./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product37.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e04fb08f Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product37.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 3ab30b3db91b0e47e6f9b2ed9ba465facc49148e5cdc1cad78e4808ba0c7de84 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-e04fb08 [2022-11-16 11:37:31,260 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-16 11:37:31,263 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-16 11:37:31,300 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-16 11:37:31,301 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-16 11:37:31,307 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-16 11:37:31,311 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-16 11:37:31,316 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-16 11:37:31,319 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-16 11:37:31,327 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-16 11:37:31,329 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-16 11:37:31,331 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-16 11:37:31,332 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-16 11:37:31,335 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-16 11:37:31,337 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-16 11:37:31,339 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-16 11:37:31,341 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-16 11:37:31,342 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-16 11:37:31,344 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-16 11:37:31,349 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-16 11:37:31,357 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-16 11:37:31,359 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-16 11:37:31,360 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-16 11:37:31,363 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-16 11:37:31,367 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-16 11:37:31,369 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-16 11:37:31,370 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-16 11:37:31,372 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-16 11:37:31,372 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-16 11:37:31,374 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-16 11:37:31,375 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-16 11:37:31,376 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-16 11:37:31,378 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-16 11:37:31,381 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-16 11:37:31,382 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-16 11:37:31,383 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-16 11:37:31,383 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-16 11:37:31,384 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-16 11:37:31,384 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-16 11:37:31,385 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-16 11:37:31,386 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-16 11:37:31,387 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-16 11:37:31,438 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-16 11:37:31,438 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-16 11:37:31,439 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-16 11:37:31,439 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-16 11:37:31,440 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-16 11:37:31,440 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-16 11:37:31,441 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-16 11:37:31,441 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-16 11:37:31,441 INFO L138 SettingsManager]: * Use SBE=true [2022-11-16 11:37:31,442 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-16 11:37:31,443 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-16 11:37:31,443 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-16 11:37:31,443 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-16 11:37:31,444 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-16 11:37:31,444 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-16 11:37:31,444 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-16 11:37:31,444 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-16 11:37:31,444 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-16 11:37:31,445 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-16 11:37:31,445 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-16 11:37:31,445 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-16 11:37:31,445 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-16 11:37:31,446 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-16 11:37:31,446 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-16 11:37:31,446 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 11:37:31,446 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-16 11:37:31,448 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-16 11:37:31,448 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-16 11:37:31,449 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-16 11:37:31,449 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-16 11:37:31,449 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-16 11:37:31,449 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-16 11:37:31,450 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-16 11:37:31,450 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 3ab30b3db91b0e47e6f9b2ed9ba465facc49148e5cdc1cad78e4808ba0c7de84 [2022-11-16 11:37:31,818 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-16 11:37:31,858 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-16 11:37:31,861 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-16 11:37:31,863 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-16 11:37:31,864 INFO L275 PluginConnector]: CDTParser initialized [2022-11-16 11:37:31,866 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/../../sv-benchmarks/c/product-lines/minepump_spec5_product37.cil.c [2022-11-16 11:37:31,948 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/data/83e0c2e64/c9f1aa935119433a97a443af00be507c/FLAG470bc950f [2022-11-16 11:37:32,634 INFO L306 CDTParser]: Found 1 translation units. [2022-11-16 11:37:32,635 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/sv-benchmarks/c/product-lines/minepump_spec5_product37.cil.c [2022-11-16 11:37:32,657 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/data/83e0c2e64/c9f1aa935119433a97a443af00be507c/FLAG470bc950f [2022-11-16 11:37:32,895 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/data/83e0c2e64/c9f1aa935119433a97a443af00be507c [2022-11-16 11:37:32,898 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-16 11:37:32,900 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-16 11:37:32,910 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-16 11:37:32,910 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-16 11:37:32,914 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-16 11:37:32,916 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 11:37:32" (1/1) ... [2022-11-16 11:37:32,918 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@44c27f6c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:32, skipping insertion in model container [2022-11-16 11:37:32,920 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 11:37:32" (1/1) ... [2022-11-16 11:37:32,929 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-16 11:37:33,005 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-16 11:37:33,409 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/sv-benchmarks/c/product-lines/minepump_spec5_product37.cil.c[5071,5084] [2022-11-16 11:37:33,553 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 11:37:33,564 INFO L203 MainTranslator]: Completed pre-run [2022-11-16 11:37:33,592 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/sv-benchmarks/c/product-lines/minepump_spec5_product37.cil.c[5071,5084] [2022-11-16 11:37:33,670 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 11:37:33,694 INFO L208 MainTranslator]: Completed translation [2022-11-16 11:37:33,694 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33 WrapperNode [2022-11-16 11:37:33,694 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-16 11:37:33,696 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-16 11:37:33,697 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-16 11:37:33,697 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-16 11:37:33,705 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,733 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,776 INFO L138 Inliner]: procedures = 55, calls = 156, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 256 [2022-11-16 11:37:33,777 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-16 11:37:33,778 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-16 11:37:33,778 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-16 11:37:33,779 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-16 11:37:33,790 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,790 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,793 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,794 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,799 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,817 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,819 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,821 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,824 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-16 11:37:33,825 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-16 11:37:33,825 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-16 11:37:33,825 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-16 11:37:33,826 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (1/1) ... [2022-11-16 11:37:33,833 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 11:37:33,847 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:37:33,863 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-16 11:37:33,886 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-16 11:37:33,911 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-16 11:37:33,911 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-16 11:37:33,912 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-16 11:37:33,912 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-16 11:37:33,912 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-16 11:37:33,912 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-16 11:37:33,913 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-16 11:37:33,913 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:37:33,913 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:37:33,913 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-16 11:37:33,914 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-16 11:37:33,914 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-16 11:37:33,914 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-16 11:37:33,914 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-16 11:37:33,915 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-16 11:37:33,915 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-16 11:37:33,915 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-16 11:37:33,916 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-16 11:37:34,007 INFO L235 CfgBuilder]: Building ICFG [2022-11-16 11:37:34,010 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-16 11:37:34,482 INFO L276 CfgBuilder]: Performing block encoding [2022-11-16 11:37:34,494 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-16 11:37:34,495 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-16 11:37:34,497 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:37:34 BoogieIcfgContainer [2022-11-16 11:37:34,497 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-16 11:37:34,500 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-16 11:37:34,500 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-16 11:37:34,504 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-16 11:37:34,505 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 16.11 11:37:32" (1/3) ... [2022-11-16 11:37:34,506 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4626e5a4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 11:37:34, skipping insertion in model container [2022-11-16 11:37:34,506 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:37:33" (2/3) ... [2022-11-16 11:37:34,507 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4626e5a4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 11:37:34, skipping insertion in model container [2022-11-16 11:37:34,507 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:37:34" (3/3) ... [2022-11-16 11:37:34,509 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product37.cil.c [2022-11-16 11:37:34,533 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-16 11:37:34,534 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-16 11:37:34,611 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-16 11:37:34,620 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@ed64bb1, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-16 11:37:34,620 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-16 11:37:34,629 INFO L276 IsEmpty]: Start isEmpty. Operand has 90 states, 69 states have (on average 1.3768115942028984) internal successors, (95), 77 states have internal predecessors, (95), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-11-16 11:37:34,646 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-16 11:37:34,647 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:34,648 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:34,650 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:34,660 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:34,661 INFO L85 PathProgramCache]: Analyzing trace with hash 1723855951, now seen corresponding path program 1 times [2022-11-16 11:37:34,673 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:34,673 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [753425733] [2022-11-16 11:37:34,674 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:34,675 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:34,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:34,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-16 11:37:34,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:34,994 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-16 11:37:34,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,002 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:35,002 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:35,003 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [753425733] [2022-11-16 11:37:35,004 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [753425733] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:35,004 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:35,005 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-16 11:37:35,007 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1224663089] [2022-11-16 11:37:35,008 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:35,014 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-16 11:37:35,015 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:35,049 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-16 11:37:35,050 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 11:37:35,053 INFO L87 Difference]: Start difference. First operand has 90 states, 69 states have (on average 1.3768115942028984) internal successors, (95), 77 states have internal predecessors, (95), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:37:35,096 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:35,097 INFO L93 Difference]: Finished difference Result 171 states and 232 transitions. [2022-11-16 11:37:35,098 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-16 11:37:35,100 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-16 11:37:35,101 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:35,112 INFO L225 Difference]: With dead ends: 171 [2022-11-16 11:37:35,113 INFO L226 Difference]: Without dead ends: 81 [2022-11-16 11:37:35,118 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 11:37:35,122 INFO L413 NwaCegarLoop]: 113 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 113 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:35,124 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 113 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:37:35,147 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 81 states. [2022-11-16 11:37:35,195 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 81 to 81. [2022-11-16 11:37:35,197 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 81 states, 62 states have (on average 1.3064516129032258) internal successors, (81), 69 states have internal predecessors, (81), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-11-16 11:37:35,210 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 81 states to 81 states and 104 transitions. [2022-11-16 11:37:35,213 INFO L78 Accepts]: Start accepts. Automaton has 81 states and 104 transitions. Word has length 32 [2022-11-16 11:37:35,214 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:35,215 INFO L495 AbstractCegarLoop]: Abstraction has 81 states and 104 transitions. [2022-11-16 11:37:35,216 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:37:35,217 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 104 transitions. [2022-11-16 11:37:35,225 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-11-16 11:37:35,226 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:35,227 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:35,227 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-16 11:37:35,228 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:35,229 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:35,231 INFO L85 PathProgramCache]: Analyzing trace with hash 1706700211, now seen corresponding path program 1 times [2022-11-16 11:37:35,232 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:35,232 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [660225960] [2022-11-16 11:37:35,233 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:35,233 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:35,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:37:35,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-11-16 11:37:35,469 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,472 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:35,473 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:35,473 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [660225960] [2022-11-16 11:37:35,474 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [660225960] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:35,474 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:35,474 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 11:37:35,475 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [459485083] [2022-11-16 11:37:35,475 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:35,476 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 11:37:35,477 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:35,478 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 11:37:35,478 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:37:35,479 INFO L87 Difference]: Start difference. First operand 81 states and 104 transitions. Second operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:37:35,509 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:35,510 INFO L93 Difference]: Finished difference Result 154 states and 203 transitions. [2022-11-16 11:37:35,511 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 11:37:35,511 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-11-16 11:37:35,512 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:35,513 INFO L225 Difference]: With dead ends: 154 [2022-11-16 11:37:35,513 INFO L226 Difference]: Without dead ends: 81 [2022-11-16 11:37:35,515 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:37:35,517 INFO L413 NwaCegarLoop]: 102 mSDtfsCounter, 81 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 81 SdHoareTripleChecker+Valid, 102 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:35,518 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [81 Valid, 102 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:37:35,519 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 81 states. [2022-11-16 11:37:35,531 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 81 to 81. [2022-11-16 11:37:35,531 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 81 states, 62 states have (on average 1.2903225806451613) internal successors, (80), 69 states have internal predecessors, (80), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-11-16 11:37:35,533 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 81 states to 81 states and 103 transitions. [2022-11-16 11:37:35,534 INFO L78 Accepts]: Start accepts. Automaton has 81 states and 103 transitions. Word has length 37 [2022-11-16 11:37:35,535 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:35,535 INFO L495 AbstractCegarLoop]: Abstraction has 81 states and 103 transitions. [2022-11-16 11:37:35,536 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:37:35,536 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 103 transitions. [2022-11-16 11:37:35,538 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-11-16 11:37:35,538 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:35,538 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:35,539 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-16 11:37:35,539 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:35,540 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:35,540 INFO L85 PathProgramCache]: Analyzing trace with hash -734632956, now seen corresponding path program 1 times [2022-11-16 11:37:35,540 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:35,541 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [263110828] [2022-11-16 11:37:35,541 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:35,541 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:35,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-16 11:37:35,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-11-16 11:37:35,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,658 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:35,658 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:35,659 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [263110828] [2022-11-16 11:37:35,659 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [263110828] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:35,659 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:35,660 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 11:37:35,660 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [835021108] [2022-11-16 11:37:35,660 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:35,661 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 11:37:35,661 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:35,662 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 11:37:35,662 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:37:35,662 INFO L87 Difference]: Start difference. First operand 81 states and 103 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:37:35,681 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:35,682 INFO L93 Difference]: Finished difference Result 127 states and 161 transitions. [2022-11-16 11:37:35,682 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 11:37:35,683 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 39 [2022-11-16 11:37:35,683 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:35,684 INFO L225 Difference]: With dead ends: 127 [2022-11-16 11:37:35,684 INFO L226 Difference]: Without dead ends: 72 [2022-11-16 11:37:35,685 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:37:35,687 INFO L413 NwaCegarLoop]: 90 mSDtfsCounter, 12 mSDsluCounter, 74 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 164 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:35,688 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [15 Valid, 164 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:37:35,689 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 72 states. [2022-11-16 11:37:35,699 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 72 to 72. [2022-11-16 11:37:35,700 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 72 states, 56 states have (on average 1.3035714285714286) internal successors, (73), 63 states have internal predecessors, (73), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-11-16 11:37:35,701 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 72 states to 72 states and 91 transitions. [2022-11-16 11:37:35,702 INFO L78 Accepts]: Start accepts. Automaton has 72 states and 91 transitions. Word has length 39 [2022-11-16 11:37:35,702 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:35,702 INFO L495 AbstractCegarLoop]: Abstraction has 72 states and 91 transitions. [2022-11-16 11:37:35,703 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:37:35,703 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 91 transitions. [2022-11-16 11:37:35,704 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 44 [2022-11-16 11:37:35,704 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:35,705 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:35,705 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-16 11:37:35,705 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:35,706 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:35,706 INFO L85 PathProgramCache]: Analyzing trace with hash 2032099452, now seen corresponding path program 1 times [2022-11-16 11:37:35,706 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:35,707 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1408387253] [2022-11-16 11:37:35,707 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:35,707 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:35,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,881 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:37:35,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2022-11-16 11:37:35,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:35,911 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:35,914 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:35,914 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1408387253] [2022-11-16 11:37:35,914 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1408387253] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:35,915 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:35,915 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 11:37:35,915 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1829657272] [2022-11-16 11:37:35,916 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:35,918 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 11:37:35,918 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:35,919 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 11:37:35,920 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:37:35,920 INFO L87 Difference]: Start difference. First operand 72 states and 91 transitions. Second operand has 3 states, 3 states have (on average 12.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:37:36,013 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:36,016 INFO L93 Difference]: Finished difference Result 183 states and 238 transitions. [2022-11-16 11:37:36,016 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 11:37:36,017 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 12.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 43 [2022-11-16 11:37:36,017 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:36,019 INFO L225 Difference]: With dead ends: 183 [2022-11-16 11:37:36,020 INFO L226 Difference]: Without dead ends: 119 [2022-11-16 11:37:36,022 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:37:36,028 INFO L413 NwaCegarLoop]: 110 mSDtfsCounter, 54 mSDsluCounter, 63 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 54 SdHoareTripleChecker+Valid, 173 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:36,029 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [54 Valid, 173 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:37:36,030 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 119 states. [2022-11-16 11:37:36,055 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 119 to 117. [2022-11-16 11:37:36,058 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 117 states, 90 states have (on average 1.288888888888889) internal successors, (116), 97 states have internal predecessors, (116), 14 states have call successors, (14), 12 states have call predecessors, (14), 12 states have return successors, (18), 14 states have call predecessors, (18), 14 states have call successors, (18) [2022-11-16 11:37:36,063 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 117 states to 117 states and 148 transitions. [2022-11-16 11:37:36,064 INFO L78 Accepts]: Start accepts. Automaton has 117 states and 148 transitions. Word has length 43 [2022-11-16 11:37:36,064 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:36,065 INFO L495 AbstractCegarLoop]: Abstraction has 117 states and 148 transitions. [2022-11-16 11:37:36,065 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 12.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:37:36,066 INFO L276 IsEmpty]: Start isEmpty. Operand 117 states and 148 transitions. [2022-11-16 11:37:36,072 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-16 11:37:36,076 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:36,076 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:36,076 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-16 11:37:36,077 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:36,078 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:36,078 INFO L85 PathProgramCache]: Analyzing trace with hash -870205615, now seen corresponding path program 1 times [2022-11-16 11:37:36,078 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:36,079 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [875273094] [2022-11-16 11:37:36,080 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:36,080 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:36,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:37:36,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,259 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-16 11:37:36,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,340 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-16 11:37:36,342 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,344 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:36,344 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:36,345 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [875273094] [2022-11-16 11:37:36,345 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [875273094] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:36,345 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:36,346 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 11:37:36,346 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [748412571] [2022-11-16 11:37:36,346 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:36,347 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:37:36,347 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:36,348 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:37:36,348 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 11:37:36,348 INFO L87 Difference]: Start difference. First operand 117 states and 148 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:37:36,561 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:36,562 INFO L93 Difference]: Finished difference Result 258 states and 334 transitions. [2022-11-16 11:37:36,562 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 11:37:36,563 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-11-16 11:37:36,563 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:36,565 INFO L225 Difference]: With dead ends: 258 [2022-11-16 11:37:36,565 INFO L226 Difference]: Without dead ends: 149 [2022-11-16 11:37:36,567 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:37:36,568 INFO L413 NwaCegarLoop]: 85 mSDtfsCounter, 63 mSDsluCounter, 282 mSDsCounter, 0 mSdLazyCounter, 117 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 66 SdHoareTripleChecker+Valid, 367 SdHoareTripleChecker+Invalid, 136 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 117 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:36,569 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [66 Valid, 367 Invalid, 136 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 117 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:37:36,570 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 149 states. [2022-11-16 11:37:36,595 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 149 to 144. [2022-11-16 11:37:36,595 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 144 states, 112 states have (on average 1.2857142857142858) internal successors, (144), 119 states have internal predecessors, (144), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-11-16 11:37:36,597 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 144 states to 144 states and 183 transitions. [2022-11-16 11:37:36,597 INFO L78 Accepts]: Start accepts. Automaton has 144 states and 183 transitions. Word has length 51 [2022-11-16 11:37:36,598 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:36,598 INFO L495 AbstractCegarLoop]: Abstraction has 144 states and 183 transitions. [2022-11-16 11:37:36,599 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:37:36,599 INFO L276 IsEmpty]: Start isEmpty. Operand 144 states and 183 transitions. [2022-11-16 11:37:36,600 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-16 11:37:36,600 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:36,600 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:36,601 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-16 11:37:36,601 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:36,602 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:36,602 INFO L85 PathProgramCache]: Analyzing trace with hash 1735817939, now seen corresponding path program 1 times [2022-11-16 11:37:36,602 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:36,603 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1474288839] [2022-11-16 11:37:36,603 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:36,603 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:36,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:37:36,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-16 11:37:36,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,775 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-16 11:37:36,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:36,779 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:36,779 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:36,779 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1474288839] [2022-11-16 11:37:36,780 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1474288839] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:36,780 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:36,780 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 11:37:36,781 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1571613810] [2022-11-16 11:37:36,781 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:36,781 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:37:36,782 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:36,782 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:37:36,783 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 11:37:36,783 INFO L87 Difference]: Start difference. First operand 144 states and 183 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-16 11:37:37,017 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:37,017 INFO L93 Difference]: Finished difference Result 293 states and 383 transitions. [2022-11-16 11:37:37,018 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 11:37:37,018 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 51 [2022-11-16 11:37:37,019 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:37,023 INFO L225 Difference]: With dead ends: 293 [2022-11-16 11:37:37,024 INFO L226 Difference]: Without dead ends: 157 [2022-11-16 11:37:37,026 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=56, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:37:37,035 INFO L413 NwaCegarLoop]: 86 mSDtfsCounter, 137 mSDsluCounter, 198 mSDsCounter, 0 mSdLazyCounter, 102 mSolverCounterSat, 35 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 140 SdHoareTripleChecker+Valid, 284 SdHoareTripleChecker+Invalid, 137 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 35 IncrementalHoareTripleChecker+Valid, 102 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:37,043 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [140 Valid, 284 Invalid, 137 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [35 Valid, 102 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:37:37,044 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 157 states. [2022-11-16 11:37:37,064 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 157 to 146. [2022-11-16 11:37:37,065 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 146 states, 114 states have (on average 1.280701754385965) internal successors, (146), 121 states have internal predecessors, (146), 16 states have call successors, (16), 12 states have call predecessors, (16), 15 states have return successors, (23), 17 states have call predecessors, (23), 16 states have call successors, (23) [2022-11-16 11:37:37,066 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 146 states to 146 states and 185 transitions. [2022-11-16 11:37:37,066 INFO L78 Accepts]: Start accepts. Automaton has 146 states and 185 transitions. Word has length 51 [2022-11-16 11:37:37,067 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:37,067 INFO L495 AbstractCegarLoop]: Abstraction has 146 states and 185 transitions. [2022-11-16 11:37:37,067 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-16 11:37:37,068 INFO L276 IsEmpty]: Start isEmpty. Operand 146 states and 185 transitions. [2022-11-16 11:37:37,068 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-16 11:37:37,069 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:37,069 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:37,069 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-16 11:37:37,069 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:37,070 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:37,070 INFO L85 PathProgramCache]: Analyzing trace with hash -2136447531, now seen corresponding path program 1 times [2022-11-16 11:37:37,070 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:37,071 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [303488131] [2022-11-16 11:37:37,071 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:37,071 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:37,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:37:37,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-16 11:37:37,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-16 11:37:37,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,272 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:37,272 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:37,272 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [303488131] [2022-11-16 11:37:37,273 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [303488131] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:37,273 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:37,273 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-16 11:37:37,273 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [644356314] [2022-11-16 11:37:37,274 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:37,276 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-16 11:37:37,276 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:37,277 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-16 11:37:37,278 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 11:37:37,278 INFO L87 Difference]: Start difference. First operand 146 states and 185 transitions. Second operand has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:37:37,603 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:37,603 INFO L93 Difference]: Finished difference Result 421 states and 552 transitions. [2022-11-16 11:37:37,604 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 11:37:37,605 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-11-16 11:37:37,607 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:37,614 INFO L225 Difference]: With dead ends: 421 [2022-11-16 11:37:37,614 INFO L226 Difference]: Without dead ends: 283 [2022-11-16 11:37:37,615 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-16 11:37:37,623 INFO L413 NwaCegarLoop]: 134 mSDtfsCounter, 210 mSDsluCounter, 164 mSDsCounter, 0 mSdLazyCounter, 161 mSolverCounterSat, 59 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 217 SdHoareTripleChecker+Valid, 298 SdHoareTripleChecker+Invalid, 220 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 59 IncrementalHoareTripleChecker+Valid, 161 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:37,628 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [217 Valid, 298 Invalid, 220 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [59 Valid, 161 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:37:37,632 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 283 states. [2022-11-16 11:37:37,710 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 283 to 275. [2022-11-16 11:37:37,713 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 275 states, 211 states have (on average 1.2559241706161137) internal successors, (265), 222 states have internal predecessors, (265), 34 states have call successors, (34), 28 states have call predecessors, (34), 29 states have return successors, (53), 34 states have call predecessors, (53), 34 states have call successors, (53) [2022-11-16 11:37:37,718 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 275 states to 275 states and 352 transitions. [2022-11-16 11:37:37,719 INFO L78 Accepts]: Start accepts. Automaton has 275 states and 352 transitions. Word has length 51 [2022-11-16 11:37:37,720 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:37,721 INFO L495 AbstractCegarLoop]: Abstraction has 275 states and 352 transitions. [2022-11-16 11:37:37,721 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:37:37,721 INFO L276 IsEmpty]: Start isEmpty. Operand 275 states and 352 transitions. [2022-11-16 11:37:37,730 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2022-11-16 11:37:37,731 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:37,732 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:37,732 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-16 11:37:37,733 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:37,733 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:37,733 INFO L85 PathProgramCache]: Analyzing trace with hash -1858186128, now seen corresponding path program 1 times [2022-11-16 11:37:37,734 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:37,734 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [465694706] [2022-11-16 11:37:37,734 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:37,734 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:37,765 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,926 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:37:37,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-16 11:37:37,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:37:37,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 45 [2022-11-16 11:37:37,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:37,968 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-16 11:37:37,968 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:37,968 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [465694706] [2022-11-16 11:37:37,969 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [465694706] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:37,969 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:37,969 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-11-16 11:37:37,969 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [555081616] [2022-11-16 11:37:37,969 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:37,970 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-11-16 11:37:37,970 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:37,970 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-11-16 11:37:37,971 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-11-16 11:37:37,971 INFO L87 Difference]: Start difference. First operand 275 states and 352 transitions. Second operand has 7 states, 7 states have (on average 6.285714285714286) internal successors, (44), 5 states have internal predecessors, (44), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) [2022-11-16 11:37:38,339 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:38,340 INFO L93 Difference]: Finished difference Result 558 states and 727 transitions. [2022-11-16 11:37:38,341 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-16 11:37:38,341 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.285714285714286) internal successors, (44), 5 states have internal predecessors, (44), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) Word has length 53 [2022-11-16 11:37:38,341 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:38,344 INFO L225 Difference]: With dead ends: 558 [2022-11-16 11:37:38,344 INFO L226 Difference]: Without dead ends: 291 [2022-11-16 11:37:38,345 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2022-11-16 11:37:38,346 INFO L413 NwaCegarLoop]: 85 mSDtfsCounter, 108 mSDsluCounter, 329 mSDsCounter, 0 mSdLazyCounter, 203 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 114 SdHoareTripleChecker+Valid, 414 SdHoareTripleChecker+Invalid, 232 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 203 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:38,346 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [114 Valid, 414 Invalid, 232 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 203 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:37:38,347 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 291 states. [2022-11-16 11:37:38,375 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 291 to 271. [2022-11-16 11:37:38,376 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 271 states, 207 states have (on average 1.2222222222222223) internal successors, (253), 218 states have internal predecessors, (253), 34 states have call successors, (34), 28 states have call predecessors, (34), 29 states have return successors, (53), 34 states have call predecessors, (53), 34 states have call successors, (53) [2022-11-16 11:37:38,378 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 271 states to 271 states and 340 transitions. [2022-11-16 11:37:38,378 INFO L78 Accepts]: Start accepts. Automaton has 271 states and 340 transitions. Word has length 53 [2022-11-16 11:37:38,379 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:38,379 INFO L495 AbstractCegarLoop]: Abstraction has 271 states and 340 transitions. [2022-11-16 11:37:38,379 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.285714285714286) internal successors, (44), 5 states have internal predecessors, (44), 1 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 1 states have call successors, (4) [2022-11-16 11:37:38,380 INFO L276 IsEmpty]: Start isEmpty. Operand 271 states and 340 transitions. [2022-11-16 11:37:38,380 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2022-11-16 11:37:38,381 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:38,381 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:38,381 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-16 11:37:38,381 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:38,382 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:38,382 INFO L85 PathProgramCache]: Analyzing trace with hash -2030829189, now seen corresponding path program 1 times [2022-11-16 11:37:38,382 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:38,382 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1543283864] [2022-11-16 11:37:38,383 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:38,383 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:38,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:38,585 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:37:38,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:38,649 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-16 11:37:38,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:38,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-11-16 11:37:38,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:38,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-11-16 11:37:38,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:38,702 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:37:38,703 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:38,704 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1543283864] [2022-11-16 11:37:38,704 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1543283864] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:38,704 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:38,704 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-16 11:37:38,704 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1232635189] [2022-11-16 11:37:38,705 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:38,706 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-16 11:37:38,706 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:38,707 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-16 11:37:38,707 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:37:38,708 INFO L87 Difference]: Start difference. First operand 271 states and 340 transitions. Second operand has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 11:37:39,887 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:39,887 INFO L93 Difference]: Finished difference Result 858 states and 1130 transitions. [2022-11-16 11:37:39,888 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2022-11-16 11:37:39,888 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 55 [2022-11-16 11:37:39,890 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:39,894 INFO L225 Difference]: With dead ends: 858 [2022-11-16 11:37:39,894 INFO L226 Difference]: Without dead ends: 645 [2022-11-16 11:37:39,897 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 10 SyntacticMatches, 1 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 262 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=215, Invalid=907, Unknown=0, NotChecked=0, Total=1122 [2022-11-16 11:37:39,899 INFO L413 NwaCegarLoop]: 127 mSDtfsCounter, 473 mSDsluCounter, 674 mSDsCounter, 0 mSdLazyCounter, 767 mSolverCounterSat, 171 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 480 SdHoareTripleChecker+Valid, 801 SdHoareTripleChecker+Invalid, 938 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 171 IncrementalHoareTripleChecker+Valid, 767 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:39,900 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [480 Valid, 801 Invalid, 938 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [171 Valid, 767 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-11-16 11:37:39,901 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 645 states. [2022-11-16 11:37:39,993 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 645 to 524. [2022-11-16 11:37:39,994 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 524 states, 401 states have (on average 1.2194513715710724) internal successors, (489), 425 states have internal predecessors, (489), 65 states have call successors, (65), 49 states have call predecessors, (65), 57 states have return successors, (104), 67 states have call predecessors, (104), 65 states have call successors, (104) [2022-11-16 11:37:39,997 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 524 states to 524 states and 658 transitions. [2022-11-16 11:37:39,998 INFO L78 Accepts]: Start accepts. Automaton has 524 states and 658 transitions. Word has length 55 [2022-11-16 11:37:39,998 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:39,998 INFO L495 AbstractCegarLoop]: Abstraction has 524 states and 658 transitions. [2022-11-16 11:37:39,998 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 11:37:39,999 INFO L276 IsEmpty]: Start isEmpty. Operand 524 states and 658 transitions. [2022-11-16 11:37:40,000 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 95 [2022-11-16 11:37:40,000 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:40,000 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:40,001 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-16 11:37:40,001 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:40,001 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:40,001 INFO L85 PathProgramCache]: Analyzing trace with hash 309041265, now seen corresponding path program 1 times [2022-11-16 11:37:40,002 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:40,002 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [852241912] [2022-11-16 11:37:40,002 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:40,023 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:40,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,243 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:37:40,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-16 11:37:40,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,305 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:37:40,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,316 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:37:40,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-11-16 11:37:40,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,357 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-11-16 11:37:40,360 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:37:40,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,366 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-11-16 11:37:40,368 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,371 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 8 proven. 18 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-16 11:37:40,372 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:40,372 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [852241912] [2022-11-16 11:37:40,372 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [852241912] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 11:37:40,372 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1815618696] [2022-11-16 11:37:40,373 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:40,373 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:37:40,373 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:37:40,378 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 11:37:40,407 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-16 11:37:40,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:40,559 INFO L263 TraceCheckSpWp]: Trace formula consists of 466 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-16 11:37:40,567 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 11:37:40,886 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 24 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 11:37:40,889 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 11:37:41,186 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 18 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-16 11:37:41,186 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1815618696] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 11:37:41,186 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 11:37:41,186 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-11-16 11:37:41,187 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1692668298] [2022-11-16 11:37:41,187 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 11:37:41,187 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-16 11:37:41,187 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:41,188 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-16 11:37:41,188 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-11-16 11:37:41,188 INFO L87 Difference]: Start difference. First operand 524 states and 658 transitions. Second operand has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-11-16 11:37:42,728 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:42,729 INFO L93 Difference]: Finished difference Result 1146 states and 1483 transitions. [2022-11-16 11:37:42,729 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2022-11-16 11:37:42,729 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) Word has length 94 [2022-11-16 11:37:42,730 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:42,734 INFO L225 Difference]: With dead ends: 1146 [2022-11-16 11:37:42,735 INFO L226 Difference]: Without dead ends: 678 [2022-11-16 11:37:42,737 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 256 GetRequests, 209 SyntacticMatches, 4 SemanticMatches, 43 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 496 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=452, Invalid=1528, Unknown=0, NotChecked=0, Total=1980 [2022-11-16 11:37:42,738 INFO L413 NwaCegarLoop]: 169 mSDtfsCounter, 467 mSDsluCounter, 943 mSDsCounter, 0 mSdLazyCounter, 874 mSolverCounterSat, 230 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 471 SdHoareTripleChecker+Valid, 1112 SdHoareTripleChecker+Invalid, 1104 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 230 IncrementalHoareTripleChecker+Valid, 874 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:42,739 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [471 Valid, 1112 Invalid, 1104 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [230 Valid, 874 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-11-16 11:37:42,740 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 678 states. [2022-11-16 11:37:42,820 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 678 to 585. [2022-11-16 11:37:42,821 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 585 states, 441 states have (on average 1.2086167800453516) internal successors, (533), 473 states have internal predecessors, (533), 75 states have call successors, (75), 63 states have call predecessors, (75), 68 states have return successors, (100), 70 states have call predecessors, (100), 75 states have call successors, (100) [2022-11-16 11:37:42,825 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 585 states to 585 states and 708 transitions. [2022-11-16 11:37:42,825 INFO L78 Accepts]: Start accepts. Automaton has 585 states and 708 transitions. Word has length 94 [2022-11-16 11:37:42,825 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:42,826 INFO L495 AbstractCegarLoop]: Abstraction has 585 states and 708 transitions. [2022-11-16 11:37:42,826 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-11-16 11:37:42,826 INFO L276 IsEmpty]: Start isEmpty. Operand 585 states and 708 transitions. [2022-11-16 11:37:42,829 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 169 [2022-11-16 11:37:42,829 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:42,829 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:42,836 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-11-16 11:37:43,035 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:37:43,035 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:43,036 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:43,036 INFO L85 PathProgramCache]: Analyzing trace with hash 1424558119, now seen corresponding path program 1 times [2022-11-16 11:37:43,036 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:43,036 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1875897018] [2022-11-16 11:37:43,036 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:43,036 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:43,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:37:43,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-16 11:37:43,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,274 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:37:43,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:37:43,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-11-16 11:37:43,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:37:43,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:37:43,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:37:43,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,311 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-11-16 11:37:43,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:37:43,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,376 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-11-16 11:37:43,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-11-16 11:37:43,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,382 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-11-16 11:37:43,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-11-16 11:37:43,388 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:43,394 INFO L134 CoverageAnalysis]: Checked inductivity of 188 backedges. 79 proven. 0 refuted. 0 times theorem prover too weak. 109 trivial. 0 not checked. [2022-11-16 11:37:43,394 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:43,394 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1875897018] [2022-11-16 11:37:43,394 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1875897018] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:37:43,395 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:37:43,395 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-16 11:37:43,395 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [860344286] [2022-11-16 11:37:43,395 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:37:43,396 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-16 11:37:43,396 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:43,397 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-16 11:37:43,397 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=71, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:37:43,397 INFO L87 Difference]: Start difference. First operand 585 states and 708 transitions. Second operand has 10 states, 10 states have (on average 8.6) internal successors, (86), 7 states have internal predecessors, (86), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) [2022-11-16 11:37:44,307 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:44,308 INFO L93 Difference]: Finished difference Result 1594 states and 1958 transitions. [2022-11-16 11:37:44,308 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-16 11:37:44,309 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 8.6) internal successors, (86), 7 states have internal predecessors, (86), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) Word has length 168 [2022-11-16 11:37:44,309 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:44,315 INFO L225 Difference]: With dead ends: 1594 [2022-11-16 11:37:44,315 INFO L226 Difference]: Without dead ends: 1017 [2022-11-16 11:37:44,317 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 36 SyntacticMatches, 0 SemanticMatches, 30 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 207 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=211, Invalid=781, Unknown=0, NotChecked=0, Total=992 [2022-11-16 11:37:44,318 INFO L413 NwaCegarLoop]: 142 mSDtfsCounter, 386 mSDsluCounter, 557 mSDsCounter, 0 mSdLazyCounter, 674 mSolverCounterSat, 104 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 390 SdHoareTripleChecker+Valid, 699 SdHoareTripleChecker+Invalid, 778 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 104 IncrementalHoareTripleChecker+Valid, 674 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:44,319 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [390 Valid, 699 Invalid, 778 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [104 Valid, 674 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-11-16 11:37:44,320 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1017 states. [2022-11-16 11:37:44,430 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1017 to 1002. [2022-11-16 11:37:44,432 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1002 states, 759 states have (on average 1.1712779973649539) internal successors, (889), 805 states have internal predecessors, (889), 128 states have call successors, (128), 111 states have call predecessors, (128), 114 states have return successors, (164), 116 states have call predecessors, (164), 128 states have call successors, (164) [2022-11-16 11:37:44,436 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1002 states to 1002 states and 1181 transitions. [2022-11-16 11:37:44,437 INFO L78 Accepts]: Start accepts. Automaton has 1002 states and 1181 transitions. Word has length 168 [2022-11-16 11:37:44,438 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:44,439 INFO L495 AbstractCegarLoop]: Abstraction has 1002 states and 1181 transitions. [2022-11-16 11:37:44,439 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 8.6) internal successors, (86), 7 states have internal predecessors, (86), 3 states have call successors, (11), 5 states have call predecessors, (11), 2 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) [2022-11-16 11:37:44,439 INFO L276 IsEmpty]: Start isEmpty. Operand 1002 states and 1181 transitions. [2022-11-16 11:37:44,447 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 169 [2022-11-16 11:37:44,447 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:37:44,448 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:37:44,448 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-11-16 11:37:44,448 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:37:44,449 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:37:44,449 INFO L85 PathProgramCache]: Analyzing trace with hash 1551539399, now seen corresponding path program 1 times [2022-11-16 11:37:44,449 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:37:44,449 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [619719807] [2022-11-16 11:37:44,449 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:44,450 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:37:44,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,649 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:37:44,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-16 11:37:44,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,673 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:37:44,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:37:44,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-11-16 11:37:44,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:37:44,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:37:44,699 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:37:44,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,711 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-11-16 11:37:44,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-11-16 11:37:44,718 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:37:44,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,800 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-11-16 11:37:44,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-11-16 11:37:44,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,811 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-11-16 11:37:44,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:44,814 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 66 proven. 5 refuted. 0 times theorem prover too weak. 113 trivial. 0 not checked. [2022-11-16 11:37:44,814 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:37:44,814 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [619719807] [2022-11-16 11:37:44,814 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [619719807] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 11:37:44,815 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [218751770] [2022-11-16 11:37:44,815 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:37:44,815 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:37:44,815 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:37:44,817 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 11:37:44,853 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-16 11:37:45,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:37:45,028 INFO L263 TraceCheckSpWp]: Trace formula consists of 665 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-16 11:37:45,034 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 11:37:45,333 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 134 proven. 4 refuted. 0 times theorem prover too weak. 46 trivial. 0 not checked. [2022-11-16 11:37:45,333 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 11:37:45,915 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 77 proven. 39 refuted. 0 times theorem prover too weak. 68 trivial. 0 not checked. [2022-11-16 11:37:45,916 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [218751770] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 11:37:45,916 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 11:37:45,916 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 10, 11] total 26 [2022-11-16 11:37:45,916 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [208743518] [2022-11-16 11:37:45,916 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 11:37:45,917 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-11-16 11:37:45,917 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:37:45,918 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-11-16 11:37:45,918 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=121, Invalid=529, Unknown=0, NotChecked=0, Total=650 [2022-11-16 11:37:45,918 INFO L87 Difference]: Start difference. First operand 1002 states and 1181 transitions. Second operand has 26 states, 26 states have (on average 7.961538461538462) internal successors, (207), 21 states have internal predecessors, (207), 9 states have call successors, (30), 10 states have call predecessors, (30), 9 states have return successors, (32), 8 states have call predecessors, (32), 9 states have call successors, (32) [2022-11-16 11:37:47,966 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:37:47,966 INFO L93 Difference]: Finished difference Result 2105 states and 2551 transitions. [2022-11-16 11:37:47,967 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 31 states. [2022-11-16 11:37:47,967 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 26 states have (on average 7.961538461538462) internal successors, (207), 21 states have internal predecessors, (207), 9 states have call successors, (30), 10 states have call predecessors, (30), 9 states have return successors, (32), 8 states have call predecessors, (32), 9 states have call successors, (32) Word has length 168 [2022-11-16 11:37:47,968 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:37:47,970 INFO L225 Difference]: With dead ends: 2105 [2022-11-16 11:37:47,970 INFO L226 Difference]: Without dead ends: 0 [2022-11-16 11:37:47,979 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 408 GetRequests, 353 SyntacticMatches, 5 SemanticMatches, 50 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 531 ImplicationChecksByTransitivity, 1.0s TimeCoverageRelationStatistics Valid=557, Invalid=2095, Unknown=0, NotChecked=0, Total=2652 [2022-11-16 11:37:47,980 INFO L413 NwaCegarLoop]: 40 mSDtfsCounter, 886 mSDsluCounter, 395 mSDsCounter, 0 mSdLazyCounter, 1436 mSolverCounterSat, 291 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 889 SdHoareTripleChecker+Valid, 435 SdHoareTripleChecker+Invalid, 1727 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 291 IncrementalHoareTripleChecker+Valid, 1436 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:37:47,981 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [889 Valid, 435 Invalid, 1727 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [291 Valid, 1436 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-11-16 11:37:47,981 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-16 11:37:47,982 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-16 11:37:47,982 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-16 11:37:47,982 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-16 11:37:47,982 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 168 [2022-11-16 11:37:47,983 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:37:47,983 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-16 11:37:47,983 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 26 states have (on average 7.961538461538462) internal successors, (207), 21 states have internal predecessors, (207), 9 states have call successors, (30), 10 states have call predecessors, (30), 9 states have return successors, (32), 8 states have call predecessors, (32), 9 states have call successors, (32) [2022-11-16 11:37:47,983 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-16 11:37:47,984 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-16 11:37:47,987 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-16 11:37:48,002 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-16 11:37:48,194 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2022-11-16 11:37:48,196 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-16 11:38:02,133 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 346 352) no Hoare annotation was computed. [2022-11-16 11:38:02,133 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 346 352) the Hoare annotation is: true [2022-11-16 11:38:02,134 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 83 94) the Hoare annotation is: (let ((.cse2 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse3 (not (<= ~waterLevel~0 2)))) (and (or (not (= |old(~methaneLevelCritical~0)| 0)) .cse0 .cse1 .cse2 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 (not (<= 2 ~waterLevel~0)) .cse2 .cse3) (or (not (= ~pumpRunning~0 0)) .cse0 .cse1 .cse3))) [2022-11-16 11:38:02,134 INFO L899 garLoopResultBuilder]: For program point L87-1(lines 83 94) no Hoare annotation was computed. [2022-11-16 11:38:02,134 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 83 94) no Hoare annotation was computed. [2022-11-16 11:38:02,134 INFO L899 garLoopResultBuilder]: For program point L184(lines 184 194) no Hoare annotation was computed. [2022-11-16 11:38:02,134 INFO L899 garLoopResultBuilder]: For program point L180(lines 180 197) no Hoare annotation was computed. [2022-11-16 11:38:02,137 INFO L895 garLoopResultBuilder]: At program point L180-1(lines 172 200) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse16 (<= 1 ~pumpRunning~0)) (.cse19 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse20 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse21 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse8 (= ~pumpRunning~0 0)) (.cse22 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse14 (<= ~waterLevel~0 1)) (.cse23 (= 1 ~systemActive~0)) (.cse6 (not .cse1)) (.cse29 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse24 (= |timeShift_processEnvironment_~tmp~3#1| ~methaneLevelCritical~0)) (.cse25 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse27 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse4 (and .cse20 .cse21 .cse8 .cse22 .cse14 .cse23 .cse6 .cse29 .cse24 .cse25 .cse27)) (.cse18 (not (< 1 |old(~waterLevel~0)|))) (.cse17 (not (<= |old(~waterLevel~0)| 2))) (.cse26 (= ~waterLevel~0 1)) (.cse28 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not .cse23)) (.cse13 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse11 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse15 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1|))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (and .cse16 .cse19 .cse20 .cse21 .cse1 .cse22 .cse14 .cse23 .cse29 .cse24 .cse25 .cse27)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse3 .cse6 .cse7 .cse5) (let ((.cse9 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse10 (<= 2 ~waterLevel~0)) (.cse12 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse8 .cse9 .cse10 .cse11 .cse12) .cse2 (and .cse8 .cse13 .cse14 .cse11 .cse15) (and .cse16 .cse9 .cse10 .cse11 .cse12) .cse17)) (or .cse2 .cse3 .cse18 .cse6 (and .cse19 .cse20 .cse21 .cse22 .cse23 .cse24 .cse25 .cse26 .cse27) .cse17) (or .cse28 .cse1 .cse2 (and .cse21 .cse8 .cse13 .cse22 .cse23 .cse24 .cse11 .cse27 .cse15) .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse3 .cse18 .cse17 (and .cse20 .cse21 .cse8 .cse22 .cse23 .cse24 .cse25 .cse26 .cse27)) (or .cse28 .cse2 (and .cse19 .cse21 .cse13 .cse22 .cse23 .cse24 .cse11 .cse27 .cse15) .cse3 .cse6 .cse7 .cse5))))) [2022-11-16 11:38:02,138 INFO L895 garLoopResultBuilder]: At program point L399(line 399) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse4 .cse0 (not (= |old(~waterLevel~0)| 2))) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2) (or (not (<= |old(~waterLevel~0)| 1)) .cse3 .cse4 .cse0))) [2022-11-16 11:38:02,139 INFO L895 garLoopResultBuilder]: At program point L399-1(lines 380 404) the Hoare annotation is: (let ((.cse12 (= ~methaneLevelCritical~0 0))) (let ((.cse10 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (= ~pumpRunning~0 0)) (.cse3 (not .cse12)) (.cse17 (<= 1 ~pumpRunning~0)) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse8 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse23 (<= ~waterLevel~0 1)) (.cse22 (= 1 ~systemActive~0)) (.cse24 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse9 (= |timeShift_processEnvironment_~tmp~3#1| ~methaneLevelCritical~0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse14 (not (= |old(~waterLevel~0)| 2))) (.cse4 (and .cse17 .cse6 .cse7 .cse12 .cse8 .cse23 .cse22 .cse24 .cse9 .cse11)) (.cse18 (not (= |old(~waterLevel~0)| 1))) (.cse13 (and .cse7 .cse21 .cse8 .cse23 .cse22 .cse3 .cse24 .cse9 .cse11)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse15 (not (= |old(~pumpRunning~0)| 0))) (.cse16 (and .cse21 .cse10)) (.cse1 (not .cse22)) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse19 (not (< 1 |old(~waterLevel~0)|))) (.cse20 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 (and .cse6 .cse7 .cse8 .cse9 .cse10 .cse11)) (or .cse12 .cse1 .cse2 .cse13 .cse14) (or .cse15 .cse16 .cse1 (and .cse17 .cse10) .cse14) (or .cse18 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse18 .cse12 .cse1 .cse2 .cse13 .cse5) (or .cse1 .cse2 .cse19 .cse3 (and .cse6 .cse7 .cse8 .cse9 .cse11) .cse20) (or .cse0 .cse12 .cse1 .cse2 .cse13 (and .cse7 .cse21 .cse8 .cse9 .cse10 .cse11) .cse5) (or .cse0 .cse15 .cse16 .cse1) (or .cse1 .cse2 .cse19 (= ~waterLevel~0 1) .cse20))))) [2022-11-16 11:38:02,139 INFO L895 garLoopResultBuilder]: At program point L428(lines 421 431) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse15 (<= 1 ~pumpRunning~0)) (.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse12 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse16 (<= ~waterLevel~0 1)) (.cse14 (= 1 ~systemActive~0)) (.cse8 (not .cse1)) (.cse17 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse13 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse4 (and .cse15 .cse10 .cse11 .cse12 .cse16 .cse14 .cse8 .cse17 .cse13)) (.cse7 (and .cse10 .cse11 .cse12 (= |old(~waterLevel~0)| ~waterLevel~0) .cse13)) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse9 (and .cse15 .cse10 .cse11 .cse1 .cse12 .cse16 .cse14 .cse17 .cse13)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not .cse14)) (.cse6 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse3 .cse4 .cse6 .cse7 .cse5) (or .cse2 .cse3 .cse8 .cse6 .cse7 .cse9 .cse5) (or .cse0 .cse2 .cse3 .cse8 .cse9 .cse5) (or .cse2 (and .cse10 .cse11 .cse12 (= ~waterLevel~0 1) .cse13) .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse6) (or (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse6))))) [2022-11-16 11:38:02,139 INFO L899 garLoopResultBuilder]: For program point L333-1(lines 333 339) no Hoare annotation was computed. [2022-11-16 11:38:02,140 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 319 345) no Hoare annotation was computed. [2022-11-16 11:38:02,140 INFO L899 garLoopResultBuilder]: For program point L185(lines 185 191) no Hoare annotation was computed. [2022-11-16 11:38:02,140 INFO L899 garLoopResultBuilder]: For program point L309(line 309) no Hoare annotation was computed. [2022-11-16 11:38:02,140 INFO L895 garLoopResultBuilder]: At program point L169(lines 162 171) the Hoare annotation is: (let ((.cse6 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (and (= ~pumpRunning~0 0) .cse6)) (.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6 (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (= |old(~waterLevel~0)| 2))) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2) (or .cse3 .cse2 .cse4 (not (< 1 |old(~waterLevel~0)|)) .cse5) (or .cse3 .cse2 .cse4 .cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-11-16 11:38:02,141 INFO L899 garLoopResultBuilder]: For program point L326(lines 326 332) no Hoare annotation was computed. [2022-11-16 11:38:02,141 INFO L899 garLoopResultBuilder]: For program point L326-2(lines 322 344) no Hoare annotation was computed. [2022-11-16 11:38:02,141 INFO L899 garLoopResultBuilder]: For program point L388(lines 388 396) no Hoare annotation was computed. [2022-11-16 11:38:02,142 INFO L895 garLoopResultBuilder]: At program point L132(lines 127 135) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse22 (<= 1 ~pumpRunning~0)) (.cse18 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse9 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse10 (= ~pumpRunning~0 0)) (.cse11 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse19 (<= ~waterLevel~0 1)) (.cse23 (= 1 ~systemActive~0)) (.cse16 (not .cse1)) (.cse24 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse12 (= |timeShift_processEnvironment_~tmp~3#1| ~methaneLevelCritical~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse4 (and .cse8 .cse9 .cse10 .cse11 .cse19 .cse23 .cse16 .cse24 .cse12 .cse13)) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse17 (and .cse22 .cse18 .cse8 .cse9 .cse1 .cse11 .cse19 .cse23 .cse24 .cse12 .cse13)) (.cse14 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse15 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (not .cse23)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse3 .cse6 .cse7 (and .cse8 .cse9 .cse10 .cse11 .cse12 .cse13)) (or (not (<= |old(~waterLevel~0)| 1)) .cse1 .cse2 .cse3 (and .cse9 .cse10 .cse14 .cse11 .cse12 .cse15 .cse13) .cse4 .cse5) (or .cse0 .cse2 .cse3 .cse16 .cse17 .cse5) (or .cse2 .cse3 (and .cse18 .cse9 .cse14 .cse11 .cse12 .cse15 .cse13) .cse16 .cse17 .cse7 .cse5) (or .cse2 .cse3 .cse16 .cse17 (not (= |old(~waterLevel~0)| 2))) (let ((.cse20 (= 2 ~waterLevel~0)) (.cse21 (= 2 |timeShift_getWaterLevel_#res#1|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse2 (and .cse10 .cse14 .cse19 .cse15) (and .cse10 .cse20 .cse21 .cse15) .cse7 (and .cse22 .cse20 .cse21 .cse15))) (or .cse2 .cse3 .cse6 (= ~waterLevel~0 1) .cse7))))) [2022-11-16 11:38:02,142 INFO L899 garLoopResultBuilder]: For program point L384(lines 384 401) no Hoare annotation was computed. [2022-11-16 11:38:02,142 INFO L895 garLoopResultBuilder]: At program point L182(line 182) the Hoare annotation is: (let ((.cse15 (= ~methaneLevelCritical~0 0))) (let ((.cse19 (= ~pumpRunning~0 0)) (.cse2 (not .cse15)) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse4 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse25 (<= ~waterLevel~0 1)) (.cse24 (= 1 ~systemActive~0)) (.cse26 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse7 (= |timeShift_processEnvironment_~tmp~3#1| ~methaneLevelCritical~0)) (.cse20 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse14 (not (= |old(~waterLevel~0)| 1))) (.cse22 (not (= |old(~waterLevel~0)| 2))) (.cse12 (and (<= 1 ~pumpRunning~0) .cse3 .cse18 .cse4 .cse15 .cse6 .cse25 .cse24 .cse26 .cse7 .cse20 .cse9)) (.cse16 (and .cse18 .cse4 .cse19 .cse6 .cse25 .cse24 .cse2 .cse26 .cse7 .cse20 .cse9)) (.cse10 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1|))) (.cse13 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse23 (not (<= |old(~waterLevel~0)| 1))) (.cse21 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse0 (not .cse24)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse17 (not (< 1 |old(~waterLevel~0)|))) (.cse11 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5 .cse6 .cse7 .cse8 .cse9 .cse10) .cse11 .cse12 .cse13) (or .cse14 .cse15 .cse0 .cse1 .cse16 .cse13) (or .cse15 .cse0 .cse1 .cse17 (and .cse18 .cse4 .cse19 .cse6 .cse7 .cse20 .cse9) .cse11) (or .cse21 .cse0 .cse22) (or .cse14 .cse0 .cse1 .cse2 .cse12 .cse13) (or .cse0 .cse1 .cse2 .cse22 .cse12) (or .cse23 .cse15 .cse0 .cse1 .cse16 (and .cse4 .cse19 .cse5 .cse6 .cse7 .cse8 .cse9 .cse10) .cse13) (or .cse23 .cse21 (and .cse19 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2) .cse5 .cse8) .cse0) (or .cse0 .cse1 .cse17 (= ~waterLevel~0 1) .cse11))))) [2022-11-16 11:38:02,143 INFO L895 garLoopResultBuilder]: At program point L310(lines 305 312) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse2))) [2022-11-16 11:38:02,143 INFO L899 garLoopResultBuilder]: For program point L182-1(line 182) no Hoare annotation was computed. [2022-11-16 11:38:02,143 INFO L895 garLoopResultBuilder]: At program point L100(lines 95 103) the Hoare annotation is: (let ((.cse10 (= ~methaneLevelCritical~0 0))) (let ((.cse7 (not .cse10)) (.cse14 (<= 1 ~pumpRunning~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse15 (<= ~waterLevel~0 1)) (.cse13 (= 1 ~systemActive~0)) (.cse16 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse6 (not (= |old(~waterLevel~0)| 1))) (.cse8 (and .cse14 .cse2 .cse10 .cse3 .cse15 .cse13 .cse16 .cse4)) (.cse12 (and .cse2 .cse3 (= |old(~waterLevel~0)| ~waterLevel~0) .cse4)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse11 (and .cse14 .cse2 .cse3 .cse15 .cse13 .cse7 .cse16 .cse4)) (.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse13)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse2 .cse3 (= ~waterLevel~0 1) .cse4) .cse5) (or .cse6 .cse0 .cse1 .cse7 .cse8 .cse9) (or .cse6 .cse10 .cse0 .cse1 .cse11 .cse9) (or .cse12 .cse0 .cse1 .cse7 .cse8 .cse5 .cse9) (or .cse12 .cse10 .cse0 .cse1 .cse11 .cse5 .cse9) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse5))))) [2022-11-16 11:38:02,143 INFO L895 garLoopResultBuilder]: At program point L418(lines 413 420) the Hoare annotation is: (let ((.cse3 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse4 (= ~pumpRunning~0 0)) (.cse5 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse12 (= 1 ~systemActive~0)) (.cse9 (not (= ~methaneLevelCritical~0 0))) (.cse6 (= |timeShift_processEnvironment_~tmp~3#1| ~methaneLevelCritical~0)) (.cse7 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse10 (and .cse3 .cse4 .cse5 (<= ~waterLevel~0 1) .cse12 .cse9 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse6 .cse7)) (.cse0 (not .cse12)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse11 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5 .cse6 (= ~waterLevel~0 1) .cse7) .cse8) (or .cse0 .cse1 .cse2 .cse9 .cse8) (or .cse0 .cse1 .cse10 .cse8 (and .cse3 .cse4 .cse5 .cse6 (= |old(~waterLevel~0)| ~waterLevel~0) .cse7) .cse11) (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse10 .cse11) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse8) (or .cse0 .cse1 .cse9 .cse8 .cse11)))) [2022-11-16 11:38:02,144 INFO L899 garLoopResultBuilder]: For program point L63(lines 63 67) no Hoare annotation was computed. [2022-11-16 11:38:02,144 INFO L895 garLoopResultBuilder]: At program point L63-2(lines 59 70) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (<= 1 ~switchedOnBeforeTS~0)) (.cse7 (= 1 ~systemActive~0))) (let ((.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not .cse7)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and .cse0 (<= ~waterLevel~0 1) .cse7 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse1)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse2 .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse0 (= ~waterLevel~0 1) .cse1) .cse5) (or (not (= |old(~pumpRunning~0)| 0)) .cse2 .cse5) (or (not (= |old(~waterLevel~0)| 1)) .cse2 .cse3 .cse4 .cse6)))) [2022-11-16 11:38:02,144 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 319 345) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 (not (<= |old(~waterLevel~0)| 2))) (or .cse2 .cse3 (not (= |old(~waterLevel~0)| 2)) .cse4) (or (not (<= |old(~waterLevel~0)| 1)) .cse2 .cse3 .cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-11-16 11:38:02,144 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 319 345) no Hoare annotation was computed. [2022-11-16 11:38:02,144 INFO L895 garLoopResultBuilder]: At program point L394(line 394) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse5 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse10 (= ~methaneLevelCritical~0 0)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse11 (= 1 ~systemActive~0)) (.cse7 (= |timeShift_processEnvironment_~tmp~3#1| ~methaneLevelCritical~0)) (.cse8 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (and (<= 1 ~pumpRunning~0) .cse4 .cse5 .cse10 .cse6 (<= ~waterLevel~0 1) .cse11 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse7 .cse8)) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse11)) (.cse9 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5 .cse6 .cse7 (= |old(~waterLevel~0)| ~waterLevel~0) .cse8)) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse4 .cse5 .cse6 .cse7 (= ~waterLevel~0 1) .cse8) .cse9) (or .cse10 .cse0 .cse1 .cse9 .cse3) (or .cse10 .cse0 .cse1 (not (= |old(~waterLevel~0)| 2))) (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse9)))) [2022-11-16 11:38:02,145 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 309) no Hoare annotation was computed. [2022-11-16 11:38:02,145 INFO L895 garLoopResultBuilder]: At program point L167(line 167) the Hoare annotation is: (let ((.cse0 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1))) (and (or (and (= ~pumpRunning~0 0) .cse0 .cse1) (not (= |old(~pumpRunning~0)| 0)) .cse2 (not (<= |old(~waterLevel~0)| 2))) (or .cse2 .cse3 (not (= |old(~waterLevel~0)| 2)) .cse4) (or (not (<= |old(~waterLevel~0)| 1)) .cse2 .cse3 .cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-11-16 11:38:02,145 INFO L899 garLoopResultBuilder]: For program point L167-1(line 167) no Hoare annotation was computed. [2022-11-16 11:38:02,145 INFO L899 garLoopResultBuilder]: For program point L225(line 225) no Hoare annotation was computed. [2022-11-16 11:38:02,145 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 204 233) no Hoare annotation was computed. [2022-11-16 11:38:02,146 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 204 233) the Hoare annotation is: true [2022-11-16 11:38:02,146 INFO L899 garLoopResultBuilder]: For program point L218(lines 218 222) no Hoare annotation was computed. [2022-11-16 11:38:02,146 INFO L902 garLoopResultBuilder]: At program point L218-1(lines 218 222) the Hoare annotation is: true [2022-11-16 11:38:02,146 INFO L899 garLoopResultBuilder]: For program point L215(line 215) no Hoare annotation was computed. [2022-11-16 11:38:02,146 INFO L902 garLoopResultBuilder]: At program point L214-2(lines 214 228) the Hoare annotation is: true [2022-11-16 11:38:02,146 INFO L902 garLoopResultBuilder]: At program point L210(line 210) the Hoare annotation is: true [2022-11-16 11:38:02,146 INFO L899 garLoopResultBuilder]: For program point L210-1(line 210) no Hoare annotation was computed. [2022-11-16 11:38:02,146 INFO L902 garLoopResultBuilder]: At program point L229(lines 204 233) the Hoare annotation is: true [2022-11-16 11:38:02,146 INFO L899 garLoopResultBuilder]: For program point L291-2(lines 291 298) no Hoare annotation was computed. [2022-11-16 11:38:02,147 INFO L895 garLoopResultBuilder]: At program point L159(lines 154 161) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:38:02,147 INFO L899 garLoopResultBuilder]: For program point L543(lines 543 547) no Hoare annotation was computed. [2022-11-16 11:38:02,147 INFO L895 garLoopResultBuilder]: At program point L543-2(lines 537 548) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-16 11:38:02,147 INFO L902 garLoopResultBuilder]: At program point L275(lines 267 277) the Hoare annotation is: true [2022-11-16 11:38:02,147 INFO L899 garLoopResultBuilder]: For program point L527(lines 527 533) no Hoare annotation was computed. [2022-11-16 11:38:02,147 INFO L899 garLoopResultBuilder]: For program point L527-1(lines 527 533) no Hoare annotation was computed. [2022-11-16 11:38:02,147 INFO L902 garLoopResultBuilder]: At program point L556(lines 497 560) the Hoare annotation is: true [2022-11-16 11:38:02,148 INFO L902 garLoopResultBuilder]: At program point L300(lines 281 303) the Hoare annotation is: true [2022-11-16 11:38:02,148 INFO L895 garLoopResultBuilder]: At program point L263(lines 259 265) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:38:02,148 INFO L895 garLoopResultBuilder]: At program point L519(line 519) the Hoare annotation is: (let ((.cse1 (= 2 ~waterLevel~0)) (.cse4 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse5 (<= ~waterLevel~0 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3) (and .cse4 (= ~methaneLevelCritical~0 0) .cse5 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse2 .cse3))) [2022-11-16 11:38:02,148 INFO L895 garLoopResultBuilder]: At program point L577(lines 573 579) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:38:02,148 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-16 11:38:02,148 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-16 11:38:02,148 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-16 11:38:02,148 INFO L895 garLoopResultBuilder]: At program point L553(lines 506 554) the Hoare annotation is: false [2022-11-16 11:38:02,148 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-16 11:38:02,149 INFO L899 garLoopResultBuilder]: For program point L508(lines 507 552) no Hoare annotation was computed. [2022-11-16 11:38:02,149 INFO L899 garLoopResultBuilder]: For program point L537(lines 537 548) no Hoare annotation was computed. [2022-11-16 11:38:02,149 INFO L895 garLoopResultBuilder]: At program point L529(line 529) the Hoare annotation is: (let ((.cse3 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 (= ~methaneLevelCritical~0 0) (<= ~waterLevel~0 1) .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-16 11:38:02,149 INFO L895 garLoopResultBuilder]: At program point L550(lines 507 552) the Hoare annotation is: (let ((.cse1 (= 2 ~waterLevel~0)) (.cse4 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse5 (<= ~waterLevel~0 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse4 .cse1 .cse2 .cse3) (and .cse4 (= ~methaneLevelCritical~0 0) .cse5 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse2 .cse3))) [2022-11-16 11:38:02,149 INFO L899 garLoopResultBuilder]: For program point L517(lines 517 523) no Hoare annotation was computed. [2022-11-16 11:38:02,149 INFO L899 garLoopResultBuilder]: For program point L517-1(lines 517 523) no Hoare annotation was computed. [2022-11-16 11:38:02,150 INFO L899 garLoopResultBuilder]: For program point L509(lines 509 513) no Hoare annotation was computed. [2022-11-16 11:38:02,150 INFO L895 garLoopResultBuilder]: At program point L592(lines 587 595) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:38:02,150 INFO L895 garLoopResultBuilder]: At program point L584(lines 580 586) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:38:02,150 INFO L899 garLoopResultBuilder]: For program point L291(lines 291 298) no Hoare annotation was computed. [2022-11-16 11:38:02,150 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 354 378) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:38:02,151 INFO L895 garLoopResultBuilder]: At program point L145(lines 136 149) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))) (and .cse1 (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:38:02,151 INFO L895 garLoopResultBuilder]: At program point L368(line 368) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2)) (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:38:02,151 INFO L895 garLoopResultBuilder]: At program point L492(lines 477 495) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (= 2 ~waterLevel~0)) (and .cse1 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~4#1| 0)) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)) (not (<= ~waterLevel~0 2)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:38:02,152 INFO L899 garLoopResultBuilder]: For program point L362(lines 362 370) no Hoare annotation was computed. [2022-11-16 11:38:02,152 INFO L899 garLoopResultBuilder]: For program point L358(lines 358 375) no Hoare annotation was computed. [2022-11-16 11:38:02,152 INFO L899 garLoopResultBuilder]: For program point L486(lines 486 490) no Hoare annotation was computed. [2022-11-16 11:38:02,152 INFO L899 garLoopResultBuilder]: For program point L486-2(lines 486 490) no Hoare annotation was computed. [2022-11-16 11:38:02,152 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 354 378) no Hoare annotation was computed. [2022-11-16 11:38:02,153 INFO L895 garLoopResultBuilder]: At program point L410(lines 405 412) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2))))) [2022-11-16 11:38:02,153 INFO L895 garLoopResultBuilder]: At program point L373(line 373) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:38:02,153 INFO L899 garLoopResultBuilder]: For program point L373-1(lines 354 378) no Hoare annotation was computed. [2022-11-16 11:38:02,153 INFO L899 garLoopResultBuilder]: For program point L140(lines 140 146) no Hoare annotation was computed. [2022-11-16 11:38:02,153 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 71 82) no Hoare annotation was computed. [2022-11-16 11:38:02,153 INFO L899 garLoopResultBuilder]: For program point L75-1(lines 71 82) no Hoare annotation was computed. [2022-11-16 11:38:02,154 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 71 82) the Hoare annotation is: (let ((.cse3 (not (= ~pumpRunning~0 0))) (.cse4 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 ~pumpRunning~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse0 (not (= |old(~waterLevel~0)| 2)) .cse2) (or .cse4 .cse3 .cse0 .cse2) (or .cse4 .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:38:02,154 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 432 440) no Hoare annotation was computed. [2022-11-16 11:38:02,154 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 432 440) the Hoare annotation is: true [2022-11-16 11:38:02,154 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 432 440) no Hoare annotation was computed. [2022-11-16 11:38:02,158 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:38:02,161 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-16 11:38:02,222 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 16.11 11:38:02 BoogieIcfgContainer [2022-11-16 11:38:02,223 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-16 11:38:02,223 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-16 11:38:02,223 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-16 11:38:02,224 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-16 11:38:02,224 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:37:34" (3/4) ... [2022-11-16 11:38:02,228 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-16 11:38:02,235 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-16 11:38:02,235 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-16 11:38:02,236 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-16 11:38:02,236 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-16 11:38:02,236 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:38:02,236 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-16 11:38:02,237 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-16 11:38:02,244 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 52 nodes and edges [2022-11-16 11:38:02,245 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-11-16 11:38:02,245 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-11-16 11:38:02,246 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-16 11:38:02,246 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-16 11:38:02,247 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 11:38:02,247 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 11:38:02,276 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) == 2)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:38:02,276 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:38:02,277 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && 2 == \result) && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(1 == systemActive)) || ((((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && !(2 <= tmp))) || ((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(2 <= tmp))) || !(1 <= \old(pumpRunning))) || ((((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result < 2) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(2 <= tmp))) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:38:02,277 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) && ((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || (((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || waterLevel == 1) || !(\old(waterLevel) <= 2)) [2022-11-16 11:38:02,278 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-11-16 11:38:02,278 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || (((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS))) && ((((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || (((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result < 2) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || waterLevel == 1) || !(\old(waterLevel) <= 2)) [2022-11-16 11:38:02,279 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-11-16 11:38:02,279 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-11-16 11:38:02,280 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || (pumpRunning == 0 && 2 == waterLevel)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-16 11:38:02,280 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || (((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:38:02,280 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || (((pumpRunning == 0 && tmp___0 == 0) && !(tmp == 0)) && \result == 0)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-16 11:38:02,281 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) [2022-11-16 11:38:02,307 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/witness.graphml [2022-11-16 11:38:02,307 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-16 11:38:02,308 INFO L158 Benchmark]: Toolchain (without parser) took 29407.87ms. Allocated memory was 151.0MB in the beginning and 333.4MB in the end (delta: 182.5MB). Free memory was 111.7MB in the beginning and 120.9MB in the end (delta: -9.2MB). Peak memory consumption was 174.3MB. Max. memory is 16.1GB. [2022-11-16 11:38:02,308 INFO L158 Benchmark]: CDTParser took 0.35ms. Allocated memory is still 151.0MB. Free memory is still 128.9MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 11:38:02,309 INFO L158 Benchmark]: CACSL2BoogieTranslator took 785.08ms. Allocated memory is still 151.0MB. Free memory was 111.4MB in the beginning and 114.7MB in the end (delta: -3.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-11-16 11:38:02,309 INFO L158 Benchmark]: Boogie Procedure Inliner took 81.00ms. Allocated memory is still 151.0MB. Free memory was 114.7MB in the beginning and 112.5MB in the end (delta: 2.2MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 11:38:02,310 INFO L158 Benchmark]: Boogie Preprocessor took 45.83ms. Allocated memory is still 151.0MB. Free memory was 112.5MB in the beginning and 110.5MB in the end (delta: 2.0MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 11:38:02,310 INFO L158 Benchmark]: RCFGBuilder took 672.63ms. Allocated memory is still 151.0MB. Free memory was 110.5MB in the beginning and 91.7MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-16 11:38:02,311 INFO L158 Benchmark]: TraceAbstraction took 27723.17ms. Allocated memory was 151.0MB in the beginning and 333.4MB in the end (delta: 182.5MB). Free memory was 91.0MB in the beginning and 127.2MB in the end (delta: -36.3MB). Peak memory consumption was 172.9MB. Max. memory is 16.1GB. [2022-11-16 11:38:02,311 INFO L158 Benchmark]: Witness Printer took 84.21ms. Allocated memory is still 333.4MB. Free memory was 127.2MB in the beginning and 120.9MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-16 11:38:02,313 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.35ms. Allocated memory is still 151.0MB. Free memory is still 128.9MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 785.08ms. Allocated memory is still 151.0MB. Free memory was 111.4MB in the beginning and 114.7MB in the end (delta: -3.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 81.00ms. Allocated memory is still 151.0MB. Free memory was 114.7MB in the beginning and 112.5MB in the end (delta: 2.2MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 45.83ms. Allocated memory is still 151.0MB. Free memory was 112.5MB in the beginning and 110.5MB in the end (delta: 2.0MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 672.63ms. Allocated memory is still 151.0MB. Free memory was 110.5MB in the beginning and 91.7MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 27723.17ms. Allocated memory was 151.0MB in the beginning and 333.4MB in the end (delta: 182.5MB). Free memory was 91.0MB in the beginning and 127.2MB in the end (delta: -36.3MB). Peak memory consumption was 172.9MB. Max. memory is 16.1GB. * Witness Printer took 84.21ms. Allocated memory is still 333.4MB. Free memory was 127.2MB in the beginning and 120.9MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 309]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 90 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 27.6s, OverallIterations: 12, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 7.2s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 13.9s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2917 SdHoareTripleChecker+Valid, 4.0s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2877 mSDsluCounter, 4962 SdHoareTripleChecker+Invalid, 3.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3679 mSDsCounter, 944 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 4345 IncrementalHoareTripleChecker+Invalid, 5289 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 944 mSolverCounterUnsat, 1283 mSDtfsCounter, 4345 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 871 GetRequests, 669 SyntacticMatches, 10 SemanticMatches, 192 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1527 ImplicationChecksByTransitivity, 2.7s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1002occurred in iteration=11, InterpolantAutomatonStates: 167, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.6s AutomataMinimizationTime, 12 MinimizatonAttempts, 275 StatesRemovedByMinimization, 8 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 42 LocationsWithAnnotation, 2247 PreInvPairs, 2664 NumberOfFragments, 3867 HoareAnnotationTreeSize, 2247 FomulaSimplifications, 3597 FormulaSimplificationTreeSizeReduction, 1.2s HoareSimplificationTime, 42 FomulaSimplificationsInter, 46220 FormulaSimplificationTreeSizeReductionInter, 12.6s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.5s SatisfiabilityAnalysisTime, 4.1s InterpolantComputationTime, 1104 NumberOfCodeBlocks, 1104 NumberOfCodeBlocksAsserted, 14 NumberOfCheckSat, 1350 ConstructedInterpolants, 0 QuantifiedInterpolants, 2878 SizeOfPredicates, 6 NumberOfNonLiveVariables, 1131 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 16 InterpolantComputations, 10 PerfectInterpolantSequences, 783/866 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 136]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || (pumpRunning == 0 && 2 == waterLevel)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 405]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) - InvariantResult [Line: 380]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) || (((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) && ((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || (((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || waterLevel == 1) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 497]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 204]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 421]: Loop Invariant Derived loop invariant: (((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 477]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || (((pumpRunning == 0 && tmp___0 == 0) && !(tmp == 0)) && \result == 0)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 214]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 95]: Loop Invariant Derived loop invariant: ((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 580]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 305]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 172]: Loop Invariant Derived loop invariant: ((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && 2 == \result) && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(1 == systemActive)) || ((((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && !(2 <= tmp))) || ((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(2 <= tmp))) || !(1 <= \old(pumpRunning))) || ((((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result < 2) && \result == methaneLevelCritical) && 1 == systemActive) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(2 <= tmp))) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 154]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 267]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 127]: Loop Invariant Derived loop invariant: (((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || (((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS))) && ((((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || (((((((((\result <= waterLevel && methaneLevelCritical == \result) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result < 2) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || waterLevel == 1) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 259]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 506]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 162]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) == 2)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 59]: Loop Invariant Derived loop invariant: (((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 413]: Loop Invariant Derived loop invariant: ((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || (((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && tmp == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && tmp == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 573]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 587]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 281]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 507]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0 && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0) || (((1 <= pumpRunning && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || (((((1 <= pumpRunning && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS)) || (((pumpRunning == 0 && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) RESULT: Ultimate proved your program to be correct! [2022-11-16 11:38:02,363 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3afffd80-648d-4216-88f6-a08b08b3f16e/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE