:43:57,594 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 751 777) no Hoare annotation was computed. [2022-11-02 20:43:57,595 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 561) no Hoare annotation was computed. [2022-11-02 20:43:57,595 INFO L899 garLoopResultBuilder]: For program point L646(lines 646 650) no Hoare annotation was computed. [2022-11-02 20:43:57,595 INFO L895 garLoopResultBuilder]: At program point L646-2(lines 642 653) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse1 (and .cse4 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse2 .cse1) (or .cse2 .cse3 (and .cse4 (= ~waterLevel~0 1) .cse5) .cse1 (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-02 20:43:57,595 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 418 447) no Hoare annotation was computed. [2022-11-02 20:43:57,595 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 418 447) the Hoare annotation is: true [2022-11-02 20:43:57,596 INFO L902 garLoopResultBuilder]: At program point L443(lines 418 447) the Hoare annotation is: true [2022-11-02 20:43:57,596 INFO L899 garLoopResultBuilder]: For program point L439(line 439) no Hoare annotation was computed. [2022-11-02 20:43:57,596 INFO L899 garLoopResultBuilder]: For program point L432(lines 432 436) no Hoare annotation was computed. [2022-11-02 20:43:57,596 INFO L902 garLoopResultBuilder]: At program point L432-1(lines 432 436) the Hoare annotation is: true [2022-11-02 20:43:57,596 INFO L899 garLoopResultBuilder]: For program point L429(line 429) no Hoare annotation was computed. [2022-11-02 20:43:57,596 INFO L902 garLoopResultBuilder]: At program point L428-2(lines 428 442) the Hoare annotation is: true [2022-11-02 20:43:57,597 INFO L902 garLoopResultBuilder]: At program point L424(line 424) the Hoare annotation is: true [2022-11-02 20:43:57,597 INFO L899 garLoopResultBuilder]: For program point L424-1(line 424) no Hoare annotation was computed. [2022-11-02 20:43:57,597 INFO L895 garLoopResultBuilder]: At program point L985(lines 973 987) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (<= ~waterLevel~0 2) (= 0 ~systemActive~0)) [2022-11-02 20:43:57,597 INFO L899 garLoopResultBuilder]: For program point L597(lines 597 603) no Hoare annotation was computed. [2022-11-02 20:43:57,597 INFO L899 garLoopResultBuilder]: For program point L597-1(lines 597 603) no Hoare annotation was computed. [2022-11-02 20:43:57,597 INFO L899 garLoopResultBuilder]: For program point L977(lines 977 983) no Hoare annotation was computed. [2022-11-02 20:43:57,598 INFO L899 garLoopResultBuilder]: For program point L977-1(lines 977 983) no Hoare annotation was computed. [2022-11-02 20:43:57,598 INFO L895 garLoopResultBuilder]: At program point L622(lines 577 624) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:43:57,598 INFO L895 garLoopResultBuilder]: At program point L589(line 589) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:43:57,598 INFO L895 garLoopResultBuilder]: At program point L552(lines 547 555) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:43:57,598 INFO L895 garLoopResultBuilder]: At program point L544(lines 540 546) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:43:57,599 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-02 20:43:57,599 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-02 20:43:57,599 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-02 20:43:57,599 INFO L895 garLoopResultBuilder]: At program point L995(lines 990 997) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:43:57,599 INFO L899 garLoopResultBuilder]: For program point L578(lines 577 624) no Hoare annotation was computed. [2022-11-02 20:43:57,599 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-02 20:43:57,600 INFO L895 garLoopResultBuilder]: At program point L479(lines 475 481) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:43:57,600 INFO L899 garLoopResultBuilder]: For program point L607(lines 607 620) no Hoare annotation was computed. [2022-11-02 20:43:57,600 INFO L899 garLoopResultBuilder]: For program point L508(lines 508 515) no Hoare annotation was computed. [2022-11-02 20:43:57,600 INFO L899 garLoopResultBuilder]: For program point L508-2(lines 508 515) no Hoare annotation was computed. [2022-11-02 20:43:57,600 INFO L895 garLoopResultBuilder]: At program point L537(lines 533 539) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-02 20:43:57,601 INFO L895 garLoopResultBuilder]: At program point L599(line 599) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:43:57,601 INFO L902 garLoopResultBuilder]: At program point L628(lines 567 632) the Hoare annotation is: true [2022-11-02 20:43:57,601 INFO L895 garLoopResultBuilder]: At program point L979(line 979) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse1 (<= ~waterLevel~0 2))) (or (and (= 1 ~systemActive~0) .cse0 .cse1) (and (<= 2 ~waterLevel~0) .cse0 .cse1 (not (= 0 ~systemActive~0))))) [2022-11-02 20:43:57,601 INFO L902 garLoopResultBuilder]: At program point L492(lines 484 494) the Hoare annotation is: true [2022-11-02 20:43:57,601 INFO L899 garLoopResultBuilder]: For program point L587(lines 587 593) no Hoare annotation was computed. [2022-11-02 20:43:57,601 INFO L899 garLoopResultBuilder]: For program point L587-1(lines 587 593) no Hoare annotation was computed. [2022-11-02 20:43:57,602 INFO L902 garLoopResultBuilder]: At program point L517(lines 498 520) the Hoare annotation is: true [2022-11-02 20:43:57,602 INFO L899 garLoopResultBuilder]: For program point L579(lines 579 583) no Hoare annotation was computed. [2022-11-02 20:43:57,602 INFO L895 garLoopResultBuilder]: At program point L625(lines 576 626) the Hoare annotation is: false [2022-11-02 20:43:57,602 INFO L899 garLoopResultBuilder]: For program point L613(lines 613 619) no Hoare annotation was computed. [2022-11-02 20:43:57,602 INFO L895 garLoopResultBuilder]: At program point L613-2(lines 607 620) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-02 20:43:57,603 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 786 810) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 .cse1))) [2022-11-02 20:43:57,603 INFO L895 garLoopResultBuilder]: At program point L950(lines 935 953) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2)))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)) .cse2 (and .cse1 (<= 2 ~waterLevel~0)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:43:57,603 INFO L899 garLoopResultBuilder]: For program point L723(lines 723 729) no Hoare annotation was computed. [2022-11-02 20:43:57,603 INFO L899 garLoopResultBuilder]: For program point L944(lines 944 948) no Hoare annotation was computed. [2022-11-02 20:43:57,603 INFO L899 garLoopResultBuilder]: For program point L944-2(lines 944 948) no Hoare annotation was computed. [2022-11-02 20:43:57,604 INFO L895 garLoopResultBuilder]: At program point L868(lines 863 870) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0)) .cse0 .cse1))) [2022-11-02 20:43:57,604 INFO L895 garLoopResultBuilder]: At program point L800(line 800) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| 0)) .cse1) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:43:57,604 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 786 810) no Hoare annotation was computed. [2022-11-02 20:43:57,604 INFO L899 garLoopResultBuilder]: For program point L794(lines 794 802) no Hoare annotation was computed. [2022-11-02 20:43:57,605 INFO L895 garLoopResultBuilder]: At program point L728(lines 719 732) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (and .cse2 (<= 2 ~waterLevel~0)) (and (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1|) .cse2))))) [2022-11-02 20:43:57,605 INFO L899 garLoopResultBuilder]: For program point L790(lines 790 807) no Hoare annotation was computed. [2022-11-02 20:43:57,605 INFO L895 garLoopResultBuilder]: At program point L805(line 805) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2022-11-02 20:43:57,605 INFO L899 garLoopResultBuilder]: For program point L805-1(lines 786 810) no Hoare annotation was computed. [2022-11-02 20:43:57,605 INFO L899 garLoopResultBuilder]: For program point L658-1(lines 654 665) no Hoare annotation was computed. [2022-11-02 20:43:57,605 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 654 665) no Hoare annotation was computed. [2022-11-02 20:43:57,606 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 654 665) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~pumpRunning~0))) (.cse4 (not (= ~pumpRunning~0 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 .cse2 .cse3 (not (= 0 ~systemActive~0))) (or .cse4 .cse0 .cse2 .cse3))) [2022-11-02 20:43:57,606 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 812 836) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 .cse1))) [2022-11-02 20:43:57,606 INFO L895 garLoopResultBuilder]: At program point L826(line 826) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2022-11-02 20:43:57,607 INFO L895 garLoopResultBuilder]: At program point L822(line 822) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2022-11-02 20:43:57,607 INFO L899 garLoopResultBuilder]: For program point L820(lines 820 828) no Hoare annotation was computed. [2022-11-02 20:43:57,607 INFO L899 garLoopResultBuilder]: For program point L816(lines 816 833) no Hoare annotation was computed. [2022-11-02 20:43:57,607 INFO L895 garLoopResultBuilder]: At program point L969(lines 954 972) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2022-11-02 20:43:57,607 INFO L899 garLoopResultBuilder]: For program point L963(lines 963 967) no Hoare annotation was computed. [2022-11-02 20:43:57,608 INFO L895 garLoopResultBuilder]: At program point L738(lines 733 741) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2022-11-02 20:43:57,608 INFO L899 garLoopResultBuilder]: For program point L963-2(lines 963 967) no Hoare annotation was computed. [2022-11-02 20:43:57,608 INFO L895 garLoopResultBuilder]: At program point L831(line 831) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 .cse1) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-02 20:43:57,608 INFO L899 garLoopResultBuilder]: For program point L831-1(lines 812 836) no Hoare annotation was computed. [2022-11-02 20:43:57,608 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 812 836) no Hoare annotation was computed. [2022-11-02 20:43:57,608 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 890 898) no Hoare annotation was computed. [2022-11-02 20:43:57,609 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 890 898) the Hoare annotation is: true [2022-11-02 20:43:57,609 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 890 898) no Hoare annotation was computed. [2022-11-02 20:43:57,612 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-02 20:43:57,615 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-02 20:43:57,660 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 02.11 08:43:57 BoogieIcfgContainer [2022-11-02 20:43:57,660 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-02 20:43:57,661 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-02 20:43:57,661 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-02 20:43:57,661 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-02 20:43:57,662 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 02.11 08:43:44" (3/4) ... [2022-11-02 20:43:57,665 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-02 20:43:57,673 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-02 20:43:57,673 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-02 20:43:57,673 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-02 20:43:57,673 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-02 20:43:57,673 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-02 20:43:57,674 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-02 20:43:57,674 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-02 20:43:57,674 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-11-02 20:43:57,674 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-02 20:43:57,683 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 55 nodes and edges [2022-11-02 20:43:57,683 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-11-02 20:43:57,684 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-11-02 20:43:57,684 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-02 20:43:57,685 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-02 20:43:57,685 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-02 20:43:57,686 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-02 20:43:57,713 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:43:57,713 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-11-02 20:43:57,714 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (((\result <= 2 && 1 < tmp) && tmp <= 2) && 2 <= \result)) || !(2 <= \old(waterLevel)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || (((\result <= 2 && 1 < tmp) && tmp <= 2) && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:43:57,714 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:43:57,715 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-11-02 20:43:57,715 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-02 20:43:57,716 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-11-02 20:43:57,716 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-11-02 20:43:57,716 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) [2022-11-02 20:43:57,717 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || (1 <= \result && pumpRunning == 0)) [2022-11-02 20:43:57,717 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) [2022-11-02 20:43:57,717 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && tmp___0 == 0) && \result == 0)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) [2022-11-02 20:43:57,718 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) [2022-11-02 20:43:57,743 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/witness.graphml [2022-11-02 20:43:57,743 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-02 20:43:57,744 INFO L158 Benchmark]: Toolchain (without parser) took 15130.90ms. Allocated memory was 109.1MB in the beginning and 176.2MB in the end (delta: 67.1MB). Free memory was 69.6MB in the beginning and 108.4MB in the end (delta: -38.8MB). Peak memory consumption was 28.6MB. Max. memory is 16.1GB. [2022-11-02 20:43:57,744 INFO L158 Benchmark]: CDTParser took 0.21ms. Allocated memory is still 109.1MB. Free memory is still 87.5MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-02 20:43:57,745 INFO L158 Benchmark]: CACSL2BoogieTranslator took 532.76ms. Allocated memory is still 109.1MB. Free memory was 69.4MB in the beginning and 75.2MB in the end (delta: -5.8MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-11-02 20:43:57,745 INFO L158 Benchmark]: Boogie Procedure Inliner took 77.84ms. Allocated memory is still 109.1MB. Free memory was 75.2MB in the beginning and 72.5MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-02 20:43:57,745 INFO L158 Benchmark]: Boogie Preprocessor took 59.27ms. Allocated memory is still 109.1MB. Free memory was 72.5MB in the beginning and 70.7MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-02 20:43:57,746 INFO L158 Benchmark]: RCFGBuilder took 732.44ms. Allocated memory is still 109.1MB. Free memory was 70.7MB in the beginning and 50.5MB in the end (delta: 20.2MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-02 20:43:57,746 INFO L158 Benchmark]: TraceAbstraction took 13639.12ms. Allocated memory was 109.1MB in the beginning and 176.2MB in the end (delta: 67.1MB). Free memory was 49.7MB in the beginning and 115.8MB in the end (delta: -66.0MB). Peak memory consumption was 71.4MB. Max. memory is 16.1GB. [2022-11-02 20:43:57,746 INFO L158 Benchmark]: Witness Printer took 82.73ms. Allocated memory is still 176.2MB. Free memory was 114.7MB in the beginning and 108.4MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-02 20:43:57,748 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.21ms. Allocated memory is still 109.1MB. Free memory is still 87.5MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 532.76ms. Allocated memory is still 109.1MB. Free memory was 69.4MB in the beginning and 75.2MB in the end (delta: -5.8MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 77.84ms. Allocated memory is still 109.1MB. Free memory was 75.2MB in the beginning and 72.5MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 59.27ms. Allocated memory is still 109.1MB. Free memory was 72.5MB in the beginning and 70.7MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 732.44ms. Allocated memory is still 109.1MB. Free memory was 70.7MB in the beginning and 50.5MB in the end (delta: 20.2MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 13639.12ms. Allocated memory was 109.1MB in the beginning and 176.2MB in the end (delta: 67.1MB). Free memory was 49.7MB in the beginning and 115.8MB in the end (delta: -66.0MB). Peak memory consumption was 71.4MB. Max. memory is 16.1GB. * Witness Printer took 82.73ms. Allocated memory is still 176.2MB. Free memory was 114.7MB in the beginning and 108.4MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 561]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 109 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 13.5s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 4.2s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 5.6s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2227 SdHoareTripleChecker+Valid, 2.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2184 mSDsluCounter, 4522 SdHoareTripleChecker+Invalid, 2.0s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3060 mSDsCounter, 811 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 2475 IncrementalHoareTripleChecker+Invalid, 3286 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 811 mSolverCounterUnsat, 1462 mSDtfsCounter, 2475 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 450 GetRequests, 333 SyntacticMatches, 5 SemanticMatches, 112 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 662 ImplicationChecksByTransitivity, 1.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1048occurred in iteration=8, InterpolantAutomatonStates: 106, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 10 MinimizatonAttempts, 249 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 51 LocationsWithAnnotation, 1781 PreInvPairs, 2006 NumberOfFragments, 2340 HoareAnnotationTreeSize, 1781 FomulaSimplifications, 2017 FormulaSimplificationTreeSizeReduction, 0.5s HoareSimplificationTime, 51 FomulaSimplificationsInter, 11274 FormulaSimplificationTreeSizeReductionInter, 5.0s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 2.3s InterpolantComputationTime, 679 NumberOfCodeBlocks, 679 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 776 ConstructedInterpolants, 0 QuantifiedInterpolants, 1593 SizeOfPredicates, 3 NumberOfNonLiveVariables, 506 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 121/162 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 678]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 990]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 935]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && tmp___0 == 0) && \result == 0)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 540]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 547]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 557]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 418]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 428]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 998]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 863]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(waterLevel <= 2)) - InvariantResult [Line: 642]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 567]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 533]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 498]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 484]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 879]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 719]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (pumpRunning == 0 && 2 <= waterLevel)) || (1 <= \result && pumpRunning == 0)) - InvariantResult [Line: 710]: Loop Invariant Derived loop invariant: (((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || (\result <= 2 && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 1008]: Loop Invariant Derived loop invariant: (((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (((\result <= 2 && 1 < tmp) && tmp <= 2) && 2 <= \result)) || !(2 <= \old(waterLevel)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) || (((\result <= 2 && 1 < tmp) && tmp <= 2) && 2 <= \result)) || !(2 <= \old(waterLevel)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 576]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 733]: Loop Invariant Derived loop invariant: ((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) - InvariantResult [Line: 838]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || ((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS)) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((pumpRunning == 0 && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 577]: Loop Invariant Derived loop invariant: ((((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive)) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 954]: Loop Invariant Derived loop invariant: ((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 2)) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) - InvariantResult [Line: 973]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive - InvariantResult [Line: 475]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 RESULT: Ultimate proved your program to be correct! [2022-11-02 20:43:57,812 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_1e86a1af-5cf1-443a-a231-8379e4a259fa/bin/uautomizer-Dbtcem3rbc/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE