./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e04fb08f Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 7bcd24ea8f621c8db79e853f5aaf064ffcae573e6c1e9f03eb1f84bb0c15fc3c --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-e04fb08 [2022-11-16 12:01:18,798 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-16 12:01:18,804 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-16 12:01:18,829 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-16 12:01:18,830 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-16 12:01:18,831 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-16 12:01:18,832 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-16 12:01:18,835 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-16 12:01:18,837 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-16 12:01:18,838 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-16 12:01:18,839 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-16 12:01:18,841 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-16 12:01:18,841 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-16 12:01:18,843 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-16 12:01:18,844 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-16 12:01:18,845 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-16 12:01:18,847 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-16 12:01:18,848 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-16 12:01:18,850 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-16 12:01:18,852 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-16 12:01:18,854 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-16 12:01:18,858 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-16 12:01:18,863 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-16 12:01:18,865 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-16 12:01:18,869 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-16 12:01:18,876 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-16 12:01:18,876 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-16 12:01:18,879 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-16 12:01:18,880 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-16 12:01:18,881 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-16 12:01:18,883 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-16 12:01:18,884 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-16 12:01:18,886 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-16 12:01:18,888 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-16 12:01:18,890 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-16 12:01:18,892 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-16 12:01:18,893 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-16 12:01:18,894 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-16 12:01:18,894 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-16 12:01:18,896 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-16 12:01:18,897 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-16 12:01:18,898 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-16 12:01:18,946 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-16 12:01:18,946 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-16 12:01:18,947 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-16 12:01:18,948 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-16 12:01:18,949 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-16 12:01:18,949 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-16 12:01:18,950 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-16 12:01:18,950 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-16 12:01:18,951 INFO L138 SettingsManager]: * Use SBE=true [2022-11-16 12:01:18,951 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-16 12:01:18,952 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-16 12:01:18,953 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-16 12:01:18,953 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-16 12:01:18,953 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-16 12:01:18,954 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-16 12:01:18,954 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-16 12:01:18,954 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-16 12:01:18,955 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-16 12:01:18,955 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-16 12:01:18,955 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-16 12:01:18,956 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-16 12:01:18,956 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-16 12:01:18,956 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-16 12:01:18,957 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-16 12:01:18,957 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 12:01:18,958 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-16 12:01:18,958 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-16 12:01:18,958 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-16 12:01:18,959 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-16 12:01:18,959 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-16 12:01:18,961 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-16 12:01:18,961 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-16 12:01:18,962 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-16 12:01:18,962 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 7bcd24ea8f621c8db79e853f5aaf064ffcae573e6c1e9f03eb1f84bb0c15fc3c [2022-11-16 12:01:19,323 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-16 12:01:19,351 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-16 12:01:19,355 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-16 12:01:19,356 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-16 12:01:19,357 INFO L275 PluginConnector]: CDTParser initialized [2022-11-16 12:01:19,359 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/../../sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c [2022-11-16 12:01:19,434 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/data/aeee07c38/f545d45b7e0449a5a8b893b6e02a0c21/FLAGbdc8dfcba [2022-11-16 12:01:20,022 INFO L306 CDTParser]: Found 1 translation units. [2022-11-16 12:01:20,023 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c [2022-11-16 12:01:20,052 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/data/aeee07c38/f545d45b7e0449a5a8b893b6e02a0c21/FLAGbdc8dfcba [2022-11-16 12:01:20,346 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/data/aeee07c38/f545d45b7e0449a5a8b893b6e02a0c21 [2022-11-16 12:01:20,352 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-16 12:01:20,354 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-16 12:01:20,358 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-16 12:01:20,358 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-16 12:01:20,362 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-16 12:01:20,363 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,364 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@482a0757 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20, skipping insertion in model container [2022-11-16 12:01:20,365 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,374 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-16 12:01:20,434 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-16 12:01:20,724 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c[8146,8159] [2022-11-16 12:01:20,782 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 12:01:20,792 INFO L203 MainTranslator]: Completed pre-run [2022-11-16 12:01:20,829 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/sv-benchmarks/c/product-lines/minepump_spec5_product56.cil.c[8146,8159] [2022-11-16 12:01:20,864 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 12:01:20,882 INFO L208 MainTranslator]: Completed translation [2022-11-16 12:01:20,883 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20 WrapperNode [2022-11-16 12:01:20,883 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-16 12:01:20,884 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-16 12:01:20,884 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-16 12:01:20,884 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-16 12:01:20,892 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,907 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,938 INFO L138 Inliner]: procedures = 60, calls = 164, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 294 [2022-11-16 12:01:20,939 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-16 12:01:20,940 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-16 12:01:20,940 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-16 12:01:20,941 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-16 12:01:20,951 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,952 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,954 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,955 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,961 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,986 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,988 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,989 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:20,992 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-16 12:01:20,993 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-16 12:01:20,993 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-16 12:01:20,993 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-16 12:01:21,008 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (1/1) ... [2022-11-16 12:01:21,015 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 12:01:21,028 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 12:01:21,054 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-16 12:01:21,073 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-16 12:01:21,095 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-16 12:01:21,095 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-16 12:01:21,096 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-16 12:01:21,096 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-16 12:01:21,096 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-16 12:01:21,096 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-16 12:01:21,096 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-16 12:01:21,097 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 12:01:21,097 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 12:01:21,097 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-16 12:01:21,097 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-16 12:01:21,098 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-16 12:01:21,098 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-16 12:01:21,098 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-16 12:01:21,098 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-16 12:01:21,098 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-16 12:01:21,099 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-16 12:01:21,099 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-16 12:01:21,099 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-16 12:01:21,099 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-16 12:01:21,099 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-16 12:01:21,100 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-16 12:01:21,194 INFO L235 CfgBuilder]: Building ICFG [2022-11-16 12:01:21,196 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-16 12:01:21,760 INFO L276 CfgBuilder]: Performing block encoding [2022-11-16 12:01:21,769 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-16 12:01:21,770 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-16 12:01:21,773 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 12:01:21 BoogieIcfgContainer [2022-11-16 12:01:21,773 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-16 12:01:21,775 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-16 12:01:21,776 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-16 12:01:21,780 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-16 12:01:21,780 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 16.11 12:01:20" (1/3) ... [2022-11-16 12:01:21,781 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@40197c0d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 12:01:21, skipping insertion in model container [2022-11-16 12:01:21,781 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:01:20" (2/3) ... [2022-11-16 12:01:21,782 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@40197c0d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 12:01:21, skipping insertion in model container [2022-11-16 12:01:21,782 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 12:01:21" (3/3) ... [2022-11-16 12:01:21,784 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product56.cil.c [2022-11-16 12:01:21,807 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-16 12:01:21,808 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-16 12:01:21,904 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-16 12:01:21,913 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@295ddf1e, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-16 12:01:21,915 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-16 12:01:21,925 INFO L276 IsEmpty]: Start isEmpty. Operand has 110 states, 82 states have (on average 1.3658536585365855) internal successors, (112), 93 states have internal predecessors, (112), 17 states have call successors, (17), 9 states have call predecessors, (17), 9 states have return successors, (17), 12 states have call predecessors, (17), 17 states have call successors, (17) [2022-11-16 12:01:21,941 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-16 12:01:21,941 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:21,943 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:21,944 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:21,952 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:21,953 INFO L85 PathProgramCache]: Analyzing trace with hash 2077500872, now seen corresponding path program 1 times [2022-11-16 12:01:21,971 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:21,971 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [665870016] [2022-11-16 12:01:21,972 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:21,972 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:22,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:22,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-16 12:01:22,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:22,255 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-16 12:01:22,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:22,274 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 12:01:22,277 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:22,278 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [665870016] [2022-11-16 12:01:22,279 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [665870016] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:22,280 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:22,280 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-16 12:01:22,282 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [629407835] [2022-11-16 12:01:22,283 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:22,288 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-16 12:01:22,289 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:22,329 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-16 12:01:22,330 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 12:01:22,334 INFO L87 Difference]: Start difference. First operand has 110 states, 82 states have (on average 1.3658536585365855) internal successors, (112), 93 states have internal predecessors, (112), 17 states have call successors, (17), 9 states have call predecessors, (17), 9 states have return successors, (17), 12 states have call predecessors, (17), 17 states have call successors, (17) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 12:01:22,390 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:22,391 INFO L93 Difference]: Finished difference Result 211 states and 286 transitions. [2022-11-16 12:01:22,392 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-16 12:01:22,393 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-16 12:01:22,394 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:22,406 INFO L225 Difference]: With dead ends: 211 [2022-11-16 12:01:22,407 INFO L226 Difference]: Without dead ends: 101 [2022-11-16 12:01:22,411 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 12:01:22,415 INFO L413 NwaCegarLoop]: 140 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 140 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:22,416 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 140 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 12:01:22,435 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 101 states. [2022-11-16 12:01:22,464 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 101 to 101. [2022-11-16 12:01:22,473 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 101 states, 75 states have (on average 1.3066666666666666) internal successors, (98), 85 states have internal predecessors, (98), 17 states have call successors, (17), 9 states have call predecessors, (17), 8 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-16 12:01:22,477 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 101 states to 101 states and 131 transitions. [2022-11-16 12:01:22,479 INFO L78 Accepts]: Start accepts. Automaton has 101 states and 131 transitions. Word has length 32 [2022-11-16 12:01:22,479 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:22,480 INFO L495 AbstractCegarLoop]: Abstraction has 101 states and 131 transitions. [2022-11-16 12:01:22,480 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 12:01:22,480 INFO L276 IsEmpty]: Start isEmpty. Operand 101 states and 131 transitions. [2022-11-16 12:01:22,483 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-11-16 12:01:22,483 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:22,484 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:22,484 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-16 12:01:22,484 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:22,485 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:22,485 INFO L85 PathProgramCache]: Analyzing trace with hash 604529845, now seen corresponding path program 1 times [2022-11-16 12:01:22,486 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:22,486 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [386365560] [2022-11-16 12:01:22,486 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:22,487 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:22,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:22,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-16 12:01:22,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:22,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-11-16 12:01:22,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:22,723 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 12:01:22,724 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:22,724 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [386365560] [2022-11-16 12:01:22,724 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [386365560] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:22,725 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:22,725 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 12:01:22,742 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [104567853] [2022-11-16 12:01:22,743 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:22,744 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 12:01:22,744 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:22,745 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 12:01:22,745 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 12:01:22,745 INFO L87 Difference]: Start difference. First operand 101 states and 131 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 12:01:22,787 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:22,787 INFO L93 Difference]: Finished difference Result 162 states and 210 transitions. [2022-11-16 12:01:22,792 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 12:01:22,792 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-11-16 12:01:22,793 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:22,798 INFO L225 Difference]: With dead ends: 162 [2022-11-16 12:01:22,798 INFO L226 Difference]: Without dead ends: 92 [2022-11-16 12:01:22,799 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 12:01:22,804 INFO L413 NwaCegarLoop]: 118 mSDtfsCounter, 17 mSDsluCounter, 96 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 214 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:22,805 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 214 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 12:01:22,806 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 92 states. [2022-11-16 12:01:22,818 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 92 to 92. [2022-11-16 12:01:22,828 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 92 states, 69 states have (on average 1.318840579710145) internal successors, (91), 79 states have internal predecessors, (91), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 9 states have call predecessors, (14), 14 states have call successors, (14) [2022-11-16 12:01:22,830 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 92 states to 92 states and 119 transitions. [2022-11-16 12:01:22,834 INFO L78 Accepts]: Start accepts. Automaton has 92 states and 119 transitions. Word has length 33 [2022-11-16 12:01:22,834 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:22,835 INFO L495 AbstractCegarLoop]: Abstraction has 92 states and 119 transitions. [2022-11-16 12:01:22,835 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 12:01:22,835 INFO L276 IsEmpty]: Start isEmpty. Operand 92 states and 119 transitions. [2022-11-16 12:01:22,837 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-11-16 12:01:22,839 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:22,839 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:22,840 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-16 12:01:22,840 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:22,840 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:22,843 INFO L85 PathProgramCache]: Analyzing trace with hash -1594505260, now seen corresponding path program 1 times [2022-11-16 12:01:22,843 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:22,843 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1267641222] [2022-11-16 12:01:22,844 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:22,844 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:22,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:23,001 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 12:01:23,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:23,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-11-16 12:01:23,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:23,013 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 12:01:23,013 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:23,013 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1267641222] [2022-11-16 12:01:23,014 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1267641222] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:23,014 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:23,014 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 12:01:23,014 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1518171164] [2022-11-16 12:01:23,015 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:23,015 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 12:01:23,015 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:23,016 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 12:01:23,016 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 12:01:23,017 INFO L87 Difference]: Start difference. First operand 92 states and 119 transitions. Second operand has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 12:01:23,064 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:23,065 INFO L93 Difference]: Finished difference Result 258 states and 340 transitions. [2022-11-16 12:01:23,065 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 12:01:23,066 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-11-16 12:01:23,066 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:23,074 INFO L225 Difference]: With dead ends: 258 [2022-11-16 12:01:23,074 INFO L226 Difference]: Without dead ends: 174 [2022-11-16 12:01:23,075 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 12:01:23,076 INFO L413 NwaCegarLoop]: 146 mSDtfsCounter, 107 mSDsluCounter, 106 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 107 SdHoareTripleChecker+Valid, 252 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:23,077 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [107 Valid, 252 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 12:01:23,078 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 174 states. [2022-11-16 12:01:23,119 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 174 to 171. [2022-11-16 12:01:23,124 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 126 states have (on average 1.3412698412698412) internal successors, (169), 145 states have internal predecessors, (169), 28 states have call successors, (28), 16 states have call predecessors, (28), 16 states have return successors, (28), 17 states have call predecessors, (28), 28 states have call successors, (28) [2022-11-16 12:01:23,126 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 225 transitions. [2022-11-16 12:01:23,128 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 225 transitions. Word has length 38 [2022-11-16 12:01:23,129 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:23,129 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 225 transitions. [2022-11-16 12:01:23,130 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 10.333333333333334) internal successors, (31), 3 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 12:01:23,130 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 225 transitions. [2022-11-16 12:01:23,136 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-11-16 12:01:23,137 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:23,137 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:23,137 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-16 12:01:23,138 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:23,138 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:23,138 INFO L85 PathProgramCache]: Analyzing trace with hash -969732780, now seen corresponding path program 1 times [2022-11-16 12:01:23,138 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:23,139 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1601964997] [2022-11-16 12:01:23,139 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:23,139 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:23,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:23,462 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-16 12:01:23,464 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:23,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-11-16 12:01:23,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:23,500 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-16 12:01:23,500 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:23,500 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1601964997] [2022-11-16 12:01:23,501 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1601964997] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:23,501 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:23,501 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 12:01:23,501 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [770735486] [2022-11-16 12:01:23,502 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:23,502 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 12:01:23,502 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:23,503 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 12:01:23,503 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 12:01:23,504 INFO L87 Difference]: Start difference. First operand 171 states and 225 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 12:01:23,754 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:23,755 INFO L93 Difference]: Finished difference Result 445 states and 602 transitions. [2022-11-16 12:01:23,755 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-16 12:01:23,755 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-11-16 12:01:23,756 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:23,758 INFO L225 Difference]: With dead ends: 445 [2022-11-16 12:01:23,758 INFO L226 Difference]: Without dead ends: 282 [2022-11-16 12:01:23,760 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-16 12:01:23,761 INFO L413 NwaCegarLoop]: 134 mSDtfsCounter, 58 mSDsluCounter, 438 mSDsCounter, 0 mSdLazyCounter, 78 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 59 SdHoareTripleChecker+Valid, 572 SdHoareTripleChecker+Invalid, 90 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 78 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:23,762 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [59 Valid, 572 Invalid, 90 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 78 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 12:01:23,763 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 282 states. [2022-11-16 12:01:23,832 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 282 to 269. [2022-11-16 12:01:23,833 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 269 states, 200 states have (on average 1.29) internal successors, (258), 217 states have internal predecessors, (258), 38 states have call successors, (38), 30 states have call predecessors, (38), 30 states have return successors, (50), 33 states have call predecessors, (50), 38 states have call successors, (50) [2022-11-16 12:01:23,840 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 269 states to 269 states and 346 transitions. [2022-11-16 12:01:23,841 INFO L78 Accepts]: Start accepts. Automaton has 269 states and 346 transitions. Word has length 41 [2022-11-16 12:01:23,841 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:23,841 INFO L495 AbstractCegarLoop]: Abstraction has 269 states and 346 transitions. [2022-11-16 12:01:23,842 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 12:01:23,842 INFO L276 IsEmpty]: Start isEmpty. Operand 269 states and 346 transitions. [2022-11-16 12:01:23,843 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-16 12:01:23,844 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:23,844 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:23,844 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-16 12:01:23,844 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:23,845 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:23,845 INFO L85 PathProgramCache]: Analyzing trace with hash -1724941251, now seen corresponding path program 1 times [2022-11-16 12:01:23,845 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:23,845 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [20792063] [2022-11-16 12:01:23,845 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:23,846 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:23,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,022 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 12:01:24,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-16 12:01:24,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:24,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-11-16 12:01:24,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,109 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 12:01:24,109 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:24,109 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [20792063] [2022-11-16 12:01:24,109 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [20792063] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:24,110 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:24,110 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 12:01:24,110 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2076514588] [2022-11-16 12:01:24,112 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:24,113 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 12:01:24,113 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:24,114 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 12:01:24,114 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 12:01:24,114 INFO L87 Difference]: Start difference. First operand 269 states and 346 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 12:01:24,591 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:24,591 INFO L93 Difference]: Finished difference Result 853 states and 1148 transitions. [2022-11-16 12:01:24,592 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-11-16 12:01:24,592 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 57 [2022-11-16 12:01:24,594 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:24,608 INFO L225 Difference]: With dead ends: 853 [2022-11-16 12:01:24,612 INFO L226 Difference]: Without dead ends: 592 [2022-11-16 12:01:24,616 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 19 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=45, Invalid=111, Unknown=0, NotChecked=0, Total=156 [2022-11-16 12:01:24,621 INFO L413 NwaCegarLoop]: 123 mSDtfsCounter, 195 mSDsluCounter, 343 mSDsCounter, 0 mSdLazyCounter, 197 mSolverCounterSat, 56 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 201 SdHoareTripleChecker+Valid, 466 SdHoareTripleChecker+Invalid, 253 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 56 IncrementalHoareTripleChecker+Valid, 197 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:24,626 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [201 Valid, 466 Invalid, 253 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [56 Valid, 197 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-16 12:01:24,629 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 592 states. [2022-11-16 12:01:24,765 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 592 to 529. [2022-11-16 12:01:24,768 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 529 states, 396 states have (on average 1.2575757575757576) internal successors, (498), 418 states have internal predecessors, (498), 69 states have call successors, (69), 53 states have call predecessors, (69), 63 states have return successors, (107), 72 states have call predecessors, (107), 69 states have call successors, (107) [2022-11-16 12:01:24,778 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 529 states to 529 states and 674 transitions. [2022-11-16 12:01:24,779 INFO L78 Accepts]: Start accepts. Automaton has 529 states and 674 transitions. Word has length 57 [2022-11-16 12:01:24,779 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:24,779 INFO L495 AbstractCegarLoop]: Abstraction has 529 states and 674 transitions. [2022-11-16 12:01:24,779 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 12:01:24,779 INFO L276 IsEmpty]: Start isEmpty. Operand 529 states and 674 transitions. [2022-11-16 12:01:24,781 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-16 12:01:24,781 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:24,782 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:24,782 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-16 12:01:24,782 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:24,783 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:24,783 INFO L85 PathProgramCache]: Analyzing trace with hash 80497083, now seen corresponding path program 1 times [2022-11-16 12:01:24,783 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:24,783 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1539732488] [2022-11-16 12:01:24,783 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:24,784 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:24,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 12:01:24,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,869 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-16 12:01:24,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:24,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-11-16 12:01:24,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:24,918 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 12:01:24,918 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:24,919 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1539732488] [2022-11-16 12:01:24,919 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1539732488] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:24,919 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:24,919 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 12:01:24,919 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1358033679] [2022-11-16 12:01:24,920 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:24,920 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 12:01:24,920 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:24,921 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 12:01:24,921 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 12:01:24,921 INFO L87 Difference]: Start difference. First operand 529 states and 674 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-16 12:01:25,143 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:25,144 INFO L93 Difference]: Finished difference Result 1076 states and 1397 transitions. [2022-11-16 12:01:25,144 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 12:01:25,144 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 57 [2022-11-16 12:01:25,145 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:25,148 INFO L225 Difference]: With dead ends: 1076 [2022-11-16 12:01:25,148 INFO L226 Difference]: Without dead ends: 555 [2022-11-16 12:01:25,150 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-16 12:01:25,151 INFO L413 NwaCegarLoop]: 104 mSDtfsCounter, 74 mSDsluCounter, 340 mSDsCounter, 0 mSdLazyCounter, 147 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 77 SdHoareTripleChecker+Valid, 444 SdHoareTripleChecker+Invalid, 172 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 147 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:25,152 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [77 Valid, 444 Invalid, 172 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 147 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 12:01:25,153 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 555 states. [2022-11-16 12:01:25,197 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 555 to 541. [2022-11-16 12:01:25,199 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 541 states, 408 states have (on average 1.25) internal successors, (510), 430 states have internal predecessors, (510), 69 states have call successors, (69), 53 states have call predecessors, (69), 63 states have return successors, (107), 72 states have call predecessors, (107), 69 states have call successors, (107) [2022-11-16 12:01:25,204 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 541 states to 541 states and 686 transitions. [2022-11-16 12:01:25,205 INFO L78 Accepts]: Start accepts. Automaton has 541 states and 686 transitions. Word has length 57 [2022-11-16 12:01:25,205 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:25,205 INFO L495 AbstractCegarLoop]: Abstraction has 541 states and 686 transitions. [2022-11-16 12:01:25,206 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-16 12:01:25,206 INFO L276 IsEmpty]: Start isEmpty. Operand 541 states and 686 transitions. [2022-11-16 12:01:25,207 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-16 12:01:25,208 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:25,208 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:25,208 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-16 12:01:25,208 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:25,209 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:25,209 INFO L85 PathProgramCache]: Analyzing trace with hash 503198909, now seen corresponding path program 1 times [2022-11-16 12:01:25,209 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:25,210 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1254017364] [2022-11-16 12:01:25,210 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:25,211 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:25,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:25,337 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 12:01:25,339 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:25,348 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-16 12:01:25,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:25,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:25,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:25,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-11-16 12:01:25,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:25,421 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 12:01:25,422 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:25,422 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1254017364] [2022-11-16 12:01:25,422 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1254017364] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:25,422 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:25,423 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 12:01:25,423 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [199616641] [2022-11-16 12:01:25,423 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:25,424 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 12:01:25,424 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:25,425 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 12:01:25,425 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 12:01:25,426 INFO L87 Difference]: Start difference. First operand 541 states and 686 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 12:01:25,819 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:25,820 INFO L93 Difference]: Finished difference Result 996 states and 1286 transitions. [2022-11-16 12:01:25,820 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-11-16 12:01:25,821 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) Word has length 57 [2022-11-16 12:01:25,821 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:25,824 INFO L225 Difference]: With dead ends: 996 [2022-11-16 12:01:25,825 INFO L226 Difference]: Without dead ends: 463 [2022-11-16 12:01:25,827 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2022-11-16 12:01:25,828 INFO L413 NwaCegarLoop]: 112 mSDtfsCounter, 250 mSDsluCounter, 336 mSDsCounter, 0 mSdLazyCounter, 197 mSolverCounterSat, 67 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 258 SdHoareTripleChecker+Valid, 448 SdHoareTripleChecker+Invalid, 264 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 67 IncrementalHoareTripleChecker+Valid, 197 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:25,828 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [258 Valid, 448 Invalid, 264 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [67 Valid, 197 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-16 12:01:25,830 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 463 states. [2022-11-16 12:01:25,865 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 463 to 447. [2022-11-16 12:01:25,867 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 447 states, 336 states have (on average 1.2291666666666667) internal successors, (413), 355 states have internal predecessors, (413), 58 states have call successors, (58), 44 states have call predecessors, (58), 52 states have return successors, (80), 59 states have call predecessors, (80), 58 states have call successors, (80) [2022-11-16 12:01:25,869 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 447 states to 447 states and 551 transitions. [2022-11-16 12:01:25,870 INFO L78 Accepts]: Start accepts. Automaton has 447 states and 551 transitions. Word has length 57 [2022-11-16 12:01:25,870 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:25,870 INFO L495 AbstractCegarLoop]: Abstraction has 447 states and 551 transitions. [2022-11-16 12:01:25,871 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 3 states have call successors, (4) [2022-11-16 12:01:25,871 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 551 transitions. [2022-11-16 12:01:25,872 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2022-11-16 12:01:25,872 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:25,872 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:25,873 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-16 12:01:25,873 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:25,873 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:25,874 INFO L85 PathProgramCache]: Analyzing trace with hash 924671973, now seen corresponding path program 1 times [2022-11-16 12:01:25,874 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:25,874 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1471566606] [2022-11-16 12:01:25,874 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:25,874 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:25,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:26,096 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 12:01:26,098 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:26,144 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-11-16 12:01:26,146 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:26,167 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-11-16 12:01:26,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:26,192 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:26,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:26,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-11-16 12:01:26,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:26,213 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 12:01:26,213 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:26,213 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1471566606] [2022-11-16 12:01:26,214 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1471566606] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:26,214 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:26,214 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-16 12:01:26,214 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [408766458] [2022-11-16 12:01:26,215 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:26,215 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-16 12:01:26,215 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:26,216 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-16 12:01:26,216 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2022-11-16 12:01:26,216 INFO L87 Difference]: Start difference. First operand 447 states and 551 transitions. Second operand has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-16 12:01:27,716 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:27,717 INFO L93 Difference]: Finished difference Result 1669 states and 2221 transitions. [2022-11-16 12:01:27,717 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2022-11-16 12:01:27,717 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) Word has length 61 [2022-11-16 12:01:27,719 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:27,726 INFO L225 Difference]: With dead ends: 1669 [2022-11-16 12:01:27,727 INFO L226 Difference]: Without dead ends: 1344 [2022-11-16 12:01:27,729 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 47 GetRequests, 13 SyntacticMatches, 1 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 297 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=221, Invalid=969, Unknown=0, NotChecked=0, Total=1190 [2022-11-16 12:01:27,731 INFO L413 NwaCegarLoop]: 139 mSDtfsCounter, 630 mSDsluCounter, 772 mSDsCounter, 0 mSdLazyCounter, 1079 mSolverCounterSat, 238 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 640 SdHoareTripleChecker+Valid, 911 SdHoareTripleChecker+Invalid, 1317 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 238 IncrementalHoareTripleChecker+Valid, 1079 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:27,731 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [640 Valid, 911 Invalid, 1317 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [238 Valid, 1079 Invalid, 0 Unknown, 0 Unchecked, 1.0s Time] [2022-11-16 12:01:27,734 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1344 states. [2022-11-16 12:01:27,844 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1344 to 1190. [2022-11-16 12:01:27,847 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1190 states, 887 states have (on average 1.2232243517474635) internal successors, (1085), 944 states have internal predecessors, (1085), 160 states have call successors, (160), 118 states have call predecessors, (160), 142 states have return successors, (260), 162 states have call predecessors, (260), 160 states have call successors, (260) [2022-11-16 12:01:27,854 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1190 states to 1190 states and 1505 transitions. [2022-11-16 12:01:27,855 INFO L78 Accepts]: Start accepts. Automaton has 1190 states and 1505 transitions. Word has length 61 [2022-11-16 12:01:27,856 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:27,858 INFO L495 AbstractCegarLoop]: Abstraction has 1190 states and 1505 transitions. [2022-11-16 12:01:27,859 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 4 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-16 12:01:27,859 INFO L276 IsEmpty]: Start isEmpty. Operand 1190 states and 1505 transitions. [2022-11-16 12:01:27,865 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 92 [2022-11-16 12:01:27,865 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:27,866 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:27,866 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-16 12:01:27,866 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:27,867 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:27,867 INFO L85 PathProgramCache]: Analyzing trace with hash 798113011, now seen corresponding path program 1 times [2022-11-16 12:01:27,867 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:27,867 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1274508951] [2022-11-16 12:01:27,868 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:27,868 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:27,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:27,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 12:01:27,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:27,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-16 12:01:27,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:27,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:27,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:27,993 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 12:01:27,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:28,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,014 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-11-16 12:01:28,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-11-16 12:01:28,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,034 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-16 12:01:28,035 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:28,035 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1274508951] [2022-11-16 12:01:28,035 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1274508951] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:28,035 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:28,036 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-11-16 12:01:28,036 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [165200282] [2022-11-16 12:01:28,036 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:28,037 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-11-16 12:01:28,037 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:28,038 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-11-16 12:01:28,038 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2022-11-16 12:01:28,038 INFO L87 Difference]: Start difference. First operand 1190 states and 1505 transitions. Second operand has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 4 states have internal predecessors, (72), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-16 12:01:28,508 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:28,508 INFO L93 Difference]: Finished difference Result 2008 states and 2529 transitions. [2022-11-16 12:01:28,508 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-16 12:01:28,509 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 4 states have internal predecessors, (72), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) Word has length 91 [2022-11-16 12:01:28,509 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:28,513 INFO L225 Difference]: With dead ends: 2008 [2022-11-16 12:01:28,513 INFO L226 Difference]: Without dead ends: 826 [2022-11-16 12:01:28,517 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 31 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2022-11-16 12:01:28,518 INFO L413 NwaCegarLoop]: 114 mSDtfsCounter, 351 mSDsluCounter, 228 mSDsCounter, 0 mSdLazyCounter, 265 mSolverCounterSat, 129 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 360 SdHoareTripleChecker+Valid, 342 SdHoareTripleChecker+Invalid, 394 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 129 IncrementalHoareTripleChecker+Valid, 265 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:28,518 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [360 Valid, 342 Invalid, 394 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [129 Valid, 265 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-16 12:01:28,525 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 826 states. [2022-11-16 12:01:28,580 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 826 to 790. [2022-11-16 12:01:28,582 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 790 states, 594 states have (on average 1.2121212121212122) internal successors, (720), 633 states have internal predecessors, (720), 104 states have call successors, (104), 79 states have call predecessors, (104), 91 states have return successors, (155), 105 states have call predecessors, (155), 104 states have call successors, (155) [2022-11-16 12:01:28,587 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 790 states to 790 states and 979 transitions. [2022-11-16 12:01:28,589 INFO L78 Accepts]: Start accepts. Automaton has 790 states and 979 transitions. Word has length 91 [2022-11-16 12:01:28,593 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:28,593 INFO L495 AbstractCegarLoop]: Abstraction has 790 states and 979 transitions. [2022-11-16 12:01:28,593 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.285714285714286) internal successors, (72), 4 states have internal predecessors, (72), 4 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-16 12:01:28,594 INFO L276 IsEmpty]: Start isEmpty. Operand 790 states and 979 transitions. [2022-11-16 12:01:28,601 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-11-16 12:01:28,602 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:28,602 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:28,602 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-16 12:01:28,602 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:28,603 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:28,605 INFO L85 PathProgramCache]: Analyzing trace with hash -726468575, now seen corresponding path program 1 times [2022-11-16 12:01:28,605 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:28,605 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1258199847] [2022-11-16 12:01:28,605 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:28,605 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:28,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,870 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 12:01:28,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-16 12:01:28,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:28,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 12:01:28,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,932 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:28,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-11-16 12:01:28,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-11-16 12:01:28,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-16 12:01:28,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:28,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-11-16 12:01:28,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:28,970 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 16 proven. 13 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-16 12:01:28,970 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:28,970 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1258199847] [2022-11-16 12:01:28,971 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1258199847] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:01:28,971 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [926116351] [2022-11-16 12:01:28,971 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:28,971 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 12:01:28,971 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 12:01:28,975 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 12:01:29,008 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-16 12:01:29,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:29,147 INFO L263 TraceCheckSpWp]: Trace formula consists of 512 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-16 12:01:29,155 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:01:29,496 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 27 proven. 11 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 12:01:29,496 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:01:29,804 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 10 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-11-16 12:01:29,805 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [926116351] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 12:01:29,805 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 12:01:29,805 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-11-16 12:01:29,806 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2126990625] [2022-11-16 12:01:29,806 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 12:01:29,807 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-16 12:01:29,807 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:29,807 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-16 12:01:29,808 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2022-11-16 12:01:29,808 INFO L87 Difference]: Start difference. First operand 790 states and 979 transitions. Second operand has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) [2022-11-16 12:01:31,538 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:31,539 INFO L93 Difference]: Finished difference Result 1832 states and 2348 transitions. [2022-11-16 12:01:31,539 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 49 states. [2022-11-16 12:01:31,540 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) Word has length 111 [2022-11-16 12:01:31,540 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:31,546 INFO L225 Difference]: With dead ends: 1832 [2022-11-16 12:01:31,546 INFO L226 Difference]: Without dead ends: 1139 [2022-11-16 12:01:31,550 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 310 GetRequests, 252 SyntacticMatches, 4 SemanticMatches, 54 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 919 ImplicationChecksByTransitivity, 0.8s TimeCoverageRelationStatistics Valid=621, Invalid=2459, Unknown=0, NotChecked=0, Total=3080 [2022-11-16 12:01:31,551 INFO L413 NwaCegarLoop]: 196 mSDtfsCounter, 602 mSDsluCounter, 883 mSDsCounter, 0 mSdLazyCounter, 1017 mSolverCounterSat, 291 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 611 SdHoareTripleChecker+Valid, 1079 SdHoareTripleChecker+Invalid, 1308 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 291 IncrementalHoareTripleChecker+Valid, 1017 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:31,551 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [611 Valid, 1079 Invalid, 1308 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [291 Valid, 1017 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-11-16 12:01:31,553 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1139 states. [2022-11-16 12:01:31,631 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1139 to 887. [2022-11-16 12:01:31,633 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 887 states, 659 states have (on average 1.1881638846737481) internal successors, (783), 710 states have internal predecessors, (783), 121 states have call successors, (121), 100 states have call predecessors, (121), 106 states have return successors, (154), 111 states have call predecessors, (154), 121 states have call successors, (154) [2022-11-16 12:01:31,638 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 887 states to 887 states and 1058 transitions. [2022-11-16 12:01:31,638 INFO L78 Accepts]: Start accepts. Automaton has 887 states and 1058 transitions. Word has length 111 [2022-11-16 12:01:31,638 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:31,639 INFO L495 AbstractCegarLoop]: Abstraction has 887 states and 1058 transitions. [2022-11-16 12:01:31,639 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 9.133333333333333) internal successors, (137), 10 states have internal predecessors, (137), 6 states have call successors, (25), 7 states have call predecessors, (25), 6 states have return successors, (19), 7 states have call predecessors, (19), 6 states have call successors, (19) [2022-11-16 12:01:31,639 INFO L276 IsEmpty]: Start isEmpty. Operand 887 states and 1058 transitions. [2022-11-16 12:01:31,643 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 192 [2022-11-16 12:01:31,644 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:31,644 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:31,657 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-16 12:01:31,850 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-16 12:01:31,850 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:31,851 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:31,851 INFO L85 PathProgramCache]: Analyzing trace with hash 605285009, now seen corresponding path program 1 times [2022-11-16 12:01:31,851 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:31,851 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [942931575] [2022-11-16 12:01:31,852 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:31,852 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:31,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 12:01:32,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,053 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-16 12:01:32,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:32,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 12:01:32,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:32,080 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-11-16 12:01:32,090 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,098 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:32,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 12:01:32,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-16 12:01:32,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:32,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,112 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-11-16 12:01:32,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,173 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:32,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,175 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 12:01:32,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-11-16 12:01:32,181 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,182 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-11-16 12:01:32,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,189 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:32,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 183 [2022-11-16 12:01:32,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:32,197 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 81 proven. 0 refuted. 0 times theorem prover too weak. 122 trivial. 0 not checked. [2022-11-16 12:01:32,197 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:32,197 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [942931575] [2022-11-16 12:01:32,198 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [942931575] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:01:32,198 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:01:32,198 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-16 12:01:32,198 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1946128815] [2022-11-16 12:01:32,198 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:01:32,199 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-16 12:01:32,200 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:32,201 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-16 12:01:32,201 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=71, Unknown=0, NotChecked=0, Total=90 [2022-11-16 12:01:32,202 INFO L87 Difference]: Start difference. First operand 887 states and 1058 transitions. Second operand has 10 states, 10 states have (on average 9.7) internal successors, (97), 7 states have internal predecessors, (97), 4 states have call successors, (13), 5 states have call predecessors, (13), 2 states have return successors, (13), 4 states have call predecessors, (13), 4 states have call successors, (13) [2022-11-16 12:01:33,311 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:33,312 INFO L93 Difference]: Finished difference Result 2536 states and 3071 transitions. [2022-11-16 12:01:33,312 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 28 states. [2022-11-16 12:01:33,312 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 9.7) internal successors, (97), 7 states have internal predecessors, (97), 4 states have call successors, (13), 5 states have call predecessors, (13), 2 states have return successors, (13), 4 states have call predecessors, (13), 4 states have call successors, (13) Word has length 191 [2022-11-16 12:01:33,313 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:33,320 INFO L225 Difference]: With dead ends: 2536 [2022-11-16 12:01:33,321 INFO L226 Difference]: Without dead ends: 1657 [2022-11-16 12:01:33,325 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 78 GetRequests, 46 SyntacticMatches, 0 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 251 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=229, Invalid=893, Unknown=0, NotChecked=0, Total=1122 [2022-11-16 12:01:33,326 INFO L413 NwaCegarLoop]: 177 mSDtfsCounter, 444 mSDsluCounter, 674 mSDsCounter, 0 mSdLazyCounter, 909 mSolverCounterSat, 144 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 450 SdHoareTripleChecker+Valid, 851 SdHoareTripleChecker+Invalid, 1053 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 144 IncrementalHoareTripleChecker+Valid, 909 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:33,327 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [450 Valid, 851 Invalid, 1053 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [144 Valid, 909 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-11-16 12:01:33,329 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1657 states. [2022-11-16 12:01:33,531 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1657 to 1648. [2022-11-16 12:01:33,534 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1648 states, 1231 states have (on average 1.1551584077985377) internal successors, (1422), 1318 states have internal predecessors, (1422), 221 states have call successors, (221), 188 states have call predecessors, (221), 195 states have return successors, (277), 205 states have call predecessors, (277), 221 states have call successors, (277) [2022-11-16 12:01:33,547 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1648 states to 1648 states and 1920 transitions. [2022-11-16 12:01:33,548 INFO L78 Accepts]: Start accepts. Automaton has 1648 states and 1920 transitions. Word has length 191 [2022-11-16 12:01:33,548 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:33,548 INFO L495 AbstractCegarLoop]: Abstraction has 1648 states and 1920 transitions. [2022-11-16 12:01:33,549 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 9.7) internal successors, (97), 7 states have internal predecessors, (97), 4 states have call successors, (13), 5 states have call predecessors, (13), 2 states have return successors, (13), 4 states have call predecessors, (13), 4 states have call successors, (13) [2022-11-16 12:01:33,549 INFO L276 IsEmpty]: Start isEmpty. Operand 1648 states and 1920 transitions. [2022-11-16 12:01:33,556 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 196 [2022-11-16 12:01:33,556 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:01:33,558 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:33,558 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-11-16 12:01:33,558 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 12:01:33,559 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:01:33,559 INFO L85 PathProgramCache]: Analyzing trace with hash -1124053067, now seen corresponding path program 1 times [2022-11-16 12:01:33,559 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 12:01:33,559 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [258967885] [2022-11-16 12:01:33,560 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:33,560 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 12:01:33,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:33,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 12:01:33,823 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:33,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-16 12:01:33,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:33,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:33,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:33,879 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 12:01:33,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:33,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:33,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:33,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-11-16 12:01:33,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,075 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:34,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 12:01:34,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,087 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-16 12:01:34,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:34,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-11-16 12:01:34,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-11-16 12:01:34,117 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 12:01:34,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-11-16 12:01:34,127 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-11-16 12:01:34,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,131 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 166 [2022-11-16 12:01:34,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 12:01:34,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 187 [2022-11-16 12:01:34,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,148 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 92 proven. 28 refuted. 0 times theorem prover too weak. 83 trivial. 0 not checked. [2022-11-16 12:01:34,148 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 12:01:34,149 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [258967885] [2022-11-16 12:01:34,149 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [258967885] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:01:34,149 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1141269775] [2022-11-16 12:01:34,149 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:01:34,150 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 12:01:34,150 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 12:01:34,151 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 12:01:34,180 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-16 12:01:34,333 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:01:34,337 INFO L263 TraceCheckSpWp]: Trace formula consists of 733 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-16 12:01:34,344 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:01:34,674 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 147 proven. 4 refuted. 0 times theorem prover too weak. 52 trivial. 0 not checked. [2022-11-16 12:01:34,674 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:01:35,284 INFO L134 CoverageAnalysis]: Checked inductivity of 203 backedges. 81 proven. 39 refuted. 0 times theorem prover too weak. 83 trivial. 0 not checked. [2022-11-16 12:01:35,284 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1141269775] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 12:01:35,285 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 12:01:35,285 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 10, 11] total 26 [2022-11-16 12:01:35,285 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2057944543] [2022-11-16 12:01:35,285 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 12:01:35,287 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-11-16 12:01:35,287 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 12:01:35,287 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-11-16 12:01:35,288 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=123, Invalid=527, Unknown=0, NotChecked=0, Total=650 [2022-11-16 12:01:35,288 INFO L87 Difference]: Start difference. First operand 1648 states and 1920 transitions. Second operand has 26 states, 26 states have (on average 8.538461538461538) internal successors, (222), 22 states have internal predecessors, (222), 10 states have call successors, (39), 9 states have call predecessors, (39), 9 states have return successors, (34), 9 states have call predecessors, (34), 10 states have call successors, (34) [2022-11-16 12:01:37,344 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:01:37,344 INFO L93 Difference]: Finished difference Result 3617 states and 4344 transitions. [2022-11-16 12:01:37,345 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-11-16 12:01:37,345 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 26 states have (on average 8.538461538461538) internal successors, (222), 22 states have internal predecessors, (222), 10 states have call successors, (39), 9 states have call predecessors, (39), 9 states have return successors, (34), 9 states have call predecessors, (34), 10 states have call successors, (34) Word has length 195 [2022-11-16 12:01:37,345 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:01:37,347 INFO L225 Difference]: With dead ends: 3617 [2022-11-16 12:01:37,347 INFO L226 Difference]: Without dead ends: 0 [2022-11-16 12:01:37,354 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 479 GetRequests, 421 SyntacticMatches, 5 SemanticMatches, 53 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 628 ImplicationChecksByTransitivity, 1.0s TimeCoverageRelationStatistics Valid=613, Invalid=2357, Unknown=0, NotChecked=0, Total=2970 [2022-11-16 12:01:37,355 INFO L413 NwaCegarLoop]: 52 mSDtfsCounter, 958 mSDsluCounter, 471 mSDsCounter, 0 mSdLazyCounter, 1652 mSolverCounterSat, 395 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 964 SdHoareTripleChecker+Valid, 523 SdHoareTripleChecker+Invalid, 2047 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 395 IncrementalHoareTripleChecker+Valid, 1652 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-16 12:01:37,356 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [964 Valid, 523 Invalid, 2047 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [395 Valid, 1652 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2022-11-16 12:01:37,356 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-16 12:01:37,356 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-16 12:01:37,356 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-16 12:01:37,357 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-16 12:01:37,357 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 195 [2022-11-16 12:01:37,357 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:01:37,357 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-16 12:01:37,358 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 26 states have (on average 8.538461538461538) internal successors, (222), 22 states have internal predecessors, (222), 10 states have call successors, (39), 9 states have call predecessors, (39), 9 states have return successors, (34), 9 states have call predecessors, (34), 10 states have call successors, (34) [2022-11-16 12:01:37,358 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-16 12:01:37,358 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-16 12:01:37,361 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-16 12:01:37,373 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-11-16 12:01:37,567 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2022-11-16 12:01:37,569 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-16 12:01:58,180 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 293 300) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 1 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (< 1 ~waterLevel~0)) .cse0 .cse1 .cse2 (not (<= ~waterLevel~0 2))))) [2022-11-16 12:01:58,181 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 293 300) no Hoare annotation was computed. [2022-11-16 12:01:58,181 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 293 300) no Hoare annotation was computed. [2022-11-16 12:01:58,181 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 200 206) no Hoare annotation was computed. [2022-11-16 12:01:58,182 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 200 206) the Hoare annotation is: true [2022-11-16 12:01:58,182 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 84 95) the Hoare annotation is: (let ((.cse2 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~pumpRunning~0 0))) (.cse1 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse3 (not (<= ~waterLevel~0 2)))) (and (or (not (= |old(~methaneLevelCritical~0)| 0)) .cse0 .cse1 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (< 1 ~waterLevel~0)) .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse0 .cse1 .cse3) (or .cse4 .cse1 .cse3 (not (= 0 ~systemActive~0))))) [2022-11-16 12:01:58,183 INFO L899 garLoopResultBuilder]: For program point L88-1(lines 84 95) no Hoare annotation was computed. [2022-11-16 12:01:58,183 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 84 95) no Hoare annotation was computed. [2022-11-16 12:01:58,184 INFO L902 garLoopResultBuilder]: At program point L962-2(lines 962 976) the Hoare annotation is: true [2022-11-16 12:01:58,184 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 952 981) no Hoare annotation was computed. [2022-11-16 12:01:58,184 INFO L902 garLoopResultBuilder]: At program point L958(line 958) the Hoare annotation is: true [2022-11-16 12:01:58,184 INFO L899 garLoopResultBuilder]: For program point L958-1(line 958) no Hoare annotation was computed. [2022-11-16 12:01:58,185 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 952 981) the Hoare annotation is: true [2022-11-16 12:01:58,192 INFO L902 garLoopResultBuilder]: At program point L977(lines 952 981) the Hoare annotation is: true [2022-11-16 12:01:58,192 INFO L899 garLoopResultBuilder]: For program point L973(line 973) no Hoare annotation was computed. [2022-11-16 12:01:58,192 INFO L899 garLoopResultBuilder]: For program point L966(lines 966 970) no Hoare annotation was computed. [2022-11-16 12:01:58,192 INFO L902 garLoopResultBuilder]: At program point L966-1(lines 966 970) the Hoare annotation is: true [2022-11-16 12:01:58,192 INFO L899 garLoopResultBuilder]: For program point L963(line 963) no Hoare annotation was computed. [2022-11-16 12:01:58,193 INFO L899 garLoopResultBuilder]: For program point L64(lines 64 68) no Hoare annotation was computed. [2022-11-16 12:01:58,196 INFO L895 garLoopResultBuilder]: At program point L64-2(lines 60 71) the Hoare annotation is: (let ((.cse6 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (= 0 ~systemActive~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse9 (<= 1 ~switchedOnBeforeTS~0)) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse0 .cse5) (or .cse6 .cse4 .cse0) (or .cse6 .cse4 .cse7) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse8 (= ~waterLevel~0 1) .cse9) .cse10) (or .cse4 .cse5 .cse7) (or (and .cse8 (= |old(~waterLevel~0)| ~waterLevel~0) .cse9) .cse0 .cse1 (and .cse8 .cse2 .cse9) .cse10 .cse3))) [2022-11-16 12:01:58,197 INFO L899 garLoopResultBuilder]: For program point L568(lines 568 574) no Hoare annotation was computed. [2022-11-16 12:01:58,197 INFO L895 garLoopResultBuilder]: At program point L279(line 279) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse7 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse4 .cse0 .cse5) (or .cse6 .cse3 .cse7) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2) (or .cse6 .cse3 .cse4 .cse0) (or .cse3 .cse5 .cse7))) [2022-11-16 12:01:58,198 INFO L895 garLoopResultBuilder]: At program point L279-1(lines 260 284) the Hoare annotation is: (let ((.cse19 (= ~methaneLevelCritical~0 0))) (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse23 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse15 (= ~pumpRunning~0 0)) (.cse10 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse11 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse24 (<= ~waterLevel~0 1)) (.cse25 (= 1 ~systemActive~0)) (.cse4 (not .cse19)) (.cse26 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse12 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse17 (not (<= |old(~waterLevel~0)| 1))) (.cse1 (not (= |old(~waterLevel~0)| 1))) (.cse20 (and .cse9 .cse15 .cse10 .cse11 .cse24 .cse25 .cse4 .cse26 .cse12)) (.cse14 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (= |old(~waterLevel~0)| 2))) (.cse21 (not (= 0 ~systemActive~0))) (.cse8 (not (< 1 |old(~waterLevel~0)|))) (.cse0 (and .cse23 .cse9 .cse10 .cse11 .cse24 .cse26 .cse12)) (.cse18 (and .cse9 .cse15 .cse10 .cse11 .cse16 .cse12)) (.cse2 (not .cse25)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (and .cse9 .cse15 .cse10 .cse19 .cse11 .cse24 .cse25 .cse26 .cse12)) (.cse13 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse0 .cse2 .cse3 .cse4 .cse5 .cse7) (or .cse2 .cse3 .cse8 (and .cse9 .cse10 .cse11 .cse12) .cse13) (or .cse14 (and .cse15 .cse16) .cse2 .cse13 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) .cse16)) (or .cse17 .cse18 .cse19 .cse2 .cse3 .cse20 .cse6) (or .cse17 .cse14 .cse21) (or .cse1 .cse19 .cse2 .cse3 .cse20 .cse6) (or .cse14 .cse7 .cse21) (let ((.cse22 (= ~waterLevel~0 1))) (or .cse2 .cse3 .cse8 (and .cse15 .cse22) .cse13 (and .cse19 .cse22))) (or .cse0 .cse18 .cse2 .cse3 .cse4 (and .cse23 .cse9 .cse10 .cse11 .cse16 .cse12) .cse5 .cse13 .cse6))))) [2022-11-16 12:01:58,198 INFO L899 garLoopResultBuilder]: For program point L180(lines 180 186) no Hoare annotation was computed. [2022-11-16 12:01:58,198 INFO L895 garLoopResultBuilder]: At program point L308(lines 301 311) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse18 (<= 1 ~pumpRunning~0)) (.cse13 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse14 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse15 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse19 (<= ~waterLevel~0 1)) (.cse20 (= 1 ~systemActive~0)) (.cse10 (not .cse1)) (.cse21 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse16 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse4 (and .cse18 .cse13 .cse14 .cse15 .cse19 .cse20 .cse10 .cse21 .cse16)) (.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse9 (not (= |old(~waterLevel~0)| 2))) (.cse17 (not (= 0 ~systemActive~0))) (.cse12 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not .cse20)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (and .cse13 .cse14 .cse15 (= |old(~waterLevel~0)| ~waterLevel~0) .cse16)) (.cse11 (and .cse18 .cse13 .cse14 .cse1 .cse15 .cse19 .cse20 .cse21 .cse16)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse1 .cse2 .cse3 .cse4 .cse6 .cse7 .cse5) (or .cse8 .cse2 .cse9) (or .cse0 .cse2 .cse3 .cse10 .cse11 .cse5) (or .cse12 .cse8 .cse2) (or .cse2 (and .cse13 .cse14 .cse15 (= ~waterLevel~0 1) .cse16) .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse6) (or .cse12 .cse8 .cse17) (or .cse8 .cse9 .cse17) (or .cse12 .cse2 .cse3 .cse10 .cse7 .cse11 .cse5))))) [2022-11-16 12:01:58,199 INFO L899 garLoopResultBuilder]: For program point L531(line 531) no Hoare annotation was computed. [2022-11-16 12:01:58,199 INFO L899 garLoopResultBuilder]: For program point L180-2(lines 176 198) no Hoare annotation was computed. [2022-11-16 12:01:58,199 INFO L895 garLoopResultBuilder]: At program point L552(lines 545 554) the Hoare annotation is: (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (and (= ~pumpRunning~0 0) .cse7)) (.cse1 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse7 (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 .cse5 .cse2 (not (= |old(~waterLevel~0)| 2))) (or .cse4 .cse5 .cse6 (not (= 0 ~systemActive~0))) (or .cse0 .cse4 .cse5 .cse2) (or .cse1 .cse2 .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse6)))) [2022-11-16 12:01:58,199 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 173 199) no Hoare annotation was computed. [2022-11-16 12:01:58,200 INFO L895 garLoopResultBuilder]: At program point L565(line 565) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse20 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse11 (= ~pumpRunning~0 0)) (.cse22 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse16 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse23 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse17 (<= ~waterLevel~0 1)) (.cse12 (= 1 ~systemActive~0)) (.cse7 (not .cse1)) (.cse25 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse24 (<= 1 ~switchedOnBeforeTS~0)) (.cse19 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| ~waterLevel~0))) (let ((.cse0 (not (= |old(~waterLevel~0)| 1))) (.cse4 (and .cse21 .cse11 .cse22 .cse16 .cse23 .cse17 .cse12 .cse7 .cse25 .cse24 .cse19)) (.cse14 (not (< 1 |old(~waterLevel~0)|))) (.cse13 (= ~waterLevel~0 1)) (.cse15 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not .cse12)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (and .cse21 .cse11 .cse22 .cse16 .cse1 .cse23 .cse17 .cse12 .cse25 .cse24 .cse19)) (.cse9 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (and .cse21 .cse11 .cse22 .cse16 .cse23 .cse18 .cse24 .cse19)) (.cse8 (and (<= 1 ~pumpRunning~0) .cse20 .cse21 .cse22 .cse16 .cse1 .cse23 .cse17 .cse12 .cse25 .cse24 .cse19)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse3 .cse6 .cse7 .cse8 .cse5) (or .cse1 .cse2 .cse3 .cse9 .cse4 .cse10 .cse5) (or (and .cse11 .cse12 .cse13) .cse1 .cse2 .cse3 .cse14 .cse9) (or .cse15 .cse2 (not (= |old(~waterLevel~0)| 2))) (or .cse15 .cse9 (and .cse11 .cse16 .cse17 .cse18 .cse19) (not (= 0 ~systemActive~0))) (or .cse2 .cse3 .cse14 (and .cse20 .cse21 .cse22 .cse16 .cse23 .cse13 .cse24 .cse19) .cse9 (and .cse21 .cse11 .cse22 .cse16 .cse23 .cse12 .cse13 .cse24 .cse19)) (or (not (<= |old(~waterLevel~0)| 1)) .cse15 .cse2 (and .cse11 .cse16 .cse18 .cse19)) (or (and .cse20 .cse21 .cse22 .cse16 .cse23 .cse18 .cse24 .cse19) .cse2 .cse3 .cse6 .cse7 .cse9 .cse10 .cse8 .cse5))))) [2022-11-16 12:01:58,200 INFO L899 garLoopResultBuilder]: For program point L565-1(line 565) no Hoare annotation was computed. [2022-11-16 12:01:58,200 INFO L895 garLoopResultBuilder]: At program point L532(lines 527 534) the Hoare annotation is: (let ((.cse5 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse6 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse0 .cse4) (or .cse5 .cse3 .cse0) (or .cse5 .cse3 .cse6) (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2) (or .cse3 .cse4 .cse6))) [2022-11-16 12:01:58,200 INFO L899 garLoopResultBuilder]: For program point L268(lines 268 276) no Hoare annotation was computed. [2022-11-16 12:01:58,201 INFO L899 garLoopResultBuilder]: For program point L264(lines 264 281) no Hoare annotation was computed. [2022-11-16 12:01:58,201 INFO L895 garLoopResultBuilder]: At program point L550(line 550) the Hoare annotation is: (let ((.cse13 (= ~pumpRunning~0 0)) (.cse7 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse12 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and .cse13 .cse7 .cse12)) (.cse10 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse8 (< 1 ~waterLevel~0)) (.cse9 (<= ~waterLevel~0 2)) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse11 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse5 (and .cse6 .cse7 .cse8 .cse9) .cse3) (or .cse0 .cse10 .cse1 .cse11) (or .cse10 .cse2 .cse4 (and .cse6 .cse7 .cse12) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse5 (and .cse13 .cse7 .cse8 .cse9) .cse3 .cse11)))) [2022-11-16 12:01:58,201 INFO L899 garLoopResultBuilder]: For program point L550-1(line 550) no Hoare annotation was computed. [2022-11-16 12:01:58,201 INFO L895 garLoopResultBuilder]: At program point L133(lines 128 136) the Hoare annotation is: (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse20 (= ~methaneLevelCritical~0 0)) (.cse11 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse0 (= ~pumpRunning~0 0)) (.cse12 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse13 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse14 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse23 (<= ~waterLevel~0 1)) (.cse21 (= 1 ~systemActive~0)) (.cse24 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse15 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse18 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (and .cse11 .cse0 .cse12 .cse13 .cse14 .cse23 .cse21 .cse24 .cse15)) (.cse16 (and .cse6 .cse10 .cse11 .cse12 .cse13 .cse20 .cse14 .cse23 .cse21 .cse24 .cse15)) (.cse17 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse4 (not .cse21)) (.cse8 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse19 (and .cse0 .cse13 .cse2)) (.cse7 (not (<= |old(~waterLevel~0)| 2)))) (and (let ((.cse1 (= 2 |timeShift_getWaterLevel_#res#1|))) (or (and .cse0 .cse1 .cse2) .cse3 .cse4 .cse5 (and .cse6 .cse1 .cse2) .cse7)) (or .cse4 .cse8 .cse9 (and .cse10 .cse11 .cse12 .cse13 .cse14 .cse2 .cse15) .cse16 .cse7 (and .cse11 .cse0 .cse12 .cse13 .cse14 .cse2 .cse15) .cse17) (or .cse18 .cse3 .cse4 .cse19) (or .cse18 .cse20 .cse4 .cse8 (and .cse0 .cse21) .cse17) (or (not (= |old(~waterLevel~0)| 1)) .cse4 .cse8 .cse9 .cse16 .cse17) (let ((.cse22 (= ~waterLevel~0 1))) (or (and .cse10 .cse11 .cse12 .cse13 .cse20 .cse14 .cse22 .cse15) .cse4 .cse8 .cse5 (and .cse11 .cse0 .cse12 .cse13 .cse14 .cse22 .cse15) .cse7)) (or .cse3 .cse19 .cse7 (not (= 0 ~systemActive~0)))))) [2022-11-16 12:01:58,202 INFO L899 garLoopResultBuilder]: For program point L187-1(lines 187 193) no Hoare annotation was computed. [2022-11-16 12:01:58,202 INFO L899 garLoopResultBuilder]: For program point L567(lines 567 577) no Hoare annotation was computed. [2022-11-16 12:01:58,202 INFO L899 garLoopResultBuilder]: For program point L563(lines 563 580) no Hoare annotation was computed. [2022-11-16 12:01:58,202 INFO L895 garLoopResultBuilder]: At program point L274(line 274) the Hoare annotation is: (let ((.cse9 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse10 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse11 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse12 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse5 (= ~methaneLevelCritical~0 0)) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse4 (not (= 0 ~systemActive~0))) (.cse14 (and .cse9 .cse10 .cse11 .cse12 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse13)) (.cse3 (not (<= |old(~waterLevel~0)| 1))) (.cse1 (not (= 1 ~systemActive~0))) (.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse0 .cse1) (or .cse3 .cse0 .cse4) (or .cse5 .cse1 .cse6 .cse7 .cse8) (or (and .cse9 .cse10 .cse11 .cse5 .cse12 (= ~waterLevel~0 1) .cse13) .cse1 .cse6 (not (< 1 |old(~waterLevel~0)|)) .cse7) (or .cse0 .cse2 .cse4) (or .cse14 (not (= |old(~waterLevel~0)| 1)) .cse1 .cse6 .cse8) (or .cse14 .cse3 .cse1 .cse6 (and .cse9 .cse10 .cse11 .cse12 (= |old(~waterLevel~0)| ~waterLevel~0) .cse13) .cse8)))) [2022-11-16 12:01:58,203 INFO L895 garLoopResultBuilder]: At program point L563-1(lines 555 583) the Hoare annotation is: (let ((.cse6 (= ~methaneLevelCritical~0 0))) (let ((.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse18 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse3 (= ~pumpRunning~0 0)) (.cse19 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse15 (= ~waterLevel~0 |timeShift_getWaterLevel_#res#1|)) (.cse20 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse23 (<= ~waterLevel~0 1)) (.cse4 (= 1 ~systemActive~0)) (.cse14 (not .cse6)) (.cse24 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse21 (<= 1 ~switchedOnBeforeTS~0)) (.cse17 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| ~waterLevel~0))) (let ((.cse8 (and .cse18 .cse3 .cse19 .cse15 .cse20 .cse23 .cse4 .cse14 .cse24 .cse21 .cse17)) (.cse5 (not (= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (and .cse18 .cse3 .cse19 .cse15 .cse6 .cse20 .cse23 .cse4 .cse24 .cse21 .cse17)) (.cse13 (and .cse2 .cse18 .cse19 .cse15 .cse20 .cse23 .cse4 .cse24 .cse21 .cse17)) (.cse11 (and .cse18 .cse3 .cse19 .cse15 .cse20 .cse16 .cse21 .cse17)) (.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse1 (not .cse4)) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 (and .cse2 .cse3 .cse4)) (or .cse5 .cse6 .cse1 .cse7 .cse8 .cse9) (or .cse6 .cse1 .cse7 .cse10 .cse8 .cse11 .cse9) (or .cse5 .cse1 .cse7 .cse12 .cse13 .cse14 .cse9) (or .cse0 .cse1 (and .cse2 .cse3 .cse15 .cse4 .cse16 .cse17) .cse10 (and (<= 1 ~pumpRunning~0) .cse15 .cse16 .cse17)) (or .cse0 (and .cse2 .cse3 .cse15 .cse16 .cse17) .cse10 (not (= 0 ~systemActive~0))) (or (and .cse2 .cse18 .cse19 .cse15 .cse20 .cse16 .cse21 .cse17) .cse1 .cse7 .cse12 .cse13 .cse14 .cse10 .cse11 .cse9) (let ((.cse22 (= ~waterLevel~0 1))) (or (and .cse2 .cse18 .cse19 .cse15 .cse6 .cse20 .cse22 .cse21 .cse17) .cse1 .cse7 (not (< 1 |old(~waterLevel~0)|)) (and .cse18 .cse3 .cse19 .cse15 .cse20 .cse22 .cse21 .cse17) .cse10)))))) [2022-11-16 12:01:58,203 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 173 199) the Hoare annotation is: (let ((.cse13 (= ~pumpRunning~0 0)) (.cse7 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse12 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and .cse13 .cse7 .cse12)) (.cse10 (not (<= |old(~waterLevel~0)| 1))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse8 (< 1 ~waterLevel~0)) (.cse9 (<= ~waterLevel~0 2)) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse11 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse2 .cse4 .cse5 (and .cse6 .cse7 .cse8 .cse9) .cse3) (or .cse0 .cse10 .cse1 .cse11) (or .cse10 .cse2 .cse4 (and .cse6 .cse7 .cse12) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse5 (and .cse13 .cse7 .cse8 .cse9) .cse3 .cse11)))) [2022-11-16 12:01:58,204 INFO L895 garLoopResultBuilder]: At program point L270(line 270) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)) (.cse9 (= |timeShift_processEnvironment_~tmp~2#1| ~methaneLevelCritical~0)) (.cse10 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse15 (= 1 ~systemActive~0)) (.cse13 (not (= ~methaneLevelCritical~0 0))) (.cse11 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse4 (and (<= 1 ~pumpRunning~0) .cse7 .cse8 .cse9 .cse10 (<= ~waterLevel~0 1) .cse15 .cse13 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse11)) (.cse6 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse12 (not (= 0 ~systemActive~0))) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse1 (not .cse15)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse14 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or (not (= |old(~waterLevel~0)| 1)) .cse1 .cse3 .cse4 .cse5) (or .cse6 .cse1 .cse3 (and .cse7 .cse8 .cse9 .cse10 (= |old(~waterLevel~0)| ~waterLevel~0) .cse11) .cse4 .cse5) (or .cse6 .cse0 .cse1) (or .cse6 .cse0 .cse12) (or .cse0 .cse2 .cse12) (or .cse1 .cse3 .cse13 .cse14 .cse5) (or (and .cse7 .cse8 .cse9 .cse10 .cse13 (= ~waterLevel~0 1) .cse11) .cse1 .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse14)))) [2022-11-16 12:01:58,204 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 173 199) no Hoare annotation was computed. [2022-11-16 12:01:58,204 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 531) no Hoare annotation was computed. [2022-11-16 12:01:58,204 INFO L895 garLoopResultBuilder]: At program point L101(lines 96 104) the Hoare annotation is: (let ((.cse9 (= ~methaneLevelCritical~0 0))) (let ((.cse6 (not .cse9)) (.cse16 (<= 1 ~pumpRunning~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= |timeShift_isMethaneLevelCritical_#res#1| ~methaneLevelCritical~0)) (.cse17 (<= ~waterLevel~0 1)) (.cse18 (= 1 ~systemActive~0)) (.cse19 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse5 (not (= |old(~waterLevel~0)| 1))) (.cse7 (and .cse16 .cse2 .cse9 .cse3 .cse17 .cse18 .cse19 .cse4)) (.cse11 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (not (= |old(~waterLevel~0)| 2))) (.cse15 (not (= 0 ~systemActive~0))) (.cse13 (not (<= |old(~waterLevel~0)| 1))) (.cse14 (and .cse2 .cse3 (= |old(~waterLevel~0)| ~waterLevel~0) .cse4)) (.cse0 (not .cse18)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (and .cse16 .cse2 .cse3 .cse17 .cse18 .cse6 .cse19 .cse4)) (.cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 .cse1 (not (< 1 |old(~waterLevel~0)|)) (and .cse2 .cse3 (= ~waterLevel~0 1) .cse4) (not (<= |old(~waterLevel~0)| 2))) (or .cse5 .cse0 .cse1 .cse6 .cse7 .cse8) (or .cse5 .cse9 .cse0 .cse1 .cse10 .cse8) (or .cse11 .cse0 .cse12) (or .cse13 .cse14 .cse0 .cse1 .cse6 .cse7 .cse8) (or .cse13 .cse11 .cse0) (or .cse13 .cse11 .cse15) (or .cse11 .cse12 .cse15) (or .cse13 .cse14 .cse9 .cse0 .cse1 .cse10 .cse8))))) [2022-11-16 12:01:58,205 INFO L895 garLoopResultBuilder]: At program point L415(lines 410 417) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-16 12:01:58,205 INFO L895 garLoopResultBuilder]: At program point L477(lines 430 479) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse4 (<= ~waterLevel~0 1)) (.cse5 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse2 .cse3) (and .cse0 .cse1 .cse5 .cse2) (and .cse6 .cse1 .cse5 .cse2) (and .cse6 (= ~methaneLevelCritical~0 0) .cse4 .cse5 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse4 .cse5 .cse2))) [2022-11-16 12:01:58,205 INFO L899 garLoopResultBuilder]: For program point L440(lines 440 446) no Hoare annotation was computed. [2022-11-16 12:01:58,205 INFO L899 garLoopResultBuilder]: For program point L440-1(lines 440 446) no Hoare annotation was computed. [2022-11-16 12:01:58,205 INFO L895 garLoopResultBuilder]: At program point L407(lines 395 409) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (<= ~waterLevel~0 2) (= 0 ~systemActive~0)) [2022-11-16 12:01:58,205 INFO L902 garLoopResultBuilder]: At program point L1043(lines 1024 1046) the Hoare annotation is: true [2022-11-16 12:01:58,206 INFO L895 garLoopResultBuilder]: At program point L1010(lines 1006 1012) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 12:01:58,206 INFO L899 garLoopResultBuilder]: For program point L432(lines 432 436) no Hoare annotation was computed. [2022-11-16 12:01:58,206 INFO L899 garLoopResultBuilder]: For program point L399(lines 399 405) no Hoare annotation was computed. [2022-11-16 12:01:58,206 INFO L899 garLoopResultBuilder]: For program point L399-1(lines 399 405) no Hoare annotation was computed. [2022-11-16 12:01:58,206 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-16 12:01:58,206 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-16 12:01:58,207 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-16 12:01:58,207 INFO L895 garLoopResultBuilder]: At program point L507(lines 503 509) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 12:01:58,207 INFO L902 garLoopResultBuilder]: At program point L483(lines 420 487) the Hoare annotation is: true [2022-11-16 12:01:58,207 INFO L899 garLoopResultBuilder]: For program point L450(lines 450 456) no Hoare annotation was computed. [2022-11-16 12:01:58,207 INFO L899 garLoopResultBuilder]: For program point L450-1(lines 450 456) no Hoare annotation was computed. [2022-11-16 12:01:58,207 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-16 12:01:58,208 INFO L895 garLoopResultBuilder]: At program point L442(line 442) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0)) (.cse1 (= 2 ~waterLevel~0)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse4 (<= ~waterLevel~0 1)) (.cse5 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3) (and .cse0 .cse4 .cse2 .cse3) (and .cse0 .cse1 .cse5 .cse2) (and .cse6 .cse1 .cse5 .cse2) (and .cse6 (= ~methaneLevelCritical~0 0) .cse4 .cse5 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse4 .cse5 .cse2))) [2022-11-16 12:01:58,208 INFO L895 garLoopResultBuilder]: At program point L401(line 401) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-16 12:01:58,208 INFO L895 garLoopResultBuilder]: At program point L480(lines 429 481) the Hoare annotation is: false [2022-11-16 12:01:58,208 INFO L895 garLoopResultBuilder]: At program point L542(lines 537 544) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 12:01:58,209 INFO L902 garLoopResultBuilder]: At program point L1021(lines 1013 1023) the Hoare annotation is: true [2022-11-16 12:01:58,209 INFO L899 garLoopResultBuilder]: For program point L468(lines 468 474) no Hoare annotation was computed. [2022-11-16 12:01:58,209 INFO L895 garLoopResultBuilder]: At program point L468-2(lines 460 475) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-16 12:01:58,209 INFO L899 garLoopResultBuilder]: For program point L431(lines 430 479) no Hoare annotation was computed. [2022-11-16 12:01:58,209 INFO L899 garLoopResultBuilder]: For program point L460(lines 460 475) no Hoare annotation was computed. [2022-11-16 12:01:58,209 INFO L895 garLoopResultBuilder]: At program point L522(lines 517 525) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 12:01:58,210 INFO L899 garLoopResultBuilder]: For program point L1034(lines 1034 1041) no Hoare annotation was computed. [2022-11-16 12:01:58,210 INFO L899 garLoopResultBuilder]: For program point L1034-2(lines 1034 1041) no Hoare annotation was computed. [2022-11-16 12:01:58,210 INFO L895 garLoopResultBuilder]: At program point L452(line 452) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 (< 1 ~waterLevel~0) .cse1 .cse2 .cse3) (and .cse4 .cse2 .cse3 (= 0 ~systemActive~0)) (and .cse4 .cse1 .cse2 .cse3) (and .cse0 (= ~methaneLevelCritical~0 0) (<= ~waterLevel~0 1) .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)))) [2022-11-16 12:01:58,210 INFO L895 garLoopResultBuilder]: At program point L514(lines 510 516) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-16 12:01:58,210 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 208 232) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,211 INFO L895 garLoopResultBuilder]: At program point L372(lines 357 375) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2)) (and .cse1 .cse2 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0))) (and .cse1 .cse2 (= 2 ~waterLevel~0)))) (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,211 INFO L899 garLoopResultBuilder]: For program point L366(lines 366 370) no Hoare annotation was computed. [2022-11-16 12:01:58,211 INFO L899 garLoopResultBuilder]: For program point L141(lines 141 147) no Hoare annotation was computed. [2022-11-16 12:01:58,211 INFO L899 garLoopResultBuilder]: For program point L366-2(lines 366 370) no Hoare annotation was computed. [2022-11-16 12:01:58,211 INFO L895 garLoopResultBuilder]: At program point L290(lines 285 292) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2))))) [2022-11-16 12:01:58,212 INFO L895 garLoopResultBuilder]: At program point L222(line 222) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~0#1| 0)) (not (<= ~waterLevel~0 2))) (or (not (= ~waterLevel~0 1)) .cse0 .cse1 (and (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~3#1| 0)))) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,212 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 208 232) no Hoare annotation was computed. [2022-11-16 12:01:58,212 INFO L899 garLoopResultBuilder]: For program point L216(lines 216 224) no Hoare annotation was computed. [2022-11-16 12:01:58,212 INFO L899 garLoopResultBuilder]: For program point L212(lines 212 229) no Hoare annotation was computed. [2022-11-16 12:01:58,213 INFO L895 garLoopResultBuilder]: At program point L146(lines 137 150) the Hoare annotation is: (let ((.cse5 (<= ~waterLevel~0 1))) (let ((.cse4 (not .cse5)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (= ~pumpRunning~0 0)) (.cse3 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))) (and (or .cse0 .cse1 (and .cse2 (not .cse3)) .cse4) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) .cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 .cse1 .cse5 (and .cse2 .cse3) (not (<= ~waterLevel~0 2)))))) [2022-11-16 12:01:58,213 INFO L895 garLoopResultBuilder]: At program point L227(line 227) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,213 INFO L899 garLoopResultBuilder]: For program point L227-1(lines 208 232) no Hoare annotation was computed. [2022-11-16 12:01:58,213 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 72 83) no Hoare annotation was computed. [2022-11-16 12:01:58,213 INFO L899 garLoopResultBuilder]: For program point L76-1(lines 72 83) no Hoare annotation was computed. [2022-11-16 12:01:58,214 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 72 83) the Hoare annotation is: (let ((.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse5 (not (<= 1 ~pumpRunning~0))) (.cse6 (not (= |old(~waterLevel~0)| 2))) (.cse3 (not (= 0 ~systemActive~0))) (.cse1 (not (= ~pumpRunning~0 0))) (.cse4 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse5 .cse6 .cse2) (or .cse0 .cse4 (not (= ~methaneLevelCritical~0 0)) .cse5 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse1 .cse6 .cse2 .cse3) (or .cse1 .cse4 .cse2 (not (<= |old(~waterLevel~0)| 2))))) [2022-11-16 12:01:58,214 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 234 258) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,214 INFO L895 garLoopResultBuilder]: At program point L248(line 248) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,215 INFO L895 garLoopResultBuilder]: At program point L244(line 244) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,215 INFO L899 garLoopResultBuilder]: For program point L242(lines 242 250) no Hoare annotation was computed. [2022-11-16 12:01:58,215 INFO L899 garLoopResultBuilder]: For program point L238(lines 238 255) no Hoare annotation was computed. [2022-11-16 12:01:58,215 INFO L895 garLoopResultBuilder]: At program point L391(lines 376 394) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,215 INFO L899 garLoopResultBuilder]: For program point L385(lines 385 389) no Hoare annotation was computed. [2022-11-16 12:01:58,215 INFO L899 garLoopResultBuilder]: For program point L385-2(lines 385 389) no Hoare annotation was computed. [2022-11-16 12:01:58,216 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 234 258) no Hoare annotation was computed. [2022-11-16 12:01:58,216 INFO L895 garLoopResultBuilder]: At program point L253(line 253) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0 (not (<= ~waterLevel~0 2))))) [2022-11-16 12:01:58,216 INFO L895 garLoopResultBuilder]: At program point L156(lines 151 159) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (<= ~waterLevel~0 2))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 12:01:58,216 INFO L899 garLoopResultBuilder]: For program point L253-1(lines 234 258) no Hoare annotation was computed. [2022-11-16 12:01:58,216 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 312 320) no Hoare annotation was computed. [2022-11-16 12:01:58,217 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 312 320) the Hoare annotation is: true [2022-11-16 12:01:58,217 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 312 320) no Hoare annotation was computed. [2022-11-16 12:01:58,220 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:01:58,222 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-16 12:01:58,266 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 16.11 12:01:58 BoogieIcfgContainer [2022-11-16 12:01:58,266 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-16 12:01:58,267 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-16 12:01:58,267 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-16 12:01:58,267 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-16 12:01:58,268 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 12:01:21" (3/4) ... [2022-11-16 12:01:58,271 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-16 12:01:58,277 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-16 12:01:58,277 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-16 12:01:58,278 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-16 12:01:58,278 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-16 12:01:58,278 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-16 12:01:58,278 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 12:01:58,278 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-16 12:01:58,279 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-11-16 12:01:58,279 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-16 12:01:58,286 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 54 nodes and edges [2022-11-16 12:01:58,287 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-11-16 12:01:58,287 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-11-16 12:01:58,288 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-16 12:01:58,288 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-16 12:01:58,289 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 12:01:58,289 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 12:01:58,314 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) [2022-11-16 12:01:58,315 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || waterLevel + 1 <= \old(waterLevel)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 12:01:58,315 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 1 == systemActive)) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) [2022-11-16 12:01:58,316 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((methaneLevelCritical == \result && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((((!(\old(waterLevel) <= 1) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (pumpRunning == 0 && waterLevel == 1)) || !(\old(waterLevel) <= 2)) || (methaneLevelCritical == 0 && waterLevel == 1))) && ((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 12:01:58,316 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) [2022-11-16 12:01:58,317 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel))) && (((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (pumpRunning == 0 && 1 == systemActive)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) [2022-11-16 12:01:58,317 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 12:01:58,318 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((((!(1 == systemActive) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 12:01:58,318 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-16 12:01:58,318 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 1)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || waterLevel <= 1) || (pumpRunning == 0 && \result == 0)) || !(waterLevel <= 2)) [2022-11-16 12:01:58,318 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-16 12:01:58,319 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && !(\result == 0)) && \result == 0) && tmp___0 == 0) && !(tmp == 0))) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) [2022-11-16 12:01:58,319 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) [2022-11-16 12:01:58,350 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/witness.graphml [2022-11-16 12:01:58,350 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-16 12:01:58,351 INFO L158 Benchmark]: Toolchain (without parser) took 37996.98ms. Allocated memory was 104.9MB in the beginning and 362.8MB in the end (delta: 257.9MB). Free memory was 73.8MB in the beginning and 155.2MB in the end (delta: -81.4MB). Peak memory consumption was 176.5MB. Max. memory is 16.1GB. [2022-11-16 12:01:58,351 INFO L158 Benchmark]: CDTParser took 0.33ms. Allocated memory is still 104.9MB. Free memory is still 56.2MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 12:01:58,352 INFO L158 Benchmark]: CACSL2BoogieTranslator took 525.29ms. Allocated memory is still 104.9MB. Free memory was 73.5MB in the beginning and 72.4MB in the end (delta: 1.1MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-11-16 12:01:58,352 INFO L158 Benchmark]: Boogie Procedure Inliner took 55.69ms. Allocated memory is still 104.9MB. Free memory was 72.4MB in the beginning and 69.6MB in the end (delta: 2.8MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-11-16 12:01:58,352 INFO L158 Benchmark]: Boogie Preprocessor took 51.88ms. Allocated memory is still 104.9MB. Free memory was 69.6MB in the beginning and 67.9MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 12:01:58,353 INFO L158 Benchmark]: RCFGBuilder took 780.18ms. Allocated memory is still 104.9MB. Free memory was 67.9MB in the beginning and 47.6MB in the end (delta: 20.2MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-16 12:01:58,353 INFO L158 Benchmark]: TraceAbstraction took 36491.27ms. Allocated memory was 104.9MB in the beginning and 362.8MB in the end (delta: 257.9MB). Free memory was 46.9MB in the beginning and 162.6MB in the end (delta: -115.7MB). Peak memory consumption was 191.9MB. Max. memory is 16.1GB. [2022-11-16 12:01:58,354 INFO L158 Benchmark]: Witness Printer took 83.24ms. Allocated memory is still 362.8MB. Free memory was 162.6MB in the beginning and 155.2MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-16 12:01:58,355 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.33ms. Allocated memory is still 104.9MB. Free memory is still 56.2MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 525.29ms. Allocated memory is still 104.9MB. Free memory was 73.5MB in the beginning and 72.4MB in the end (delta: 1.1MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 55.69ms. Allocated memory is still 104.9MB. Free memory was 72.4MB in the beginning and 69.6MB in the end (delta: 2.8MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 51.88ms. Allocated memory is still 104.9MB. Free memory was 69.6MB in the beginning and 67.9MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 780.18ms. Allocated memory is still 104.9MB. Free memory was 67.9MB in the beginning and 47.6MB in the end (delta: 20.2MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 36491.27ms. Allocated memory was 104.9MB in the beginning and 362.8MB in the end (delta: 257.9MB). Free memory was 46.9MB in the beginning and 162.6MB in the end (delta: -115.7MB). Peak memory consumption was 191.9MB. Max. memory is 16.1GB. * Witness Printer took 83.24ms. Allocated memory is still 362.8MB. Free memory was 162.6MB in the beginning and 155.2MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 531]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 110 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 36.3s, OverallIterations: 12, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 8.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 20.6s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 3748 SdHoareTripleChecker+Valid, 4.9s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 3686 mSDsluCounter, 6242 SdHoareTripleChecker+Invalid, 4.0s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4687 mSDsCounter, 1358 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 5546 IncrementalHoareTripleChecker+Invalid, 6904 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1358 mSolverCounterUnsat, 1555 mSDtfsCounter, 5546 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1042 GetRequests, 811 SyntacticMatches, 10 SemanticMatches, 221 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2151 ImplicationChecksByTransitivity, 2.9s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1648occurred in iteration=11, InterpolantAutomatonStates: 199, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.9s AutomataMinimizationTime, 12 MinimizatonAttempts, 560 StatesRemovedByMinimization, 9 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 52 LocationsWithAnnotation, 4448 PreInvPairs, 5106 NumberOfFragments, 4967 HoareAnnotationTreeSize, 4448 FomulaSimplifications, 11971 FormulaSimplificationTreeSizeReduction, 2.2s HoareSimplificationTime, 52 FomulaSimplificationsInter, 63385 FormulaSimplificationTreeSizeReductionInter, 18.2s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 4.6s InterpolantComputationTime, 1270 NumberOfCodeBlocks, 1270 NumberOfCodeBlocksAsserted, 14 NumberOfCheckSat, 1560 ConstructedInterpolants, 0 QuantifiedInterpolants, 3089 SizeOfPredicates, 6 NumberOfNonLiveVariables, 1245 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 16 InterpolantComputations, 10 PerfectInterpolantSequences, 873/978 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 420]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 128]: Loop Invariant Derived loop invariant: ((((((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel))) && (((((!(\old(waterLevel) <= 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (pumpRunning == 0 && 1 == systemActive)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && waterLevel == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive)) - InvariantResult [Line: 555]: Loop Invariant Derived loop invariant: (((((((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 1 == systemActive)) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || (((1 <= pumpRunning && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && waterLevel == \result) && \old(waterLevel) == waterLevel) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || (((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && waterLevel == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && waterLevel == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 376]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 537]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 952]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 527]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) - InvariantResult [Line: 410]: Loop Invariant Derived loop invariant: (((((1 <= pumpRunning && 1 < waterLevel) && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2)) || ((((1 <= pumpRunning && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) - InvariantResult [Line: 301]: Loop Invariant Derived loop invariant: ((((((((((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((((!(1 == systemActive) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == \result) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 510]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 395]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive - InvariantResult [Line: 1024]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 429]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 1006]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 1013]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 96]: Loop Invariant Derived loop invariant: (((((((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((((((!(\old(waterLevel) <= 1) || (((pumpRunning == \old(pumpRunning) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (((((((1 <= pumpRunning && pumpRunning == \old(pumpRunning)) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 545]: Loop Invariant Derived loop invariant: (((((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive))) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 503]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 260]: Loop Invariant Derived loop invariant: ((((((((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && (((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((methaneLevelCritical == \result && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && 2 == waterLevel) && \old(waterLevel) == waterLevel))) && ((((((!(\old(waterLevel) <= 1) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (((((!(\old(waterLevel) == 1) || methaneLevelCritical == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (pumpRunning == 0 && waterLevel == 1)) || !(\old(waterLevel) <= 2)) || (methaneLevelCritical == 0 && waterLevel == 1))) && ((((((((((((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS) || (((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || (((((pumpRunning == \old(pumpRunning) && methaneLevelCritical == \result) && tmp == methaneLevelCritical) && \result == methaneLevelCritical) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || ((((((((methaneLevelCritical == \result && pumpRunning == 0) && tmp == methaneLevelCritical) && methaneLevelCritical == 0) && \result == methaneLevelCritical) && waterLevel <= 1) && 1 == systemActive) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 60]: Loop Invariant Derived loop invariant: (((((((((!(\old(waterLevel) == 1) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || waterLevel + 1 <= \old(waterLevel)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || ((pumpRunning == \old(pumpRunning) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 151]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) && (((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 430]: Loop Invariant Derived loop invariant: (((((((pumpRunning == 0 && 2 == waterLevel) && splverifierCounter == 0) && 0 == systemActive) || (((pumpRunning == 0 && waterLevel <= 1) && splverifierCounter == 0) && 0 == systemActive)) || (((pumpRunning == 0 && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || (((1 <= pumpRunning && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0)) || (((((1 <= pumpRunning && methaneLevelCritical == 0) && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS)) || (((pumpRunning == 0 && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 962]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 137]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(waterLevel <= 1)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || waterLevel <= 1) || (pumpRunning == 0 && \result == 0)) || !(waterLevel <= 2)) - InvariantResult [Line: 357]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && !(\result == 0)) && \result == 0) && tmp___0 == 0) && !(tmp == 0))) || ((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && 2 == waterLevel)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 517]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 285]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || !(waterLevel <= 1)) || !(1 <= switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) RESULT: Ultimate proved your program to be correct! [2022-11-16 12:01:58,402 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0a7258bd-868f-4713-8f36-6e51653ddebc/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE