./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e04fb08f Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-e04fb08 [2022-11-16 11:35:17,798 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-16 11:35:17,801 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-16 11:35:17,839 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-16 11:35:17,843 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-16 11:35:17,844 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-16 11:35:17,847 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-16 11:35:17,851 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-16 11:35:17,856 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-16 11:35:17,857 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-16 11:35:17,858 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-16 11:35:17,861 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-16 11:35:17,862 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-16 11:35:17,865 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-16 11:35:17,867 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-16 11:35:17,869 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-16 11:35:17,871 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-16 11:35:17,877 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-16 11:35:17,878 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-16 11:35:17,880 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-16 11:35:17,884 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-16 11:35:17,885 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-16 11:35:17,888 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-16 11:35:17,890 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-16 11:35:17,898 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-16 11:35:17,903 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-16 11:35:17,903 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-16 11:35:17,904 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-16 11:35:17,906 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-16 11:35:17,907 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-16 11:35:17,907 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-16 11:35:17,908 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-16 11:35:17,910 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-16 11:35:17,911 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-16 11:35:17,913 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-16 11:35:17,914 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-16 11:35:17,915 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-16 11:35:17,916 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-16 11:35:17,916 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-16 11:35:17,917 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-16 11:35:17,918 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-16 11:35:17,918 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-16 11:35:17,957 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-16 11:35:17,958 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-16 11:35:17,959 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-16 11:35:17,959 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-16 11:35:17,960 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-16 11:35:17,960 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-16 11:35:17,961 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-16 11:35:17,961 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-16 11:35:17,961 INFO L138 SettingsManager]: * Use SBE=true [2022-11-16 11:35:17,962 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-16 11:35:17,963 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-16 11:35:17,963 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-16 11:35:17,963 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-16 11:35:17,963 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-16 11:35:17,964 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-16 11:35:17,964 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-16 11:35:17,964 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-16 11:35:17,964 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-16 11:35:17,965 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-16 11:35:17,965 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-16 11:35:17,965 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-16 11:35:17,965 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-16 11:35:17,965 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-16 11:35:17,966 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-16 11:35:17,966 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 11:35:17,966 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-16 11:35:17,966 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-16 11:35:17,967 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-16 11:35:17,968 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-16 11:35:17,969 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-16 11:35:17,969 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-16 11:35:17,969 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-16 11:35:17,969 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-16 11:35:17,970 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 [2022-11-16 11:35:18,275 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-16 11:35:18,297 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-16 11:35:18,300 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-16 11:35:18,302 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-16 11:35:18,303 INFO L275 PluginConnector]: CDTParser initialized [2022-11-16 11:35:18,304 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/../../sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2022-11-16 11:35:18,388 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/data/82099dad9/aa1706e2c1764c2299c48d7f6fcb6642/FLAG9aa261c1a [2022-11-16 11:35:18,838 INFO L306 CDTParser]: Found 1 translation units. [2022-11-16 11:35:18,838 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2022-11-16 11:35:18,850 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/data/82099dad9/aa1706e2c1764c2299c48d7f6fcb6642/FLAG9aa261c1a [2022-11-16 11:35:19,201 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/data/82099dad9/aa1706e2c1764c2299c48d7f6fcb6642 [2022-11-16 11:35:19,203 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-16 11:35:19,205 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-16 11:35:19,210 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-16 11:35:19,210 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-16 11:35:19,214 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-16 11:35:19,214 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,216 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2af60ee2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19, skipping insertion in model container [2022-11-16 11:35:19,216 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,224 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-16 11:35:19,269 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-16 11:35:19,512 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2022-11-16 11:35:19,706 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 11:35:19,714 INFO L203 MainTranslator]: Completed pre-run [2022-11-16 11:35:19,727 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2022-11-16 11:35:19,777 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 11:35:19,800 INFO L208 MainTranslator]: Completed translation [2022-11-16 11:35:19,801 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19 WrapperNode [2022-11-16 11:35:19,801 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-16 11:35:19,804 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-16 11:35:19,804 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-16 11:35:19,804 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-16 11:35:19,815 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,838 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,873 INFO L138 Inliner]: procedures = 56, calls = 158, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 259 [2022-11-16 11:35:19,874 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-16 11:35:19,875 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-16 11:35:19,875 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-16 11:35:19,875 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-16 11:35:19,884 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,884 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,887 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,887 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,892 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,897 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,899 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,900 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,902 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-16 11:35:19,904 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-16 11:35:19,904 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-16 11:35:19,904 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-16 11:35:19,905 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (1/1) ... [2022-11-16 11:35:19,928 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 11:35:19,938 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:35:19,952 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-16 11:35:19,962 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-16 11:35:19,999 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-16 11:35:19,999 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-16 11:35:19,999 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-16 11:35:20,000 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-16 11:35:20,000 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-16 11:35:20,000 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-16 11:35:20,001 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-16 11:35:20,006 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:35:20,007 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:35:20,007 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-16 11:35:20,008 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-16 11:35:20,008 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-16 11:35:20,008 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-16 11:35:20,008 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-16 11:35:20,008 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-16 11:35:20,008 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-16 11:35:20,009 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-16 11:35:20,009 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-16 11:35:20,009 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-16 11:35:20,009 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-16 11:35:20,088 INFO L235 CfgBuilder]: Building ICFG [2022-11-16 11:35:20,090 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-16 11:35:20,453 INFO L276 CfgBuilder]: Performing block encoding [2022-11-16 11:35:20,460 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-16 11:35:20,461 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-16 11:35:20,463 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:35:20 BoogieIcfgContainer [2022-11-16 11:35:20,463 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-16 11:35:20,466 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-16 11:35:20,466 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-16 11:35:20,483 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-16 11:35:20,483 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 16.11 11:35:19" (1/3) ... [2022-11-16 11:35:20,484 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@91ee58e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 11:35:20, skipping insertion in model container [2022-11-16 11:35:20,484 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:35:19" (2/3) ... [2022-11-16 11:35:20,484 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@91ee58e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 11:35:20, skipping insertion in model container [2022-11-16 11:35:20,484 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:35:20" (3/3) ... [2022-11-16 11:35:20,486 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product39.cil.c [2022-11-16 11:35:20,513 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-16 11:35:20,513 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-16 11:35:20,571 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-16 11:35:20,578 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@39cf9035, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-16 11:35:20,578 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-16 11:35:20,583 INFO L276 IsEmpty]: Start isEmpty. Operand has 97 states, 73 states have (on average 1.36986301369863) internal successors, (100), 82 states have internal predecessors, (100), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2022-11-16 11:35:20,593 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-16 11:35:20,593 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:20,594 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:20,595 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:20,600 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:20,601 INFO L85 PathProgramCache]: Analyzing trace with hash -1244587252, now seen corresponding path program 1 times [2022-11-16 11:35:20,615 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:20,616 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [153124505] [2022-11-16 11:35:20,617 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:20,618 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:20,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:20,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-16 11:35:20,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:20,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-16 11:35:20,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:20,989 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:35:20,990 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:20,990 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [153124505] [2022-11-16 11:35:20,991 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [153124505] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:20,991 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:20,992 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-16 11:35:20,993 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [69521634] [2022-11-16 11:35:20,996 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:21,000 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-16 11:35:21,001 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:21,037 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-16 11:35:21,038 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 11:35:21,041 INFO L87 Difference]: Start difference. First operand has 97 states, 73 states have (on average 1.36986301369863) internal successors, (100), 82 states have internal predecessors, (100), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:35:21,119 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:21,121 INFO L93 Difference]: Finished difference Result 185 states and 250 transitions. [2022-11-16 11:35:21,122 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-16 11:35:21,124 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-16 11:35:21,124 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:21,140 INFO L225 Difference]: With dead ends: 185 [2022-11-16 11:35:21,140 INFO L226 Difference]: Without dead ends: 88 [2022-11-16 11:35:21,145 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 11:35:21,148 INFO L413 NwaCegarLoop]: 122 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 122 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:21,149 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 122 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:35:21,168 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2022-11-16 11:35:21,199 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 88. [2022-11-16 11:35:21,201 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 66 states have (on average 1.303030303030303) internal successors, (86), 74 states have internal predecessors, (86), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-11-16 11:35:21,209 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 113 transitions. [2022-11-16 11:35:21,212 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 113 transitions. Word has length 32 [2022-11-16 11:35:21,212 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:21,213 INFO L495 AbstractCegarLoop]: Abstraction has 88 states and 113 transitions. [2022-11-16 11:35:21,213 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:35:21,214 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 113 transitions. [2022-11-16 11:35:21,223 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-11-16 11:35:21,223 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:21,224 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:21,224 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-16 11:35:21,225 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:21,227 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:21,227 INFO L85 PathProgramCache]: Analyzing trace with hash 1577409017, now seen corresponding path program 1 times [2022-11-16 11:35:21,227 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:21,228 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [683225232] [2022-11-16 11:35:21,228 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:21,228 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:21,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,351 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-16 11:35:21,353 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,355 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-11-16 11:35:21,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,358 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:35:21,359 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:21,359 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [683225232] [2022-11-16 11:35:21,359 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [683225232] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:21,359 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:21,359 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 11:35:21,360 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [868837760] [2022-11-16 11:35:21,360 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:21,361 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 11:35:21,361 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:21,362 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 11:35:21,362 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:35:21,362 INFO L87 Difference]: Start difference. First operand 88 states and 113 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:35:21,391 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:21,391 INFO L93 Difference]: Finished difference Result 137 states and 175 transitions. [2022-11-16 11:35:21,405 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 11:35:21,405 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-11-16 11:35:21,405 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:21,407 INFO L225 Difference]: With dead ends: 137 [2022-11-16 11:35:21,407 INFO L226 Difference]: Without dead ends: 79 [2022-11-16 11:35:21,408 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:35:21,409 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 16 mSDsluCounter, 79 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 179 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:21,409 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 179 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:35:21,410 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-11-16 11:35:21,417 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-11-16 11:35:21,417 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 60 states have (on average 1.3166666666666667) internal successors, (79), 68 states have internal predecessors, (79), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-11-16 11:35:21,418 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 101 transitions. [2022-11-16 11:35:21,418 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 101 transitions. Word has length 33 [2022-11-16 11:35:21,419 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:21,419 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 101 transitions. [2022-11-16 11:35:21,419 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:35:21,419 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-11-16 11:35:21,424 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-11-16 11:35:21,424 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:21,425 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:21,425 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-16 11:35:21,425 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:21,428 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:21,428 INFO L85 PathProgramCache]: Analyzing trace with hash 1563484802, now seen corresponding path program 1 times [2022-11-16 11:35:21,429 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:21,430 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [803359618] [2022-11-16 11:35:21,430 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:21,430 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:21,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,558 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:35:21,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-11-16 11:35:21,565 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,567 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:35:21,567 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:21,567 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [803359618] [2022-11-16 11:35:21,567 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [803359618] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:21,568 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:21,568 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 11:35:21,568 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1305068464] [2022-11-16 11:35:21,568 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:21,569 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 11:35:21,569 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:21,569 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 11:35:21,570 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:35:21,570 INFO L87 Difference]: Start difference. First operand 79 states and 101 transitions. Second operand has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:35:21,623 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:21,623 INFO L93 Difference]: Finished difference Result 220 states and 287 transitions. [2022-11-16 11:35:21,630 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 11:35:21,630 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-11-16 11:35:21,631 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:21,632 INFO L225 Difference]: With dead ends: 220 [2022-11-16 11:35:21,632 INFO L226 Difference]: Without dead ends: 149 [2022-11-16 11:35:21,633 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:35:21,635 INFO L413 NwaCegarLoop]: 124 mSDtfsCounter, 76 mSDsluCounter, 90 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 76 SdHoareTripleChecker+Valid, 214 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:21,635 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [76 Valid, 214 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:35:21,636 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 149 states. [2022-11-16 11:35:21,658 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 149 to 146. [2022-11-16 11:35:21,658 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 146 states, 109 states have (on average 1.3394495412844036) internal successors, (146), 124 states have internal predecessors, (146), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2022-11-16 11:35:21,660 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 146 states to 146 states and 190 transitions. [2022-11-16 11:35:21,660 INFO L78 Accepts]: Start accepts. Automaton has 146 states and 190 transitions. Word has length 37 [2022-11-16 11:35:21,660 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:21,660 INFO L495 AbstractCegarLoop]: Abstraction has 146 states and 190 transitions. [2022-11-16 11:35:21,661 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.0) internal successors, (30), 3 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:35:21,661 INFO L276 IsEmpty]: Start isEmpty. Operand 146 states and 190 transitions. [2022-11-16 11:35:21,662 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-11-16 11:35:21,662 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:21,662 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:21,663 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-16 11:35:21,663 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:21,663 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:21,664 INFO L85 PathProgramCache]: Analyzing trace with hash 209384056, now seen corresponding path program 1 times [2022-11-16 11:35:21,664 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:21,664 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [873831147] [2022-11-16 11:35:21,664 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:21,664 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:21,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,833 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-16 11:35:21,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-11-16 11:35:21,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:21,854 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-16 11:35:21,854 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:21,854 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [873831147] [2022-11-16 11:35:21,854 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [873831147] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:21,855 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:21,855 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 11:35:21,855 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [904839370] [2022-11-16 11:35:21,855 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:21,856 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:35:21,856 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:21,856 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:35:21,857 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 11:35:21,857 INFO L87 Difference]: Start difference. First operand 146 states and 190 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:35:22,003 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:22,003 INFO L93 Difference]: Finished difference Result 386 states and 515 transitions. [2022-11-16 11:35:22,003 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-16 11:35:22,004 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-11-16 11:35:22,004 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:22,006 INFO L225 Difference]: With dead ends: 386 [2022-11-16 11:35:22,007 INFO L226 Difference]: Without dead ends: 248 [2022-11-16 11:35:22,008 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-16 11:35:22,009 INFO L413 NwaCegarLoop]: 114 mSDtfsCounter, 50 mSDsluCounter, 369 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 51 SdHoareTripleChecker+Valid, 483 SdHoareTripleChecker+Invalid, 78 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:22,010 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [51 Valid, 483 Invalid, 78 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:35:22,011 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 248 states. [2022-11-16 11:35:22,047 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 248 to 235. [2022-11-16 11:35:22,048 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 235 states, 176 states have (on average 1.2954545454545454) internal successors, (228), 191 states have internal predecessors, (228), 32 states have call successors, (32), 26 states have call predecessors, (32), 26 states have return successors, (40), 29 states have call predecessors, (40), 32 states have call successors, (40) [2022-11-16 11:35:22,050 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 235 states to 235 states and 300 transitions. [2022-11-16 11:35:22,050 INFO L78 Accepts]: Start accepts. Automaton has 235 states and 300 transitions. Word has length 41 [2022-11-16 11:35:22,051 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:22,051 INFO L495 AbstractCegarLoop]: Abstraction has 235 states and 300 transitions. [2022-11-16 11:35:22,051 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:35:22,051 INFO L276 IsEmpty]: Start isEmpty. Operand 235 states and 300 transitions. [2022-11-16 11:35:22,059 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-16 11:35:22,060 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:22,061 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:22,061 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-16 11:35:22,061 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:22,062 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:22,062 INFO L85 PathProgramCache]: Analyzing trace with hash -1528927009, now seen corresponding path program 1 times [2022-11-16 11:35:22,062 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:22,062 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2003775417] [2022-11-16 11:35:22,063 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:22,064 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:22,098 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,221 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:35:22,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-16 11:35:22,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,287 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-16 11:35:22,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,298 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:35:22,298 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:22,298 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2003775417] [2022-11-16 11:35:22,299 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2003775417] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:22,299 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:22,299 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 11:35:22,299 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1421565384] [2022-11-16 11:35:22,299 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:22,300 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:35:22,300 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:22,301 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:35:22,301 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 11:35:22,301 INFO L87 Difference]: Start difference. First operand 235 states and 300 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:35:22,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:22,539 INFO L93 Difference]: Finished difference Result 522 states and 677 transitions. [2022-11-16 11:35:22,540 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 11:35:22,540 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-11-16 11:35:22,541 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:22,543 INFO L225 Difference]: With dead ends: 522 [2022-11-16 11:35:22,544 INFO L226 Difference]: Without dead ends: 295 [2022-11-16 11:35:22,546 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:35:22,547 INFO L413 NwaCegarLoop]: 87 mSDtfsCounter, 65 mSDsluCounter, 290 mSDsCounter, 0 mSdLazyCounter, 120 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 377 SdHoareTripleChecker+Invalid, 142 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 120 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:22,548 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [68 Valid, 377 Invalid, 142 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 120 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:35:22,549 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 295 states. [2022-11-16 11:35:22,583 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 295 to 287. [2022-11-16 11:35:22,592 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 287 states, 218 states have (on average 1.275229357798165) internal successors, (278), 233 states have internal predecessors, (278), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2022-11-16 11:35:22,594 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 287 states to 287 states and 364 transitions. [2022-11-16 11:35:22,595 INFO L78 Accepts]: Start accepts. Automaton has 287 states and 364 transitions. Word has length 51 [2022-11-16 11:35:22,595 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:22,595 INFO L495 AbstractCegarLoop]: Abstraction has 287 states and 364 transitions. [2022-11-16 11:35:22,596 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:35:22,598 INFO L276 IsEmpty]: Start isEmpty. Operand 287 states and 364 transitions. [2022-11-16 11:35:22,599 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-16 11:35:22,599 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:22,600 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:22,600 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-16 11:35:22,600 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:22,601 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:22,602 INFO L85 PathProgramCache]: Analyzing trace with hash 1077096545, now seen corresponding path program 1 times [2022-11-16 11:35:22,602 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:22,602 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [166405379] [2022-11-16 11:35:22,602 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:22,603 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:22,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:35:22,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-16 11:35:22,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-16 11:35:22,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:22,846 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:35:22,846 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:22,846 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [166405379] [2022-11-16 11:35:22,847 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [166405379] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:22,847 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:22,847 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 11:35:22,847 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [183452079] [2022-11-16 11:35:22,847 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:22,848 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:35:22,848 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:22,849 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:35:22,849 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 11:35:22,849 INFO L87 Difference]: Start difference. First operand 287 states and 364 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-16 11:35:23,185 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:23,186 INFO L93 Difference]: Finished difference Result 596 states and 773 transitions. [2022-11-16 11:35:23,186 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-16 11:35:23,187 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 51 [2022-11-16 11:35:23,187 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:23,192 INFO L225 Difference]: With dead ends: 596 [2022-11-16 11:35:23,192 INFO L226 Difference]: Without dead ends: 317 [2022-11-16 11:35:23,194 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 17 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=54, Invalid=102, Unknown=0, NotChecked=0, Total=156 [2022-11-16 11:35:23,195 INFO L413 NwaCegarLoop]: 109 mSDtfsCounter, 213 mSDsluCounter, 320 mSDsCounter, 0 mSdLazyCounter, 171 mSolverCounterSat, 62 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 220 SdHoareTripleChecker+Valid, 429 SdHoareTripleChecker+Invalid, 233 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 62 IncrementalHoareTripleChecker+Valid, 171 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:23,196 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [220 Valid, 429 Invalid, 233 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [62 Valid, 171 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:35:23,197 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 317 states. [2022-11-16 11:35:23,242 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 317 to 291. [2022-11-16 11:35:23,243 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 291 states, 222 states have (on average 1.2702702702702702) internal successors, (282), 237 states have internal predecessors, (282), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2022-11-16 11:35:23,244 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 291 states to 291 states and 368 transitions. [2022-11-16 11:35:23,244 INFO L78 Accepts]: Start accepts. Automaton has 291 states and 368 transitions. Word has length 51 [2022-11-16 11:35:23,248 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:23,248 INFO L495 AbstractCegarLoop]: Abstraction has 291 states and 368 transitions. [2022-11-16 11:35:23,248 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-16 11:35:23,249 INFO L276 IsEmpty]: Start isEmpty. Operand 291 states and 368 transitions. [2022-11-16 11:35:23,250 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-16 11:35:23,250 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:23,250 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:23,251 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-16 11:35:23,251 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:23,251 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:23,251 INFO L85 PathProgramCache]: Analyzing trace with hash 1499798371, now seen corresponding path program 1 times [2022-11-16 11:35:23,252 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:23,252 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [725224570] [2022-11-16 11:35:23,252 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:23,252 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:23,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:23,410 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:35:23,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:23,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-11-16 11:35:23,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:23,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-16 11:35:23,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:23,434 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:35:23,434 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:23,434 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [725224570] [2022-11-16 11:35:23,434 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [725224570] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:23,434 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:23,434 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-16 11:35:23,435 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1820766471] [2022-11-16 11:35:23,435 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:23,435 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-16 11:35:23,435 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:23,436 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-16 11:35:23,436 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 11:35:23,436 INFO L87 Difference]: Start difference. First operand 291 states and 368 transitions. Second operand has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:35:23,687 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:23,687 INFO L93 Difference]: Finished difference Result 846 states and 1109 transitions. [2022-11-16 11:35:23,687 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 11:35:23,688 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 51 [2022-11-16 11:35:23,688 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:23,694 INFO L225 Difference]: With dead ends: 846 [2022-11-16 11:35:23,696 INFO L226 Difference]: Without dead ends: 563 [2022-11-16 11:35:23,701 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-16 11:35:23,703 INFO L413 NwaCegarLoop]: 138 mSDtfsCounter, 221 mSDsluCounter, 183 mSDsCounter, 0 mSdLazyCounter, 163 mSolverCounterSat, 65 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 228 SdHoareTripleChecker+Valid, 321 SdHoareTripleChecker+Invalid, 228 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 65 IncrementalHoareTripleChecker+Valid, 163 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:23,707 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [228 Valid, 321 Invalid, 228 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [65 Valid, 163 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:35:23,713 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 563 states. [2022-11-16 11:35:23,782 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 563 to 556. [2022-11-16 11:35:23,788 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 556 states, 421 states have (on average 1.2351543942992873) internal successors, (520), 445 states have internal predecessors, (520), 73 states have call successors, (73), 59 states have call predecessors, (73), 61 states have return successors, (111), 72 states have call predecessors, (111), 73 states have call successors, (111) [2022-11-16 11:35:23,792 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 556 states to 556 states and 704 transitions. [2022-11-16 11:35:23,800 INFO L78 Accepts]: Start accepts. Automaton has 556 states and 704 transitions. Word has length 51 [2022-11-16 11:35:23,800 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:23,800 INFO L495 AbstractCegarLoop]: Abstraction has 556 states and 704 transitions. [2022-11-16 11:35:23,801 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 11:35:23,801 INFO L276 IsEmpty]: Start isEmpty. Operand 556 states and 704 transitions. [2022-11-16 11:35:23,802 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2022-11-16 11:35:23,802 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:23,802 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:23,802 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-16 11:35:23,803 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:23,803 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:23,803 INFO L85 PathProgramCache]: Analyzing trace with hash -85847159, now seen corresponding path program 1 times [2022-11-16 11:35:23,803 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:23,804 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [275125097] [2022-11-16 11:35:23,804 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:23,804 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:23,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:24,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:35:24,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:24,060 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-16 11:35:24,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:24,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-11-16 11:35:24,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:24,090 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-11-16 11:35:24,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:24,092 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:35:24,093 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:24,093 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [275125097] [2022-11-16 11:35:24,093 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [275125097] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:24,093 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:24,093 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-16 11:35:24,094 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1244173824] [2022-11-16 11:35:24,094 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:24,094 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-16 11:35:24,094 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:24,095 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-16 11:35:24,095 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:35:24,095 INFO L87 Difference]: Start difference. First operand 556 states and 704 transitions. Second operand has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 11:35:25,143 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:25,144 INFO L93 Difference]: Finished difference Result 1787 states and 2374 transitions. [2022-11-16 11:35:25,144 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2022-11-16 11:35:25,144 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 55 [2022-11-16 11:35:25,145 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:25,153 INFO L225 Difference]: With dead ends: 1787 [2022-11-16 11:35:25,154 INFO L226 Difference]: Without dead ends: 1342 [2022-11-16 11:35:25,156 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 10 SyntacticMatches, 1 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 294 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=221, Invalid=969, Unknown=0, NotChecked=0, Total=1190 [2022-11-16 11:35:25,159 INFO L413 NwaCegarLoop]: 135 mSDtfsCounter, 524 mSDsluCounter, 750 mSDsCounter, 0 mSdLazyCounter, 903 mSolverCounterSat, 185 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 534 SdHoareTripleChecker+Valid, 885 SdHoareTripleChecker+Invalid, 1088 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 185 IncrementalHoareTripleChecker+Valid, 903 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:25,164 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [534 Valid, 885 Invalid, 1088 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [185 Valid, 903 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-11-16 11:35:25,167 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1342 states. [2022-11-16 11:35:25,277 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1342 to 1083. [2022-11-16 11:35:25,280 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1083 states, 820 states have (on average 1.2317073170731707) internal successors, (1010), 873 states have internal predecessors, (1010), 142 states have call successors, (142), 104 states have call predecessors, (142), 120 states have return successors, (220), 140 states have call predecessors, (220), 142 states have call successors, (220) [2022-11-16 11:35:25,287 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1083 states to 1083 states and 1372 transitions. [2022-11-16 11:35:25,287 INFO L78 Accepts]: Start accepts. Automaton has 1083 states and 1372 transitions. Word has length 55 [2022-11-16 11:35:25,287 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:25,288 INFO L495 AbstractCegarLoop]: Abstraction has 1083 states and 1372 transitions. [2022-11-16 11:35:25,288 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.4) internal successors, (44), 8 states have internal predecessors, (44), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 11:35:25,288 INFO L276 IsEmpty]: Start isEmpty. Operand 1083 states and 1372 transitions. [2022-11-16 11:35:25,290 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-11-16 11:35:25,290 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:25,290 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:25,290 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-16 11:35:25,290 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:25,291 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:25,291 INFO L85 PathProgramCache]: Analyzing trace with hash 1602781584, now seen corresponding path program 1 times [2022-11-16 11:35:25,291 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:25,291 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [281614163] [2022-11-16 11:35:25,292 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:25,292 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:25,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:25,342 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:35:25,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:25,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-16 11:35:25,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:25,384 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:25,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:25,393 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:35:25,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:25,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-11-16 11:35:25,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:25,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-11-16 11:35:25,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:25,411 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 18 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-16 11:35:25,411 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:25,412 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [281614163] [2022-11-16 11:35:25,412 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [281614163] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:25,412 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:25,412 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-11-16 11:35:25,412 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [932258766] [2022-11-16 11:35:25,413 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:25,414 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-11-16 11:35:25,414 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:25,415 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-11-16 11:35:25,415 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2022-11-16 11:35:25,415 INFO L87 Difference]: Start difference. First operand 1083 states and 1372 transitions. Second operand has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-11-16 11:35:25,775 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:25,776 INFO L93 Difference]: Finished difference Result 1319 states and 1661 transitions. [2022-11-16 11:35:25,776 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-16 11:35:25,776 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) Word has length 85 [2022-11-16 11:35:25,778 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:25,781 INFO L225 Difference]: With dead ends: 1319 [2022-11-16 11:35:25,781 INFO L226 Difference]: Without dead ends: 556 [2022-11-16 11:35:25,783 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2022-11-16 11:35:25,786 INFO L413 NwaCegarLoop]: 109 mSDtfsCounter, 310 mSDsluCounter, 223 mSDsCounter, 0 mSdLazyCounter, 225 mSolverCounterSat, 102 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 319 SdHoareTripleChecker+Valid, 332 SdHoareTripleChecker+Invalid, 327 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 102 IncrementalHoareTripleChecker+Valid, 225 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:25,786 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [319 Valid, 332 Invalid, 327 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [102 Valid, 225 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:35:25,789 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 556 states. [2022-11-16 11:35:25,840 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 556 to 530. [2022-11-16 11:35:25,842 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 530 states, 402 states have (on average 1.1965174129353233) internal successors, (481), 426 states have internal predecessors, (481), 68 states have call successors, (68), 51 states have call predecessors, (68), 59 states have return successors, (107), 68 states have call predecessors, (107), 68 states have call successors, (107) [2022-11-16 11:35:25,845 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 530 states to 530 states and 656 transitions. [2022-11-16 11:35:25,845 INFO L78 Accepts]: Start accepts. Automaton has 530 states and 656 transitions. Word has length 85 [2022-11-16 11:35:25,846 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:25,846 INFO L495 AbstractCegarLoop]: Abstraction has 530 states and 656 transitions. [2022-11-16 11:35:25,846 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 9.714285714285714) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-11-16 11:35:25,846 INFO L276 IsEmpty]: Start isEmpty. Operand 530 states and 656 transitions. [2022-11-16 11:35:25,847 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 95 [2022-11-16 11:35:25,847 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:25,848 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:25,848 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-16 11:35:25,848 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:25,849 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:25,849 INFO L85 PathProgramCache]: Analyzing trace with hash 1627346287, now seen corresponding path program 1 times [2022-11-16 11:35:25,849 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:25,849 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1217779079] [2022-11-16 11:35:25,849 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:25,850 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:25,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:35:26,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-16 11:35:26,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:26,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:35:26,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,085 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-11-16 11:35:26,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-11-16 11:35:26,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:35:26,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-11-16 11:35:26,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,110 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 8 proven. 18 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-16 11:35:26,110 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:26,111 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1217779079] [2022-11-16 11:35:26,111 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1217779079] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 11:35:26,111 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1857303306] [2022-11-16 11:35:26,111 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:26,111 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:35:26,112 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:35:26,116 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 11:35:26,125 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-16 11:35:26,242 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:26,245 INFO L263 TraceCheckSpWp]: Trace formula consists of 466 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-16 11:35:26,252 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 11:35:26,495 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 24 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 11:35:26,495 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 11:35:26,710 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 18 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-16 11:35:26,711 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1857303306] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 11:35:26,711 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 11:35:26,711 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-11-16 11:35:26,711 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1525524945] [2022-11-16 11:35:26,712 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 11:35:26,712 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-16 11:35:26,712 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:26,713 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-16 11:35:26,713 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-11-16 11:35:26,713 INFO L87 Difference]: Start difference. First operand 530 states and 656 transitions. Second operand has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-11-16 11:35:27,928 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:27,929 INFO L93 Difference]: Finished difference Result 1149 states and 1458 transitions. [2022-11-16 11:35:27,929 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2022-11-16 11:35:27,930 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) Word has length 94 [2022-11-16 11:35:27,930 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:27,933 INFO L225 Difference]: With dead ends: 1149 [2022-11-16 11:35:27,934 INFO L226 Difference]: Without dead ends: 675 [2022-11-16 11:35:27,938 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 255 GetRequests, 209 SyntacticMatches, 4 SemanticMatches, 42 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 463 ImplicationChecksByTransitivity, 0.6s TimeCoverageRelationStatistics Valid=441, Invalid=1451, Unknown=0, NotChecked=0, Total=1892 [2022-11-16 11:35:27,939 INFO L413 NwaCegarLoop]: 165 mSDtfsCounter, 473 mSDsluCounter, 624 mSDsCounter, 0 mSdLazyCounter, 636 mSolverCounterSat, 245 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 477 SdHoareTripleChecker+Valid, 789 SdHoareTripleChecker+Invalid, 881 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 245 IncrementalHoareTripleChecker+Valid, 636 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:27,939 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [477 Valid, 789 Invalid, 881 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [245 Valid, 636 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-11-16 11:35:27,941 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 675 states. [2022-11-16 11:35:27,999 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 675 to 591. [2022-11-16 11:35:28,000 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 591 states, 442 states have (on average 1.1787330316742082) internal successors, (521), 474 states have internal predecessors, (521), 78 states have call successors, (78), 65 states have call predecessors, (78), 70 states have return successors, (103), 73 states have call predecessors, (103), 78 states have call successors, (103) [2022-11-16 11:35:28,003 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 591 states to 591 states and 702 transitions. [2022-11-16 11:35:28,004 INFO L78 Accepts]: Start accepts. Automaton has 591 states and 702 transitions. Word has length 94 [2022-11-16 11:35:28,004 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:28,004 INFO L495 AbstractCegarLoop]: Abstraction has 591 states and 702 transitions. [2022-11-16 11:35:28,005 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 8.6) internal successors, (129), 10 states have internal predecessors, (129), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2022-11-16 11:35:28,005 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 702 transitions. [2022-11-16 11:35:28,007 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-11-16 11:35:28,007 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:28,008 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:28,021 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-16 11:35:28,213 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-16 11:35:28,214 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:28,214 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:28,214 INFO L85 PathProgramCache]: Analyzing trace with hash -299983089, now seen corresponding path program 1 times [2022-11-16 11:35:28,214 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:28,215 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [207064695] [2022-11-16 11:35:28,215 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:28,215 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:28,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:35:28,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,361 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-16 11:35:28,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:28,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:35:28,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-11-16 11:35:28,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,390 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:28,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:35:28,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:35:28,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,396 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-11-16 11:35:28,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:28,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,517 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:35:28,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,519 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-11-16 11:35:28,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-11-16 11:35:28,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-11-16 11:35:28,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,532 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-11-16 11:35:28,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:28,534 INFO L134 CoverageAnalysis]: Checked inductivity of 188 backedges. 79 proven. 0 refuted. 0 times theorem prover too weak. 109 trivial. 0 not checked. [2022-11-16 11:35:28,534 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:28,535 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [207064695] [2022-11-16 11:35:28,535 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [207064695] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:28,535 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:35:28,535 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-16 11:35:28,535 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1463839496] [2022-11-16 11:35:28,535 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:28,536 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-16 11:35:28,536 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:28,537 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-16 11:35:28,537 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:35:28,537 INFO L87 Difference]: Start difference. First operand 591 states and 702 transitions. Second operand has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) [2022-11-16 11:35:29,390 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:29,391 INFO L93 Difference]: Finished difference Result 1686 states and 2029 transitions. [2022-11-16 11:35:29,391 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 22 states. [2022-11-16 11:35:29,391 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) Word has length 171 [2022-11-16 11:35:29,392 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:29,397 INFO L225 Difference]: With dead ends: 1686 [2022-11-16 11:35:29,397 INFO L226 Difference]: Without dead ends: 1103 [2022-11-16 11:35:29,400 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 40 SyntacticMatches, 0 SemanticMatches, 26 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 150 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=178, Invalid=578, Unknown=0, NotChecked=0, Total=756 [2022-11-16 11:35:29,400 INFO L413 NwaCegarLoop]: 171 mSDtfsCounter, 508 mSDsluCounter, 455 mSDsCounter, 0 mSdLazyCounter, 570 mSolverCounterSat, 178 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 512 SdHoareTripleChecker+Valid, 626 SdHoareTripleChecker+Invalid, 748 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 178 IncrementalHoareTripleChecker+Valid, 570 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:29,401 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [512 Valid, 626 Invalid, 748 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [178 Valid, 570 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-11-16 11:35:29,402 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1103 states. [2022-11-16 11:35:29,511 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1103 to 1101. [2022-11-16 11:35:29,514 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1101 states, 824 states have (on average 1.145631067961165) internal successors, (944), 879 states have internal predecessors, (944), 146 states have call successors, (146), 124 states have call predecessors, (146), 130 states have return successors, (189), 133 states have call predecessors, (189), 146 states have call successors, (189) [2022-11-16 11:35:29,518 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1101 states to 1101 states and 1279 transitions. [2022-11-16 11:35:29,519 INFO L78 Accepts]: Start accepts. Automaton has 1101 states and 1279 transitions. Word has length 171 [2022-11-16 11:35:29,519 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:29,519 INFO L495 AbstractCegarLoop]: Abstraction has 1101 states and 1279 transitions. [2022-11-16 11:35:29,520 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 8.7) internal successors, (87), 7 states have internal predecessors, (87), 4 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (12), 4 states have call predecessors, (12), 4 states have call successors, (12) [2022-11-16 11:35:29,520 INFO L276 IsEmpty]: Start isEmpty. Operand 1101 states and 1279 transitions. [2022-11-16 11:35:29,527 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-11-16 11:35:29,527 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:29,527 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:29,527 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-11-16 11:35:29,528 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:29,528 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:29,528 INFO L85 PathProgramCache]: Analyzing trace with hash -1382549873, now seen corresponding path program 1 times [2022-11-16 11:35:29,528 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:29,529 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [448227829] [2022-11-16 11:35:29,529 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:29,529 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:29,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,698 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:35:29,699 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-11-16 11:35:29,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-16 11:35:29,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:29,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:35:29,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,738 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-11-16 11:35:29,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,818 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:29,819 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,820 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:35:29,821 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,823 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:35:29,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,825 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-11-16 11:35:29,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:29,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,833 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:35:29,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,837 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-11-16 11:35:29,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,839 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-11-16 11:35:29,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-11-16 11:35:29,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:29,849 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 83 proven. 10 refuted. 0 times theorem prover too weak. 91 trivial. 0 not checked. [2022-11-16 11:35:29,849 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:29,849 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [448227829] [2022-11-16 11:35:29,849 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [448227829] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 11:35:29,849 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [557071030] [2022-11-16 11:35:29,850 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:29,850 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:35:29,850 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:35:29,851 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 11:35:29,900 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-16 11:35:30,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,035 INFO L263 TraceCheckSpWp]: Trace formula consists of 671 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-16 11:35:30,044 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 11:35:30,212 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 127 proven. 0 refuted. 0 times theorem prover too weak. 57 trivial. 0 not checked. [2022-11-16 11:35:30,212 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-16 11:35:30,212 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [557071030] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:35:30,212 INFO L184 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-11-16 11:35:30,213 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [11] total 15 [2022-11-16 11:35:30,213 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [455715288] [2022-11-16 11:35:30,213 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:35:30,213 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:35:30,213 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:30,214 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:35:30,214 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=173, Unknown=0, NotChecked=0, Total=210 [2022-11-16 11:35:30,214 INFO L87 Difference]: Start difference. First operand 1101 states and 1279 transitions. Second operand has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-11-16 11:35:30,393 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:30,394 INFO L93 Difference]: Finished difference Result 2020 states and 2353 transitions. [2022-11-16 11:35:30,394 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-16 11:35:30,395 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 171 [2022-11-16 11:35:30,395 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:30,399 INFO L225 Difference]: With dead ends: 2020 [2022-11-16 11:35:30,399 INFO L226 Difference]: Without dead ends: 1023 [2022-11-16 11:35:30,402 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 209 GetRequests, 194 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 29 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=52, Invalid=220, Unknown=0, NotChecked=0, Total=272 [2022-11-16 11:35:30,403 INFO L413 NwaCegarLoop]: 162 mSDtfsCounter, 69 mSDsluCounter, 254 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 69 SdHoareTripleChecker+Valid, 416 SdHoareTripleChecker+Invalid, 75 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:30,404 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [69 Valid, 416 Invalid, 75 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:35:30,405 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1023 states. [2022-11-16 11:35:30,522 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1023 to 1008. [2022-11-16 11:35:30,524 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1008 states, 760 states have (on average 1.138157894736842) internal successors, (865), 806 states have internal predecessors, (865), 131 states have call successors, (131), 113 states have call predecessors, (131), 116 states have return successors, (167), 119 states have call predecessors, (167), 131 states have call successors, (167) [2022-11-16 11:35:30,529 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1008 states to 1008 states and 1163 transitions. [2022-11-16 11:35:30,529 INFO L78 Accepts]: Start accepts. Automaton has 1008 states and 1163 transitions. Word has length 171 [2022-11-16 11:35:30,529 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:30,530 INFO L495 AbstractCegarLoop]: Abstraction has 1008 states and 1163 transitions. [2022-11-16 11:35:30,530 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 17.5) internal successors, (105), 6 states have internal predecessors, (105), 3 states have call successors, (12), 3 states have call predecessors, (12), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-11-16 11:35:30,530 INFO L276 IsEmpty]: Start isEmpty. Operand 1008 states and 1163 transitions. [2022-11-16 11:35:30,533 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-11-16 11:35:30,534 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:35:30,534 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:30,544 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-16 11:35:30,740 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11,3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:35:30,740 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:35:30,741 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:35:30,741 INFO L85 PathProgramCache]: Analyzing trace with hash 2106216135, now seen corresponding path program 2 times [2022-11-16 11:35:30,741 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:35:30,741 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [171895109] [2022-11-16 11:35:30,741 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:35:30,741 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:35:30,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:35:30,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,931 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-11-16 11:35:30,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:30,941 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:35:30,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,952 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-11-16 11:35:30,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:30,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:35:30,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:35:30,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-11-16 11:35:30,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:30,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-11-16 11:35:30,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:31,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:35:31,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:31,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 11:35:31,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:31,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-11-16 11:35:31,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:31,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-11-16 11:35:31,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:31,060 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-11-16 11:35:31,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:35:31,062 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 66 proven. 5 refuted. 0 times theorem prover too weak. 113 trivial. 0 not checked. [2022-11-16 11:35:31,062 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:35:31,063 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [171895109] [2022-11-16 11:35:31,063 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [171895109] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 11:35:31,063 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [303274708] [2022-11-16 11:35:31,063 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 11:35:31,063 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:35:31,064 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:35:31,065 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 11:35:31,092 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-16 11:35:31,244 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 11:35:31,244 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 11:35:31,247 INFO L263 TraceCheckSpWp]: Trace formula consists of 671 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-16 11:35:31,252 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 11:35:31,516 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 134 proven. 4 refuted. 0 times theorem prover too weak. 46 trivial. 0 not checked. [2022-11-16 11:35:31,516 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 11:35:32,013 INFO L134 CoverageAnalysis]: Checked inductivity of 184 backedges. 77 proven. 39 refuted. 0 times theorem prover too weak. 68 trivial. 0 not checked. [2022-11-16 11:35:32,013 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [303274708] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 11:35:32,013 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 11:35:32,013 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 10, 11] total 26 [2022-11-16 11:35:32,014 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1503107643] [2022-11-16 11:35:32,014 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 11:35:32,014 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-11-16 11:35:32,015 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:35:32,015 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-11-16 11:35:32,015 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=121, Invalid=529, Unknown=0, NotChecked=0, Total=650 [2022-11-16 11:35:32,016 INFO L87 Difference]: Start difference. First operand 1008 states and 1163 transitions. Second operand has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) [2022-11-16 11:35:33,780 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:35:33,780 INFO L93 Difference]: Finished difference Result 2117 states and 2508 transitions. [2022-11-16 11:35:33,780 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 31 states. [2022-11-16 11:35:33,781 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) Word has length 171 [2022-11-16 11:35:33,781 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:35:33,782 INFO L225 Difference]: With dead ends: 2117 [2022-11-16 11:35:33,782 INFO L226 Difference]: Without dead ends: 0 [2022-11-16 11:35:33,787 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 416 GetRequests, 361 SyntacticMatches, 5 SemanticMatches, 50 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 531 ImplicationChecksByTransitivity, 0.9s TimeCoverageRelationStatistics Valid=557, Invalid=2095, Unknown=0, NotChecked=0, Total=2652 [2022-11-16 11:35:33,788 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 692 mSDsluCounter, 421 mSDsCounter, 0 mSdLazyCounter, 1613 mSolverCounterSat, 256 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 695 SdHoareTripleChecker+Valid, 459 SdHoareTripleChecker+Invalid, 1869 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 256 IncrementalHoareTripleChecker+Valid, 1613 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:35:33,789 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [695 Valid, 459 Invalid, 1869 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [256 Valid, 1613 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-11-16 11:35:33,790 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-16 11:35:33,790 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-16 11:35:33,790 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-16 11:35:33,790 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-16 11:35:33,791 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 171 [2022-11-16 11:35:33,791 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:35:33,791 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-16 11:35:33,791 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 26 states have (on average 8.076923076923077) internal successors, (210), 21 states have internal predecessors, (210), 9 states have call successors, (33), 10 states have call predecessors, (33), 9 states have return successors, (34), 8 states have call predecessors, (34), 9 states have call successors, (34) [2022-11-16 11:35:33,791 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-16 11:35:33,791 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-16 11:35:33,794 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-16 11:35:33,805 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-11-16 11:35:34,000 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:35:34,002 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-16 11:35:49,899 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 206 213) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|))) (and (or .cse0 (not (= 1 ~systemActive~0))) (or .cse0 (not (<= 2 ~waterLevel~0)) (= 0 ~systemActive~0)))) [2022-11-16 11:35:49,899 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 206 213) no Hoare annotation was computed. [2022-11-16 11:35:49,899 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 206 213) no Hoare annotation was computed. [2022-11-16 11:35:49,899 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 139 145) no Hoare annotation was computed. [2022-11-16 11:35:49,899 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 139 145) the Hoare annotation is: true [2022-11-16 11:35:49,900 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 915 926) the Hoare annotation is: (let ((.cse0 (not (< 1 ~waterLevel~0))) (.cse6 (not (<= 1 ~pumpRunning~0))) (.cse7 (not (<= 1 |old(~methaneLevelCritical~0)|))) (.cse5 (not (<= ~waterLevel~0 2))) (.cse1 (not (= |old(~methaneLevelCritical~0)| 0))) (.cse2 (not (= ~pumpRunning~0 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse4 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse8 (not (<= ~waterLevel~0 1)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse3 .cse4 .cse6 .cse5 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse1 .cse3 (not (= 2 ~waterLevel~0)) .cse4 .cse6) (or .cse0 .cse2 .cse3 .cse4 .cse7 .cse5) (or .cse2 .cse3 .cse4 .cse7 .cse8) (or .cse3 .cse4 (not (<= 2 ~waterLevel~0)) .cse6 .cse7 .cse5) (or .cse1 .cse2 .cse3 .cse4 .cse8))) [2022-11-16 11:35:49,900 INFO L899 garLoopResultBuilder]: For program point L919-1(lines 915 926) no Hoare annotation was computed. [2022-11-16 11:35:49,900 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 915 926) no Hoare annotation was computed. [2022-11-16 11:35:49,900 INFO L899 garLoopResultBuilder]: For program point L320(lines 320 324) no Hoare annotation was computed. [2022-11-16 11:35:49,900 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 306 335) no Hoare annotation was computed. [2022-11-16 11:35:49,901 INFO L902 garLoopResultBuilder]: At program point L320-1(lines 320 324) the Hoare annotation is: true [2022-11-16 11:35:49,901 INFO L899 garLoopResultBuilder]: For program point L317(line 317) no Hoare annotation was computed. [2022-11-16 11:35:49,901 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 306 335) the Hoare annotation is: true [2022-11-16 11:35:49,901 INFO L902 garLoopResultBuilder]: At program point L316-2(lines 316 330) the Hoare annotation is: true [2022-11-16 11:35:49,901 INFO L902 garLoopResultBuilder]: At program point L312(line 312) the Hoare annotation is: true [2022-11-16 11:35:49,901 INFO L899 garLoopResultBuilder]: For program point L312-1(line 312) no Hoare annotation was computed. [2022-11-16 11:35:49,902 INFO L902 garLoopResultBuilder]: At program point L331(lines 306 335) the Hoare annotation is: true [2022-11-16 11:35:49,902 INFO L899 garLoopResultBuilder]: For program point L327(line 327) no Hoare annotation was computed. [2022-11-16 11:35:49,902 INFO L895 garLoopResultBuilder]: At program point L192(line 192) the Hoare annotation is: (let ((.cse9 (not (< 1 |old(~waterLevel~0)|))) (.cse8 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse6 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (= ~methaneLevelCritical~0 0))) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse5 .cse6 .cse1 .cse7) (or .cse5 .cse6 .cse1 .cse7 .cse8) (or .cse1 .cse2 .cse9 .cse3 .cse10) (or .cse1 .cse2 .cse9 .cse7 .cse10) (or .cse5 .cse6 .cse1 .cse3 .cse8) (or .cse0 .cse5 .cse6 .cse1 .cse3) (or .cse1 .cse2 .cse7 .cse10 .cse4) (or .cse5 (not (= 0 ~systemActive~0))))) [2022-11-16 11:35:49,903 INFO L895 garLoopResultBuilder]: At program point L192-1(lines 173 197) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse25 (= 1 ~systemActive~0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse26 (<= 1 ~methaneLevelCritical~0)) (.cse9 (= ~pumpRunning~0 0)) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse18 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse27 (<= ~waterLevel~0 1)) (.cse19 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse28 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse20 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse21 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse22 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse4 (<= 1 ~pumpRunning~0)) (.cse17 (and .cse18 .cse10 .cse27 .cse19 .cse28 .cse20 .cse21 .cse11 .cse22)) (.cse1 (and .cse9 .cse5)) (.cse16 (not (= |old(~waterLevel~0)| 1))) (.cse3 (not .cse26)) (.cse13 (and .cse8 .cse9 .cse26 .cse10 .cse27 .cse25 .cse28 .cse11 .cse12)) (.cse14 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse24 (= ~waterLevel~0 1)) (.cse2 (not .cse25)) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse23 (not (< 1 |old(~waterLevel~0)|))) (.cse15 (not (= ~methaneLevelCritical~0 0))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5) .cse6) (or .cse2 .cse7 (and .cse8 .cse9 .cse10 .cse5 .cse11 .cse12) .cse3 .cse13 .cse6 .cse14) (or .cse0 .cse1 .cse2 .cse15 .cse6 (and .cse4 (= 2 ~waterLevel~0) .cse5)) (or .cse2 .cse7 .cse3 .cse13 (not (= |old(~waterLevel~0)| 2))) (or .cse16 .cse2 .cse17 .cse7 .cse15 .cse14) (or .cse2 .cse17 .cse7 .cse15 (and .cse18 .cse10 .cse19 .cse20 .cse21 .cse5 .cse11 .cse22) .cse6 .cse14) (or .cse2 .cse7 .cse23 .cse3 .cse24 .cse6) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3) (or .cse16 .cse2 .cse7 .cse3 .cse13 .cse14) (or (and .cse18 .cse10 .cse19 .cse20 .cse21 .cse24 .cse11 .cse22) .cse2 .cse7 .cse23 .cse15 .cse6) (or .cse0 (not (= 0 ~systemActive~0)))))) [2022-11-16 11:35:49,903 INFO L895 garLoopResultBuilder]: At program point L221(lines 214 224) the Hoare annotation is: (let ((.cse9 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse19 (<= 1 ~methaneLevelCritical~0)) (.cse21 (= 1 ~systemActive~0)) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse20 (<= ~waterLevel~0 1)) (.cse22 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse12 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse8 (<= 1 ~switchedOnBeforeTS~0)) (.cse14 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (= ~waterLevel~0 1)) (.cse10 (and .cse5 .cse6 .cse20 .cse22 .cse12 .cse8 .cse14)) (.cse11 (not (= ~methaneLevelCritical~0 0))) (.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse17 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not .cse21)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not .cse19)) (.cse18 (and (<= 1 ~pumpRunning~0) .cse5 .cse19 .cse6 .cse20 .cse21 .cse22 .cse8 .cse9)) (.cse15 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse16 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 (and .cse5 .cse6 .cse7 .cse8 .cse9)) (or .cse0 .cse1 .cse10 .cse11 .cse4 (and .cse5 .cse6 .cse12 .cse13 .cse8 .cse14) .cse15) (or .cse16 .cse0 .cse11 (not (= |old(~waterLevel~0)| 2))) (or (not (<= |old(~waterLevel~0)| 1)) .cse16 .cse0 .cse11) (or .cse0 .cse1 .cse2 .cse11 (and .cse5 .cse6 .cse12 .cse7 .cse8 .cse14) .cse4) (or .cse17 .cse0 .cse1 .cse10 .cse11 .cse15) (or .cse16 .cse0 .cse3 .cse4) (or (and .cse5 .cse6 .cse13 .cse8 .cse9) .cse0 .cse1 .cse3 .cse4 .cse18 .cse15) (or .cse17 .cse0 .cse1 .cse3 .cse18 .cse15) (or .cse16 (not (= 0 ~systemActive~0)))))) [2022-11-16 11:35:49,903 INFO L899 garLoopResultBuilder]: For program point L126-1(lines 126 132) no Hoare annotation was computed. [2022-11-16 11:35:49,903 INFO L899 garLoopResultBuilder]: For program point L506(lines 506 512) no Hoare annotation was computed. [2022-11-16 11:35:49,904 INFO L895 garLoopResultBuilder]: At program point L490(lines 483 492) the Hoare annotation is: (let ((.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse12 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (= 1 ~systemActive~0)) (.cse14 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse3 (and .cse13 (let ((.cse15 (<= 1 ~pumpRunning~0))) (or (and .cse15 .cse12 .cse11 (= ~waterLevel~0 1) .cse14) (and .cse15 .cse12 (<= 2 ~waterLevel~0) .cse11 .cse14))))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (and (= ~pumpRunning~0 0) .cse13)) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (and .cse12 .cse13 .cse14)) (.cse0 (not .cse11)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 (not (= 0 ~systemActive~0))) (or .cse7 .cse5 .cse6 .cse0 .cse2) (or .cse5 .cse6 .cse0 .cse2 .cse4) (or .cse0 .cse1 .cse8 .cse3 .cse4) (or .cse7 .cse9 .cse0 .cse1 .cse8 .cse10) (or .cse5 .cse6 .cse0 .cse8 .cse4) (or .cse7 .cse5 .cse6 .cse0 .cse8) (or .cse7 .cse9 .cse0 .cse1 .cse2 .cse10)))) [2022-11-16 11:35:49,904 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 112 138) no Hoare annotation was computed. [2022-11-16 11:35:49,904 INFO L895 garLoopResultBuilder]: At program point L932(lines 927 935) the Hoare annotation is: (let ((.cse14 (<= 1 ~methaneLevelCritical~0)) (.cse16 (<= 1 ~pumpRunning~0)) (.cse17 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse22 (= ~methaneLevelCritical~0 0)) (.cse18 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse19 (<= ~waterLevel~0 1)) (.cse15 (= 1 ~systemActive~0)) (.cse20 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse21 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse6 (not (= |old(~waterLevel~0)| 1))) (.cse8 (and .cse16 .cse17 .cse22 .cse18 .cse19 .cse15 .cse20 .cse21)) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (and .cse17 .cse18 (= ~waterLevel~0 1) .cse21)) (.cse7 (not .cse22)) (.cse12 (not (<= |old(~waterLevel~0)| 1))) (.cse13 (and .cse17 .cse18 (= |old(~waterLevel~0)| ~waterLevel~0) .cse21)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse11 (and .cse16 .cse17 .cse14 .cse18 .cse19 .cse15 .cse20 .cse21)) (.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not .cse15)) (.cse3 (not .cse14)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse0 .cse1 .cse7 .cse8 .cse9) (or .cse10 .cse0 .cse7 (not (= |old(~waterLevel~0)| 2))) (or .cse6 .cse0 .cse1 .cse3 .cse11 .cse9) (or .cse12 .cse13 .cse0 .cse1 .cse7 .cse8 .cse9) (or .cse0 .cse1 .cse2 .cse7 .cse4 .cse5) (or .cse12 .cse10 .cse0 .cse7) (or .cse12 .cse13 .cse0 .cse1 .cse3 .cse11 .cse9) (or .cse10 .cse0 .cse3 .cse5) (or .cse10 (not (= 0 ~systemActive~0)))))) [2022-11-16 11:35:49,905 INFO L899 garLoopResultBuilder]: For program point L895(lines 895 899) no Hoare annotation was computed. [2022-11-16 11:35:49,905 INFO L895 garLoopResultBuilder]: At program point L895-2(lines 891 902) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse16 (<= 1 ~methaneLevelCritical~0)) (.cse18 (<= ~waterLevel~0 1)) (.cse17 (= 1 ~systemActive~0)) (.cse19 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse10 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse13 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse14 (and (<= 1 ~pumpRunning~0) .cse8 .cse16 .cse18 .cse17 .cse19 .cse10)) (.cse15 (and .cse8 (= |old(~waterLevel~0)| ~waterLevel~0) .cse10)) (.cse4 (and .cse8 .cse18 .cse17 .cse19 .cse10)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse9 (= ~waterLevel~0 1)) (.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse7 (not .cse16)) (.cse11 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse6 .cse7 (and .cse8 .cse9 .cse10) .cse11) (or .cse12 .cse1 .cse3 .cse13) (or .cse1 .cse2 .cse3 .cse13 .cse4) (or .cse0 .cse1 .cse2 .cse14 .cse7 .cse5) (or .cse15 .cse1 .cse2 .cse14 .cse7 .cse11 .cse5) (or .cse15 .cse1 .cse2 .cse3 .cse4 .cse11 .cse5) (or .cse1 .cse2 .cse6 .cse3 .cse9 .cse11) (or (not (<= |old(~waterLevel~0)| 1)) .cse12 .cse1 .cse3) (or .cse12 .cse1 .cse7 .cse11) (or .cse12 (not (= 0 ~systemActive~0)))))) [2022-11-16 11:35:49,905 INFO L899 garLoopResultBuilder]: For program point L119(lines 119 125) no Hoare annotation was computed. [2022-11-16 11:35:49,906 INFO L895 garLoopResultBuilder]: At program point L503(line 503) the Hoare annotation is: (let ((.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse24 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse25 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse26 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse27 (<= 0 |timeShift_isMethaneAlarm_#res#1|)) (.cse3 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse4 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse5 (= ~pumpRunning~0 0)) (.cse32 (<= 1 ~methaneLevelCritical~0)) (.cse6 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse20 (<= ~waterLevel~0 1)) (.cse30 (= 1 ~systemActive~0)) (.cse31 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse7 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| ~waterLevel~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse10 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse22 (not (= 0 ~systemActive~0))) (.cse8 (= ~waterLevel~0 1)) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse12 (not (<= |old(~waterLevel~0)| 2))) (.cse19 (not (= |old(~pumpRunning~0)| 0))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse15 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse16 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse17 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (and .cse3 .cse4 .cse5 .cse32 .cse6 .cse20 .cse30 .cse31 .cse7 .cse9 .cse10)) (.cse11 (not .cse32)) (.cse29 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not .cse30)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse21 (not (= ~methaneLevelCritical~0 0))) (.cse28 (and .cse23 .cse3 .cse6 .cse20 .cse30 .cse24 .cse31 .cse25 .cse26 .cse7 .cse9 .cse27)) (.cse18 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5 .cse6 .cse7 .cse8 .cse9 .cse10) .cse11 .cse12) (or .cse13 .cse14 .cse0 .cse1 .cse11 (and .cse4 .cse5 .cse15 .cse6 .cse16 .cse17 .cse9 .cse10) .cse18) (or .cse19 .cse0 (and .cse5 .cse15 .cse20 .cse16 .cse17) .cse11 .cse12) (or .cse19 .cse0 .cse21 (not (= |old(~waterLevel~0)| 2))) (or .cse19 (and .cse5 .cse17) .cse22) (or .cse19 .cse2 .cse12 .cse22) (or (and .cse23 .cse3 .cse6 .cse24 .cse25 .cse26 .cse7 .cse8 .cse9 .cse27) .cse0 .cse1 .cse2 .cse21 .cse12) (or .cse13 .cse19 .cse0 .cse21 (and .cse5 .cse15 .cse16 .cse17)) (or .cse13 .cse0 .cse1 (and .cse23 .cse15 .cse6 .cse24 .cse25 .cse26 .cse16 .cse17 .cse9 .cse27) .cse21 .cse28 .cse18) (or .cse29 .cse14 .cse0 .cse1 .cse11 .cse18) (or .cse29 .cse0 .cse1 .cse21 .cse28 .cse18)))) [2022-11-16 11:35:49,906 INFO L899 garLoopResultBuilder]: For program point L503-1(line 503) no Hoare annotation was computed. [2022-11-16 11:35:49,906 INFO L899 garLoopResultBuilder]: For program point L119-2(lines 115 137) no Hoare annotation was computed. [2022-11-16 11:35:49,906 INFO L899 garLoopResultBuilder]: For program point L181(lines 181 189) no Hoare annotation was computed. [2022-11-16 11:35:49,906 INFO L899 garLoopResultBuilder]: For program point L177(lines 177 194) no Hoare annotation was computed. [2022-11-16 11:35:49,907 INFO L899 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-11-16 11:35:49,907 INFO L895 garLoopResultBuilder]: At program point L488(line 488) the Hoare annotation is: (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~pumpRunning~0 0)) (.cse15 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse19 (< 1 ~waterLevel~0)) (.cse17 (= 1 ~systemActive~0)) (.cse20 (<= ~waterLevel~0 2))) (let ((.cse4 (and .cse14 .cse18 .cse15 .cse19 .cse17 .cse20)) (.cse5 (not (<= 2 |old(~waterLevel~0)|))) (.cse10 (not (< 1 |old(~waterLevel~0)|))) (.cse11 (and (<= 1 ~pumpRunning~0) .cse14 .cse15 .cse19 .cse17 .cse20)) (.cse6 (and .cse18 .cse15 .cse16)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (and .cse14 .cse15 .cse16)) (.cse13 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse0 .cse1 .cse2) (or .cse6 .cse7 .cse0 .cse1 .cse8) (or .cse0 .cse1 .cse8 .cse3 .cse4 .cse5) (or .cse1 .cse9 .cse10 .cse11 .cse2 .cse3) (or .cse1 .cse9 .cse10 .cse11 .cse8 .cse3) (or .cse6 .cse0 (not (= 0 ~systemActive~0))) (or .cse7 .cse1 .cse9 .cse2 .cse12 .cse13) (or .cse1 .cse9 .cse8 .cse3 .cse12 .cse13)))) [2022-11-16 11:35:49,907 INFO L899 garLoopResultBuilder]: For program point L488-1(line 488) no Hoare annotation was computed. [2022-11-16 11:35:49,908 INFO L895 garLoopResultBuilder]: At program point L187(line 187) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse11 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse12 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse13 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse14 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse15 (<= 1 ~switchedOnBeforeTS~0)) (.cse16 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse9 (and .cse10 .cse11 (<= ~waterLevel~0 1) .cse12 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse13 .cse14 .cse15 .cse16)) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse1 .cse6 (not (= |old(~waterLevel~0)| 2))) (or .cse1 .cse2 .cse7 .cse3 .cse8) (or (not (= |old(~waterLevel~0)| 1)) .cse1 .cse9 .cse2 .cse6 .cse4) (or .cse1 .cse9 .cse2 .cse6 (and .cse10 .cse11 .cse12 .cse13 .cse14 (= |old(~waterLevel~0)| ~waterLevel~0) .cse15 .cse16) .cse8 .cse4) (or .cse0 .cse5 .cse1 .cse6) (or .cse5 .cse1 .cse3 .cse8) (or (and .cse10 .cse11 .cse12 .cse13 .cse14 (= ~waterLevel~0 1) .cse15 .cse16) .cse1 .cse2 .cse7 .cse6 .cse8) (or .cse5 (not (= 0 ~systemActive~0)))))) [2022-11-16 11:35:49,908 INFO L899 garLoopResultBuilder]: For program point L505(lines 505 515) no Hoare annotation was computed. [2022-11-16 11:35:49,908 INFO L895 garLoopResultBuilder]: At program point L183(line 183) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse17 (<= 1 ~methaneLevelCritical~0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse16 (= 1 ~systemActive~0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse7 (not (= |old(~waterLevel~0)| 2))) (.cse2 (and (<= 1 ~pumpRunning~0) .cse8 .cse9 .cse17 .cse10 (<= ~waterLevel~0 1) .cse16 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse11 .cse12)) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not .cse17)) (.cse0 (not .cse16)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse15 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse3 .cse7) (or (and .cse8 .cse9 .cse10 (= |old(~waterLevel~0)| ~waterLevel~0) .cse11 .cse12) .cse13 .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse1 .cse14 .cse6 .cse15) (or .cse0 .cse1 .cse14 .cse3 (= ~waterLevel~0 1) .cse15) (or .cse13 .cse5 .cse0 .cse6) (or .cse5 .cse0 .cse3 .cse15) (or .cse0 .cse1 .cse6 .cse15 .cse4) (or .cse5 (not (= 0 ~systemActive~0)))))) [2022-11-16 11:35:49,909 INFO L895 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (let ((.cse7 (not (< 1 |old(~waterLevel~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse5 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse1 .cse6 (not (= |old(~waterLevel~0)| 2))) (or .cse1 .cse2 .cse7 .cse3 .cse8) (or .cse1 .cse2 .cse7 .cse6 .cse8) (or .cse0 .cse5 .cse1 .cse6) (or .cse5 .cse1 .cse3 .cse8) (or .cse1 .cse2 .cse6 .cse8 .cse4) (or .cse5 (not (= 0 ~systemActive~0))))) [2022-11-16 11:35:49,909 INFO L899 garLoopResultBuilder]: For program point L501(lines 501 518) no Hoare annotation was computed. [2022-11-16 11:35:49,909 INFO L895 garLoopResultBuilder]: At program point L501-1(lines 493 521) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse9 (= ~pumpRunning~0 0)) (.cse34 (<= 1 ~methaneLevelCritical~0)) (.cse14 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse32 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse21 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse33 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse36 (<= 1 ~pumpRunning~0)) (.cse22 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse37 (= ~methaneLevelCritical~0 0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse30 (<= ~waterLevel~0 1)) (.cse29 (= 1 ~systemActive~0)) (.cse23 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse35 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse24 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse25 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| ~waterLevel~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0)) (.cse26 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse2 (and .cse36 .cse22 .cse7 .cse37 .cse10 .cse30 .cse29 .cse23 .cse35 .cse24 .cse25 .cse11 .cse13 .cse26)) (.cse17 (not (<= |old(~waterLevel~0)| 1))) (.cse12 (= ~waterLevel~0 1)) (.cse19 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse20 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1| 2)) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse28 (not (= 0 ~systemActive~0))) (.cse27 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not .cse37)) (.cse31 (and .cse36 .cse32 (<= 2 ~waterLevel~0) .cse29 .cse21 .cse33)) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse18 (and .cse7 .cse8 .cse9 .cse34 .cse10 .cse30 .cse29 .cse35 .cse11 .cse13 .cse14)) (.cse1 (not .cse29)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse15 (not .cse34)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse3 .cse6 (and .cse7 .cse8 .cse9 .cse10 .cse11 .cse12 .cse13 .cse14) .cse15 .cse16) (or .cse17 .cse18 .cse1 .cse3 .cse15 (and .cse8 .cse9 .cse19 .cse10 .cse20 .cse21 .cse13 .cse14) .cse5) (or .cse17 .cse1 .cse2 .cse3 (and .cse22 .cse19 .cse10 .cse23 .cse24 .cse25 .cse20 .cse21 .cse13 .cse26) .cse4 .cse5) (or .cse27 (and .cse9 .cse21) .cse28) (or .cse17 .cse27 .cse1 .cse4 (and .cse22 .cse9 .cse19 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~5#1|)) .cse29 .cse21)) (or (and .cse22 .cse7 .cse10 .cse23 .cse24 .cse25 .cse11 .cse12 .cse13 .cse26) .cse1 .cse3 .cse6 .cse4 .cse16) (or .cse27 .cse1 (and .cse22 .cse9 .cse19 .cse30 .cse29 .cse20 .cse21) .cse15 .cse31 .cse16 (and .cse22 .cse9 (= 2 ~waterLevel~0) .cse32 .cse29 .cse21 .cse33)) (or .cse27 .cse6 (and .cse32 .cse33) .cse16 .cse28) (or .cse27 .cse1 (and .cse22 .cse9 .cse32 .cse29 .cse21 .cse33) .cse4 .cse31 (not (= |old(~waterLevel~0)| 2))) (or .cse0 .cse18 .cse1 .cse3 .cse15 .cse5)))) [2022-11-16 11:35:49,910 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 112 138) the Hoare annotation is: (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse14 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~pumpRunning~0 0)) (.cse15 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse19 (< 1 ~waterLevel~0)) (.cse17 (= 1 ~systemActive~0)) (.cse20 (<= ~waterLevel~0 2))) (let ((.cse4 (and .cse14 .cse18 .cse15 .cse19 .cse17 .cse20)) (.cse5 (not (<= 2 |old(~waterLevel~0)|))) (.cse10 (not (< 1 |old(~waterLevel~0)|))) (.cse11 (and (<= 1 ~pumpRunning~0) .cse14 .cse15 .cse19 .cse17 .cse20)) (.cse6 (and .cse18 .cse15 .cse16)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse1 (not .cse17)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (and .cse14 .cse15 .cse16)) (.cse13 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse0 .cse1 .cse2) (or .cse6 .cse7 .cse0 .cse1 .cse8) (or .cse0 .cse1 .cse8 .cse3 .cse4 .cse5) (or .cse1 .cse9 .cse10 .cse11 .cse2 .cse3) (or .cse1 .cse9 .cse10 .cse11 .cse8 .cse3) (or .cse6 .cse0 (not (= 0 ~systemActive~0))) (or .cse7 .cse1 .cse9 .cse2 .cse12 .cse13) (or .cse1 .cse9 .cse8 .cse3 .cse12 .cse13)))) [2022-11-16 11:35:49,910 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 112 138) no Hoare annotation was computed. [2022-11-16 11:35:49,910 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-11-16 11:35:49,911 INFO L895 garLoopResultBuilder]: At program point L964(lines 959 967) the Hoare annotation is: (let ((.cse8 (<= ~methaneLevelCritical~0 |timeShift_processEnvironment_~tmp~1#1|)) (.cse4 (= ~pumpRunning~0 0)) (.cse12 (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse31 (<= 1 ~methaneLevelCritical~0)) (.cse20 (<= 1 ~pumpRunning~0)) (.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse34 (= ~methaneLevelCritical~0 0)) (.cse9 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse17 (<= ~waterLevel~0 1)) (.cse32 (= 1 ~systemActive~0)) (.cse24 (< 0 (+ |timeShift_processEnvironment_~tmp~1#1| 1))) (.cse33 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse25 (<= |timeShift_isMethaneAlarm_#res#1| 0)) (.cse26 (<= |timeShift_processEnvironment_~tmp~1#1| 0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0)) (.cse27 (<= 0 |timeShift_isMethaneAlarm_#res#1|))) (let ((.cse21 (not (= 0 ~systemActive~0))) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse10 (= ~waterLevel~0 1)) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse5 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse22 (and .cse20 .cse23 .cse7 .cse34 .cse9 .cse17 .cse32 .cse24 .cse33 .cse25 .cse26 .cse11 .cse27)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not .cse34)) (.cse19 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse30 (not (= |old(~waterLevel~0)| 1))) (.cse2 (not .cse32)) (.cse13 (not (<= 1 |old(~pumpRunning~0)|))) (.cse15 (not .cse31)) (.cse29 (and .cse7 .cse8 .cse4 .cse31 .cse9 .cse17 .cse32 .cse33 .cse11 .cse12)) (.cse28 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 (and .cse4 .cse5 .cse6)) (or (and .cse7 .cse8 .cse4 .cse9 .cse10 .cse11 .cse12) .cse2 .cse13 .cse14 .cse15 .cse16) (let ((.cse18 (= 2 ~waterLevel~0))) (or .cse1 .cse2 .cse15 (and .cse4 .cse5 .cse17 .cse6) (and .cse4 .cse18 .cse19 .cse6) .cse16 (and .cse20 .cse18 .cse19 .cse6))) (or .cse1 (and .cse4 .cse6) .cse21) (or .cse1 .cse19 .cse14 .cse16 .cse21) (or .cse0 .cse2 .cse13 .cse3 .cse22 (and .cse23 .cse5 .cse9 .cse24 .cse25 .cse26 .cse6 .cse11 .cse27) .cse28) (or .cse2 .cse13 .cse14 .cse3 .cse16 (and .cse23 .cse7 .cse9 .cse24 .cse25 .cse26 .cse10 .cse11 .cse27)) (or .cse0 (and .cse8 .cse4 .cse5 .cse9 .cse6 .cse11 .cse12) .cse2 .cse13 .cse15 .cse29 .cse28) (or .cse30 .cse2 .cse13 .cse3 .cse22 .cse28) (or (and .cse4 .cse19 .cse6) .cse1 .cse2 .cse3 (and .cse20 .cse19 .cse6) .cse16 (not (<= 2 |old(~waterLevel~0)|))) (or .cse30 .cse2 .cse13 .cse15 .cse29 .cse28)))) [2022-11-16 11:35:49,911 INFO L899 garLoopResultBuilder]: For program point L436(lines 436 442) no Hoare annotation was computed. [2022-11-16 11:35:49,911 INFO L899 garLoopResultBuilder]: For program point L436-1(lines 436 442) no Hoare annotation was computed. [2022-11-16 11:35:49,911 INFO L895 garLoopResultBuilder]: At program point L366(lines 362 368) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:35:49,912 INFO L895 garLoopResultBuilder]: At program point L77(lines 73 79) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:35:49,912 INFO L895 garLoopResultBuilder]: At program point L461(lines 416 463) the Hoare annotation is: (let ((.cse6 (<= 1 ~methaneLevelCritical~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse6 .cse7 .cse3 .cse4) (and .cse0 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse4 (= 0 ~systemActive~0)) (and .cse5 .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse2 .cse7 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse5 .cse2 .cse7 .cse3 .cse4))) [2022-11-16 11:35:49,912 INFO L895 garLoopResultBuilder]: At program point L428(line 428) the Hoare annotation is: (let ((.cse6 (<= 1 ~methaneLevelCritical~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse6 .cse7 .cse3 .cse4) (and .cse0 .cse6 .cse1 .cse3 .cse4) (and .cse5 .cse4 (= 0 ~systemActive~0)) (and .cse5 .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse2 .cse7 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse5 .cse2 .cse7 .cse3 .cse4))) [2022-11-16 11:35:49,912 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-16 11:35:49,912 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-16 11:35:49,913 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-16 11:35:49,913 INFO L902 garLoopResultBuilder]: At program point L379(lines 371 381) the Hoare annotation is: true [2022-11-16 11:35:49,913 INFO L895 garLoopResultBuilder]: At program point L301(lines 289 303) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= 0 ~systemActive~0)) [2022-11-16 11:35:49,913 INFO L899 garLoopResultBuilder]: For program point L392(lines 392 399) no Hoare annotation was computed. [2022-11-16 11:35:49,913 INFO L899 garLoopResultBuilder]: For program point L392-2(lines 392 399) no Hoare annotation was computed. [2022-11-16 11:35:49,913 INFO L899 garLoopResultBuilder]: For program point L293(lines 293 299) no Hoare annotation was computed. [2022-11-16 11:35:49,913 INFO L899 garLoopResultBuilder]: For program point L293-1(lines 293 299) no Hoare annotation was computed. [2022-11-16 11:35:49,914 INFO L899 garLoopResultBuilder]: For program point L417(lines 416 463) no Hoare annotation was computed. [2022-11-16 11:35:49,914 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-16 11:35:49,914 INFO L899 garLoopResultBuilder]: For program point L446(lines 446 459) no Hoare annotation was computed. [2022-11-16 11:35:49,914 INFO L895 garLoopResultBuilder]: At program point L438(line 438) the Hoare annotation is: (let ((.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse2 (< 1 ~waterLevel~0)) (.cse5 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse8 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse1 .cse3 .cse4 .cse5) (and .cse0 .cse7 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse4 (= 0 ~systemActive~0)) (and .cse6 (= 2 ~waterLevel~0) .cse7 .cse3 .cse4) (and .cse0 .cse7 .cse8 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse6 .cse7 .cse8 .cse3 .cse4))) [2022-11-16 11:35:49,914 INFO L902 garLoopResultBuilder]: At program point L467(lines 406 471) the Hoare annotation is: true [2022-11-16 11:35:49,914 INFO L902 garLoopResultBuilder]: At program point L401(lines 382 404) the Hoare annotation is: true [2022-11-16 11:35:49,915 INFO L899 garLoopResultBuilder]: For program point L426(lines 426 432) no Hoare annotation was computed. [2022-11-16 11:35:49,915 INFO L899 garLoopResultBuilder]: For program point L426-1(lines 426 432) no Hoare annotation was computed. [2022-11-16 11:35:49,915 INFO L899 garLoopResultBuilder]: For program point L418(lines 418 422) no Hoare annotation was computed. [2022-11-16 11:35:49,915 INFO L895 garLoopResultBuilder]: At program point L480(lines 475 482) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:35:49,915 INFO L895 garLoopResultBuilder]: At program point L92(lines 87 95) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:35:49,915 INFO L895 garLoopResultBuilder]: At program point L84(lines 80 86) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 11:35:49,916 INFO L895 garLoopResultBuilder]: At program point L464(lines 415 465) the Hoare annotation is: false [2022-11-16 11:35:49,916 INFO L895 garLoopResultBuilder]: At program point L295(line 295) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (= 1 ~systemActive~0) .cse0) (and (<= 2 ~waterLevel~0) .cse0 (not (= 0 ~systemActive~0))))) [2022-11-16 11:35:49,916 INFO L899 garLoopResultBuilder]: For program point L452(lines 452 458) no Hoare annotation was computed. [2022-11-16 11:35:49,916 INFO L895 garLoopResultBuilder]: At program point L452-2(lines 446 459) the Hoare annotation is: (let ((.cse2 (< 1 ~waterLevel~0)) (.cse5 (<= ~waterLevel~0 2)) (.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse8 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse1 .cse3 .cse4 .cse5) (and .cse0 .cse7 .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse1 .cse8 .cse3 .cse4 .cse9) (and .cse6 .cse4 (= 0 ~systemActive~0)) (and .cse6 (= 2 ~waterLevel~0) .cse7 .cse3 .cse4) (and .cse0 .cse7 .cse8 .cse3 .cse4 .cse9) (and .cse6 .cse7 .cse8 .cse3 .cse4))) [2022-11-16 11:35:49,917 INFO L895 garLoopResultBuilder]: At program point L161(line 161) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) .cse2 .cse3) (or .cse0 .cse1 .cse4 .cse2 .cse3) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:35:49,917 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 147 171) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse3 (not (<= 2 ~waterLevel~0))) (.cse7 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse6 (not (<= ~waterLevel~0 1)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse1 .cse2 .cse4 .cse6) (or .cse0 .cse1 .cse2 .cse7 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse7 .cse5) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 .cse6 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:35:49,917 INFO L895 garLoopResultBuilder]: At program point L285(lines 270 288) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0)) (.cse8 (= 1 ~systemActive~0))) (let ((.cse4 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not .cse8)) (.cse3 (= 2 ~waterLevel~0)) (.cse7 (not (= ~methaneLevelCritical~0 0))) (.cse6 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~2#1| 0)) .cse1 .cse8 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0)))) (and (or .cse0 .cse1 .cse2 (not .cse3) .cse4) (or .cse0 .cse2 .cse4 .cse5 .cse6) (or .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse7 .cse5 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse2 (and .cse1 .cse3) .cse7 (not (<= ~waterLevel~0 2)) .cse6)))) [2022-11-16 11:35:49,917 INFO L899 garLoopResultBuilder]: For program point L155(lines 155 163) no Hoare annotation was computed. [2022-11-16 11:35:49,917 INFO L899 garLoopResultBuilder]: For program point L151(lines 151 168) no Hoare annotation was computed. [2022-11-16 11:35:49,918 INFO L899 garLoopResultBuilder]: For program point L279(lines 279 283) no Hoare annotation was computed. [2022-11-16 11:35:49,918 INFO L899 garLoopResultBuilder]: For program point L279-2(lines 279 283) no Hoare annotation was computed. [2022-11-16 11:35:49,918 INFO L895 garLoopResultBuilder]: At program point L977(lines 968 981) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0))) (let ((.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse6 (and .cse1 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)))) (.cse7 (not (<= ~waterLevel~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 2 ~waterLevel~0))) (.cse8 (not (<= 1 ~methaneLevelCritical~0))) (.cse5 (not (<= ~waterLevel~0 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse6 .cse4 .cse7) (or .cse2 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 .cse7 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse2 .cse6 .cse8 .cse7) (or .cse0 .cse1 .cse2 .cse3 .cse8 .cse5)))) [2022-11-16 11:35:49,918 INFO L895 garLoopResultBuilder]: At program point L203(lines 198 205) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse3 (not (<= ~waterLevel~0 2)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 ~methaneLevelCritical~0)) .cse3) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse2 .cse4 .cse3))) [2022-11-16 11:35:49,919 INFO L895 garLoopResultBuilder]: At program point L166(line 166) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) .cse2) (or .cse0 .cse1 .cse3 .cse2) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse3 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:35:49,919 INFO L899 garLoopResultBuilder]: For program point L166-1(lines 147 171) no Hoare annotation was computed. [2022-11-16 11:35:49,919 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 147 171) no Hoare annotation was computed. [2022-11-16 11:35:49,919 INFO L899 garLoopResultBuilder]: For program point L972(lines 972 978) no Hoare annotation was computed. [2022-11-16 11:35:49,919 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 903 914) no Hoare annotation was computed. [2022-11-16 11:35:49,919 INFO L899 garLoopResultBuilder]: For program point L907-1(lines 903 914) no Hoare annotation was computed. [2022-11-16 11:35:49,920 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 903 914) the Hoare annotation is: (let ((.cse1 (not (<= 1 ~methaneLevelCritical~0))) (.cse6 (not (= ~pumpRunning~0 0))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 ~pumpRunning~0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 (not (= |old(~waterLevel~0)| 2)) .cse3) (or .cse0 .cse4 .cse2 .cse3 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse6 .cse0 .cse1 .cse3 .cse5) (or .cse6 .cse3 (not (= 0 ~systemActive~0))) (or .cse6 .cse0 .cse4 .cse3 .cse5) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse4 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:35:49,920 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 225 233) no Hoare annotation was computed. [2022-11-16 11:35:49,920 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 225 233) the Hoare annotation is: true [2022-11-16 11:35:49,920 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 225 233) no Hoare annotation was computed. [2022-11-16 11:35:49,924 INFO L444 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:35:49,925 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-16 11:35:49,996 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 16.11 11:35:49 BoogieIcfgContainer [2022-11-16 11:35:49,996 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-16 11:35:49,996 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-16 11:35:49,996 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-16 11:35:49,997 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-16 11:35:49,997 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:35:20" (3/4) ... [2022-11-16 11:35:50,000 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-16 11:35:50,005 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-16 11:35:50,006 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-16 11:35:50,006 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-16 11:35:50,006 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-16 11:35:50,006 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-16 11:35:50,007 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:35:50,007 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-16 11:35:50,007 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-16 11:35:50,013 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 52 nodes and edges [2022-11-16 11:35:50,013 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-11-16 11:35:50,014 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-11-16 11:35:50,014 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-16 11:35:50,015 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-16 11:35:50,015 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 11:35:50,015 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 11:35:50,039 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:35:50,040 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-16 11:35:50,040 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || (((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && !(2 <= tmp)) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && waterLevel <= 1) && 1 == systemActive) && tmp < 2) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2))) && ((((!(\old(pumpRunning) == 0) || !(1 < \old(waterLevel))) || (2 == \result && tmp == 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(methaneLevelCritical == 0)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:35:50,040 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-16 11:35:50,041 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-16 11:35:50,041 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel)) && (((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || ((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result))) && ((((((!(\old(waterLevel) <= 1) || ((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:35:50,041 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-16 11:35:50,042 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-11-16 11:35:50,042 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1))) && (((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) [2022-11-16 11:35:50,042 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 == waterLevel)) || !(1 <= methaneLevelCritical)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0)) [2022-11-16 11:35:50,042 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) [2022-11-16 11:35:50,065 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/witness.graphml [2022-11-16 11:35:50,065 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-16 11:35:50,066 INFO L158 Benchmark]: Toolchain (without parser) took 30861.21ms. Allocated memory was 123.7MB in the beginning and 293.6MB in the end (delta: 169.9MB). Free memory was 82.4MB in the beginning and 110.0MB in the end (delta: -27.7MB). Peak memory consumption was 142.2MB. Max. memory is 16.1GB. [2022-11-16 11:35:50,066 INFO L158 Benchmark]: CDTParser took 0.29ms. Allocated memory is still 123.7MB. Free memory is still 100.2MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 11:35:50,066 INFO L158 Benchmark]: CACSL2BoogieTranslator took 591.39ms. Allocated memory is still 123.7MB. Free memory was 82.2MB in the beginning and 90.1MB in the end (delta: -7.9MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. [2022-11-16 11:35:50,067 INFO L158 Benchmark]: Boogie Procedure Inliner took 70.61ms. Allocated memory is still 123.7MB. Free memory was 90.1MB in the beginning and 87.8MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 11:35:50,067 INFO L158 Benchmark]: Boogie Preprocessor took 28.43ms. Allocated memory is still 123.7MB. Free memory was 87.8MB in the beginning and 85.9MB in the end (delta: 1.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 11:35:50,067 INFO L158 Benchmark]: RCFGBuilder took 559.66ms. Allocated memory is still 123.7MB. Free memory was 85.9MB in the beginning and 67.0MB in the end (delta: 18.8MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-16 11:35:50,068 INFO L158 Benchmark]: TraceAbstraction took 29529.79ms. Allocated memory was 123.7MB in the beginning and 293.6MB in the end (delta: 169.9MB). Free memory was 66.4MB in the beginning and 116.3MB in the end (delta: -49.9MB). Peak memory consumption was 148.7MB. Max. memory is 16.1GB. [2022-11-16 11:35:50,068 INFO L158 Benchmark]: Witness Printer took 68.99ms. Allocated memory is still 293.6MB. Free memory was 116.3MB in the beginning and 110.0MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-16 11:35:50,070 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.29ms. Allocated memory is still 123.7MB. Free memory is still 100.2MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 591.39ms. Allocated memory is still 123.7MB. Free memory was 82.2MB in the beginning and 90.1MB in the end (delta: -7.9MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 70.61ms. Allocated memory is still 123.7MB. Free memory was 90.1MB in the beginning and 87.8MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 28.43ms. Allocated memory is still 123.7MB. Free memory was 87.8MB in the beginning and 85.9MB in the end (delta: 1.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 559.66ms. Allocated memory is still 123.7MB. Free memory was 85.9MB in the beginning and 67.0MB in the end (delta: 18.8MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 29529.79ms. Allocated memory was 123.7MB in the beginning and 293.6MB in the end (delta: 169.9MB). Free memory was 66.4MB in the beginning and 116.3MB in the end (delta: -49.9MB). Peak memory consumption was 148.7MB. Max. memory is 16.1GB. * Witness Printer took 68.99ms. Allocated memory is still 293.6MB. Free memory was 116.3MB in the beginning and 110.0MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 97 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 29.4s, OverallIterations: 13, TraceHistogramMax: 5, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.1s, AutomataDifference: 6.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 15.9s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 3269 SdHoareTripleChecker+Valid, 3.7s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 3217 mSDsluCounter, 5632 SdHoareTripleChecker+Invalid, 3.0s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4058 mSDsCounter, 1132 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 4542 IncrementalHoareTripleChecker+Invalid, 5674 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1132 mSolverCounterUnsat, 1574 mSDtfsCounter, 4542 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1101 GetRequests, 880 SyntacticMatches, 10 SemanticMatches, 211 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1515 ImplicationChecksByTransitivity, 2.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1101occurred in iteration=11, InterpolantAutomatonStates: 176, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.8s AutomataMinimizationTime, 13 MinimizatonAttempts, 443 StatesRemovedByMinimization, 10 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 45 LocationsWithAnnotation, 3262 PreInvPairs, 3716 NumberOfFragments, 6464 HoareAnnotationTreeSize, 3262 FomulaSimplifications, 8247 FormulaSimplificationTreeSizeReduction, 1.4s HoareSimplificationTime, 45 FomulaSimplificationsInter, 48935 FormulaSimplificationTreeSizeReductionInter, 14.3s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.6s SatisfiabilityAnalysisTime, 4.0s InterpolantComputationTime, 1479 NumberOfCodeBlocks, 1479 NumberOfCodeBlocksAsserted, 17 NumberOfCheckSat, 1726 ConstructedInterpolants, 0 QuantifiedInterpolants, 3493 SizeOfPredicates, 11 NumberOfNonLiveVariables, 1808 ConjunctsInSsa, 28 ConjunctsInUnsatCore, 18 InterpolantComputations, 11 PerfectInterpolantSequences, 1165/1258 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 80]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 416]: Loop Invariant Derived loop invariant: ((((((((((1 <= pumpRunning && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0)) || ((((1 <= pumpRunning && 1 <= methaneLevelCritical) && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || ((pumpRunning == 0 && splverifierCounter == 0) && 0 == systemActive)) || ((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0)) || (((((1 <= pumpRunning && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS)) || ((((pumpRunning == 0 && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 371]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 493]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(waterLevel) <= 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || (((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || (((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && !(2 <= tmp)) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \result < 2) && waterLevel <= 1) && 1 == systemActive) && tmp < 2) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) <= 2)) || ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2))) && ((((!(\old(pumpRunning) == 0) || !(1 < \old(waterLevel))) || (2 == \result && tmp == 2)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(methaneLevelCritical == 0)) || (((((1 <= pumpRunning && 2 == \result) && 2 <= waterLevel) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || ((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 289]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && splverifierCounter == 0) && 0 == systemActive - InvariantResult [Line: 927]: Loop Invariant Derived loop invariant: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 415]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 968]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1))) && (((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 <= waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) - InvariantResult [Line: 198]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 2)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) - InvariantResult [Line: 959]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel)) && (((((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result < 2) && waterLevel <= 1) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && 2 == waterLevel) && 2 == \result) && \old(waterLevel) == waterLevel))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || ((((((((pumpRunning == \old(pumpRunning) && \result < 2) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result))) && ((((((!(\old(waterLevel) <= 1) || ((((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result < 2) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result <= waterLevel) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (((((((((\result <= waterLevel && methaneLevelCritical <= tmp) && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 382]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 316]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 73]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 362]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 214]: Loop Invariant Derived loop invariant: (((((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \result <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 87]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: ((((((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 406]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 483]: Loop Invariant Derived loop invariant: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (\old(waterLevel) == waterLevel && (((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 == systemActive) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || ((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 2 <= waterLevel) && 1 == systemActive) && 1 <= switchedOnBeforeTS)))) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) == 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 475]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 891]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && 1 <= methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 173]: Loop Invariant Derived loop invariant: ((((((((((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (((((methaneLevelCritical <= tmp && pumpRunning == 0) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(1 == systemActive) || ((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel <= 1) && 0 < tmp + 1) && waterLevel + 1 <= \old(waterLevel)) && \result <= 0) && tmp <= 0) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && 0 <= \result)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(1 <= methaneLevelCritical)) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((((((methaneLevelCritical <= tmp && pumpRunning == 0) && 1 <= methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && methaneLevelCritical <= \result)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && 0 < tmp + 1) && \result <= 0) && tmp <= 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && 0 <= \result) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 306]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 270]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(2 == waterLevel)) || !(1 <= methaneLevelCritical)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(waterLevel <= 1)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && !(tmp == 0)) && pumpRunning == 0) && 1 == systemActive) && \result == 0) && tmp___0 == 0)) RESULT: Ultimate proved your program to be correct! [2022-11-16 11:35:50,117 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5caa436c-0c56-4ad3-b10e-5dac2728bf3c/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE