./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e04fb08f Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 323b2112d56f35ec9fc5a7837411d8e54d2d46e3d8981d77e080eaf0dd99497b --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-e04fb08 [2022-11-16 11:15:22,318 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-16 11:15:22,321 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-16 11:15:22,346 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-16 11:15:22,347 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-16 11:15:22,348 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-16 11:15:22,349 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-16 11:15:22,357 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-16 11:15:22,362 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-16 11:15:22,367 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-16 11:15:22,368 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-16 11:15:22,369 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-16 11:15:22,369 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-16 11:15:22,370 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-16 11:15:22,371 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-16 11:15:22,372 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-16 11:15:22,373 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-16 11:15:22,373 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-16 11:15:22,375 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-16 11:15:22,376 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-16 11:15:22,378 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-16 11:15:22,383 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-16 11:15:22,387 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-16 11:15:22,388 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-16 11:15:22,399 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-16 11:15:22,404 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-16 11:15:22,404 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-16 11:15:22,405 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-16 11:15:22,406 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-16 11:15:22,407 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-16 11:15:22,408 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-16 11:15:22,409 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-16 11:15:22,411 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-16 11:15:22,412 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-16 11:15:22,413 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-16 11:15:22,413 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-16 11:15:22,414 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-16 11:15:22,414 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-16 11:15:22,414 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-16 11:15:22,415 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-16 11:15:22,416 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-16 11:15:22,417 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-16 11:15:22,457 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-16 11:15:22,457 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-16 11:15:22,458 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-16 11:15:22,458 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-16 11:15:22,459 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-16 11:15:22,460 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-16 11:15:22,460 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-16 11:15:22,460 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-16 11:15:22,461 INFO L138 SettingsManager]: * Use SBE=true [2022-11-16 11:15:22,461 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-16 11:15:22,462 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-16 11:15:22,462 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-16 11:15:22,463 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-16 11:15:22,463 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-16 11:15:22,463 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-16 11:15:22,463 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-16 11:15:22,463 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-16 11:15:22,464 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-16 11:15:22,464 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-16 11:15:22,464 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-16 11:15:22,464 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-16 11:15:22,465 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-16 11:15:22,465 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-16 11:15:22,465 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-16 11:15:22,465 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 11:15:22,465 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-16 11:15:22,466 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-16 11:15:22,466 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-16 11:15:22,466 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-16 11:15:22,466 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-16 11:15:22,468 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-16 11:15:22,468 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-16 11:15:22,469 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-16 11:15:22,469 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 323b2112d56f35ec9fc5a7837411d8e54d2d46e3d8981d77e080eaf0dd99497b [2022-11-16 11:15:22,763 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-16 11:15:22,784 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-16 11:15:22,787 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-16 11:15:22,788 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-16 11:15:22,789 INFO L275 PluginConnector]: CDTParser initialized [2022-11-16 11:15:22,790 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/../../sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c [2022-11-16 11:15:22,851 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/data/d2f0f40f9/9812d77750744fc3922493348a37aadf/FLAG2e492fe20 [2022-11-16 11:15:23,420 INFO L306 CDTParser]: Found 1 translation units. [2022-11-16 11:15:23,427 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c [2022-11-16 11:15:23,438 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/data/d2f0f40f9/9812d77750744fc3922493348a37aadf/FLAG2e492fe20 [2022-11-16 11:15:23,739 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/data/d2f0f40f9/9812d77750744fc3922493348a37aadf [2022-11-16 11:15:23,741 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-16 11:15:23,743 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-16 11:15:23,747 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-16 11:15:23,748 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-16 11:15:23,752 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-16 11:15:23,753 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 11:15:23" (1/1) ... [2022-11-16 11:15:23,754 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@417adc0a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:23, skipping insertion in model container [2022-11-16 11:15:23,754 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 11:15:23" (1/1) ... [2022-11-16 11:15:23,761 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-16 11:15:23,823 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-16 11:15:24,111 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c[9626,9639] [2022-11-16 11:15:24,165 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 11:15:24,178 INFO L203 MainTranslator]: Completed pre-run [2022-11-16 11:15:24,252 WARN L229 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c[9626,9639] [2022-11-16 11:15:24,295 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 11:15:24,324 INFO L208 MainTranslator]: Completed translation [2022-11-16 11:15:24,324 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24 WrapperNode [2022-11-16 11:15:24,324 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-16 11:15:24,325 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-16 11:15:24,325 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-16 11:15:24,325 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-16 11:15:24,332 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,345 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,375 INFO L138 Inliner]: procedures = 61, calls = 166, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 302 [2022-11-16 11:15:24,375 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-16 11:15:24,376 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-16 11:15:24,376 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-16 11:15:24,376 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-16 11:15:24,386 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,386 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,389 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,389 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,396 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,401 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,403 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,404 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,407 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-16 11:15:24,407 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-16 11:15:24,408 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-16 11:15:24,408 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-16 11:15:24,409 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (1/1) ... [2022-11-16 11:15:24,415 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 11:15:24,431 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:15:24,444 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-16 11:15:24,475 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-16 11:15:24,529 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-16 11:15:24,529 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-16 11:15:24,529 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-16 11:15:24,529 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-16 11:15:24,530 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-16 11:15:24,530 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-16 11:15:24,530 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-16 11:15:24,533 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:15:24,533 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:15:24,533 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-16 11:15:24,533 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-16 11:15:24,533 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__methaneQuery [2022-11-16 11:15:24,534 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__methaneQuery [2022-11-16 11:15:24,534 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-16 11:15:24,534 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-16 11:15:24,534 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2022-11-16 11:15:24,534 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2022-11-16 11:15:24,534 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-16 11:15:24,535 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-16 11:15:24,535 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-16 11:15:24,535 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-16 11:15:24,535 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-16 11:15:24,535 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-16 11:15:24,535 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-16 11:15:24,667 INFO L235 CfgBuilder]: Building ICFG [2022-11-16 11:15:24,670 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-16 11:15:25,153 INFO L276 CfgBuilder]: Performing block encoding [2022-11-16 11:15:25,180 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-16 11:15:25,181 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-16 11:15:25,183 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:15:25 BoogieIcfgContainer [2022-11-16 11:15:25,183 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-16 11:15:25,186 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-16 11:15:25,187 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-16 11:15:25,191 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-16 11:15:25,191 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 16.11 11:15:23" (1/3) ... [2022-11-16 11:15:25,192 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@625f5960 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 11:15:25, skipping insertion in model container [2022-11-16 11:15:25,192 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 11:15:24" (2/3) ... [2022-11-16 11:15:25,193 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@625f5960 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 11:15:25, skipping insertion in model container [2022-11-16 11:15:25,193 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:15:25" (3/3) ... [2022-11-16 11:15:25,199 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product64.cil.c [2022-11-16 11:15:25,223 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-16 11:15:25,223 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-16 11:15:25,330 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-16 11:15:25,338 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@72bc26b, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-16 11:15:25,338 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-16 11:15:25,344 INFO L276 IsEmpty]: Start isEmpty. Operand has 118 states, 87 states have (on average 1.3563218390804597) internal successors, (118), 98 states have internal predecessors, (118), 19 states have call successors, (19), 10 states have call predecessors, (19), 10 states have return successors, (19), 14 states have call predecessors, (19), 19 states have call successors, (19) [2022-11-16 11:15:25,357 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-16 11:15:25,357 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:25,358 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:25,359 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:25,365 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:25,366 INFO L85 PathProgramCache]: Analyzing trace with hash 1423497268, now seen corresponding path program 1 times [2022-11-16 11:15:25,378 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:25,379 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [174861907] [2022-11-16 11:15:25,379 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:25,380 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:25,552 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:25,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-16 11:15:25,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:25,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-16 11:15:25,762 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:25,769 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:25,779 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:25,780 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [174861907] [2022-11-16 11:15:25,781 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [174861907] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:25,781 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:25,781 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-16 11:15:25,783 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2097956964] [2022-11-16 11:15:25,784 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:25,790 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-16 11:15:25,792 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:25,837 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-16 11:15:25,837 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 11:15:25,840 INFO L87 Difference]: Start difference. First operand has 118 states, 87 states have (on average 1.3563218390804597) internal successors, (118), 98 states have internal predecessors, (118), 19 states have call successors, (19), 10 states have call predecessors, (19), 10 states have return successors, (19), 14 states have call predecessors, (19), 19 states have call successors, (19) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:15:25,890 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:25,890 INFO L93 Difference]: Finished difference Result 227 states and 306 transitions. [2022-11-16 11:15:25,891 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-16 11:15:25,899 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-16 11:15:25,901 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:25,911 INFO L225 Difference]: With dead ends: 227 [2022-11-16 11:15:25,911 INFO L226 Difference]: Without dead ends: 109 [2022-11-16 11:15:25,916 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-16 11:15:25,919 INFO L413 NwaCegarLoop]: 150 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 150 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:25,920 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 150 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:15:25,945 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 109 states. [2022-11-16 11:15:26,004 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 109 to 109. [2022-11-16 11:15:26,008 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 109 states, 80 states have (on average 1.3) internal successors, (104), 90 states have internal predecessors, (104), 19 states have call successors, (19), 10 states have call predecessors, (19), 9 states have return successors, (18), 13 states have call predecessors, (18), 18 states have call successors, (18) [2022-11-16 11:15:26,012 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 109 states to 109 states and 141 transitions. [2022-11-16 11:15:26,018 INFO L78 Accepts]: Start accepts. Automaton has 109 states and 141 transitions. Word has length 32 [2022-11-16 11:15:26,019 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:26,019 INFO L495 AbstractCegarLoop]: Abstraction has 109 states and 141 transitions. [2022-11-16 11:15:26,020 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:15:26,021 INFO L276 IsEmpty]: Start isEmpty. Operand 109 states and 141 transitions. [2022-11-16 11:15:26,024 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-11-16 11:15:26,024 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:26,024 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:26,025 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-16 11:15:26,025 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:26,026 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:26,026 INFO L85 PathProgramCache]: Analyzing trace with hash -1062885571, now seen corresponding path program 1 times [2022-11-16 11:15:26,026 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:26,027 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [742152800] [2022-11-16 11:15:26,027 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:26,027 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:26,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,161 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-16 11:15:26,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,166 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-11-16 11:15:26,168 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,170 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:26,170 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:26,171 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [742152800] [2022-11-16 11:15:26,171 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [742152800] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:26,171 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:26,171 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 11:15:26,172 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [359047550] [2022-11-16 11:15:26,172 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:26,173 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-16 11:15:26,173 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:26,174 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-16 11:15:26,174 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:15:26,174 INFO L87 Difference]: Start difference. First operand 109 states and 141 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:15:26,198 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:26,198 INFO L93 Difference]: Finished difference Result 178 states and 230 transitions. [2022-11-16 11:15:26,199 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-16 11:15:26,199 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-11-16 11:15:26,199 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:26,201 INFO L225 Difference]: With dead ends: 178 [2022-11-16 11:15:26,201 INFO L226 Difference]: Without dead ends: 100 [2022-11-16 11:15:26,202 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-16 11:15:26,203 INFO L413 NwaCegarLoop]: 128 mSDtfsCounter, 17 mSDsluCounter, 106 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 234 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:26,204 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 234 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 11:15:26,205 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 100 states. [2022-11-16 11:15:26,214 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 100 to 100. [2022-11-16 11:15:26,217 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 100 states, 74 states have (on average 1.3108108108108107) internal successors, (97), 84 states have internal predecessors, (97), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-16 11:15:26,220 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 100 states to 100 states and 129 transitions. [2022-11-16 11:15:26,224 INFO L78 Accepts]: Start accepts. Automaton has 100 states and 129 transitions. Word has length 33 [2022-11-16 11:15:26,225 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:26,225 INFO L495 AbstractCegarLoop]: Abstraction has 100 states and 129 transitions. [2022-11-16 11:15:26,225 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:15:26,226 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 129 transitions. [2022-11-16 11:15:26,227 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-11-16 11:15:26,227 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:26,227 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:26,229 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-16 11:15:26,229 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:26,229 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:26,232 INFO L85 PathProgramCache]: Analyzing trace with hash 214115468, now seen corresponding path program 1 times [2022-11-16 11:15:26,232 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:26,232 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1781660591] [2022-11-16 11:15:26,233 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:26,233 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:26,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 11:15:26,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,502 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-11-16 11:15:26,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,506 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:26,506 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:26,507 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1781660591] [2022-11-16 11:15:26,507 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1781660591] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:26,507 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:26,508 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-16 11:15:26,508 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1119642341] [2022-11-16 11:15:26,508 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:26,511 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-16 11:15:26,511 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:26,512 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-16 11:15:26,512 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 11:15:26,512 INFO L87 Difference]: Start difference. First operand 100 states and 129 transitions. Second operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:15:26,697 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:26,697 INFO L93 Difference]: Finished difference Result 239 states and 312 transitions. [2022-11-16 11:15:26,703 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-16 11:15:26,704 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-11-16 11:15:26,704 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:26,706 INFO L225 Difference]: With dead ends: 239 [2022-11-16 11:15:26,706 INFO L226 Difference]: Without dead ends: 147 [2022-11-16 11:15:26,707 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-11-16 11:15:26,708 INFO L413 NwaCegarLoop]: 142 mSDtfsCounter, 190 mSDsluCounter, 289 mSDsCounter, 0 mSdLazyCounter, 12 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 190 SdHoareTripleChecker+Valid, 431 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 12 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:26,709 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [190 Valid, 431 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 12 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:15:26,710 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 147 states. [2022-11-16 11:15:26,737 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 147 to 144. [2022-11-16 11:15:26,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 144 states, 107 states have (on average 1.3271028037383177) internal successors, (142), 120 states have internal predecessors, (142), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (23), 16 states have call predecessors, (23), 22 states have call successors, (23) [2022-11-16 11:15:26,739 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 144 states to 144 states and 187 transitions. [2022-11-16 11:15:26,739 INFO L78 Accepts]: Start accepts. Automaton has 144 states and 187 transitions. Word has length 38 [2022-11-16 11:15:26,740 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:26,740 INFO L495 AbstractCegarLoop]: Abstraction has 144 states and 187 transitions. [2022-11-16 11:15:26,740 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 11:15:26,740 INFO L276 IsEmpty]: Start isEmpty. Operand 144 states and 187 transitions. [2022-11-16 11:15:26,742 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-11-16 11:15:26,742 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:26,742 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:26,743 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-16 11:15:26,747 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:26,748 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:26,749 INFO L85 PathProgramCache]: Analyzing trace with hash 384205224, now seen corresponding path program 1 times [2022-11-16 11:15:26,749 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:26,749 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1628237714] [2022-11-16 11:15:26,751 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:26,751 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:26,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-16 11:15:26,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-11-16 11:15:26,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:26,975 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-16 11:15:26,975 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:26,976 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1628237714] [2022-11-16 11:15:26,976 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1628237714] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:26,976 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:26,976 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 11:15:26,976 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1156337351] [2022-11-16 11:15:26,977 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:26,977 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:15:26,977 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:26,978 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:15:26,978 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 11:15:26,978 INFO L87 Difference]: Start difference. First operand 144 states and 187 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:15:27,140 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:27,140 INFO L93 Difference]: Finished difference Result 337 states and 449 transitions. [2022-11-16 11:15:27,141 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-16 11:15:27,141 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-11-16 11:15:27,141 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:27,143 INFO L225 Difference]: With dead ends: 337 [2022-11-16 11:15:27,143 INFO L226 Difference]: Without dead ends: 201 [2022-11-16 11:15:27,145 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-16 11:15:27,146 INFO L413 NwaCegarLoop]: 138 mSDtfsCounter, 67 mSDsluCounter, 452 mSDsCounter, 0 mSdLazyCounter, 80 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 590 SdHoareTripleChecker+Invalid, 92 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 80 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:27,146 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [68 Valid, 590 Invalid, 92 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 80 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:15:27,147 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 201 states. [2022-11-16 11:15:27,169 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 201 to 191. [2022-11-16 11:15:27,169 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 191 states, 143 states have (on average 1.2587412587412588) internal successors, (180), 155 states have internal predecessors, (180), 26 states have call successors, (26), 21 states have call predecessors, (26), 21 states have return successors, (34), 24 states have call predecessors, (34), 26 states have call successors, (34) [2022-11-16 11:15:27,171 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 191 states to 191 states and 240 transitions. [2022-11-16 11:15:27,171 INFO L78 Accepts]: Start accepts. Automaton has 191 states and 240 transitions. Word has length 41 [2022-11-16 11:15:27,171 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:27,172 INFO L495 AbstractCegarLoop]: Abstraction has 191 states and 240 transitions. [2022-11-16 11:15:27,172 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-16 11:15:27,172 INFO L276 IsEmpty]: Start isEmpty. Operand 191 states and 240 transitions. [2022-11-16 11:15:27,173 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 69 [2022-11-16 11:15:27,173 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:27,174 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:27,174 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-16 11:15:27,174 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:27,175 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:27,175 INFO L85 PathProgramCache]: Analyzing trace with hash -602736799, now seen corresponding path program 1 times [2022-11-16 11:15:27,175 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:27,175 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [990890814] [2022-11-16 11:15:27,175 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:27,176 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:27,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-11-16 11:15:27,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,253 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-11-16 11:15:27,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:27,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,271 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:27,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,275 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-11-16 11:15:27,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,278 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:27,279 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:27,279 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [990890814] [2022-11-16 11:15:27,279 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [990890814] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:27,279 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:27,279 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-16 11:15:27,280 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1406504324] [2022-11-16 11:15:27,280 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:27,280 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-16 11:15:27,280 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:27,281 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-16 11:15:27,281 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-16 11:15:27,281 INFO L87 Difference]: Start difference. First operand 191 states and 240 transitions. Second operand has 4 states, 4 states have (on average 13.75) internal successors, (55), 3 states have internal predecessors, (55), 3 states have call successors, (6), 3 states have call predecessors, (6), 1 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-16 11:15:27,452 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:27,452 INFO L93 Difference]: Finished difference Result 405 states and 508 transitions. [2022-11-16 11:15:27,453 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-16 11:15:27,453 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 13.75) internal successors, (55), 3 states have internal predecessors, (55), 3 states have call successors, (6), 3 states have call predecessors, (6), 1 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) Word has length 68 [2022-11-16 11:15:27,453 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:27,455 INFO L225 Difference]: With dead ends: 405 [2022-11-16 11:15:27,455 INFO L226 Difference]: Without dead ends: 222 [2022-11-16 11:15:27,456 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 12 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-11-16 11:15:27,457 INFO L413 NwaCegarLoop]: 130 mSDtfsCounter, 107 mSDsluCounter, 153 mSDsCounter, 0 mSdLazyCounter, 98 mSolverCounterSat, 26 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 116 SdHoareTripleChecker+Valid, 283 SdHoareTripleChecker+Invalid, 124 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 26 IncrementalHoareTripleChecker+Valid, 98 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:27,458 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [116 Valid, 283 Invalid, 124 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [26 Valid, 98 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:15:27,459 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 222 states. [2022-11-16 11:15:27,482 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 222 to 218. [2022-11-16 11:15:27,483 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 218 states, 163 states have (on average 1.2453987730061349) internal successors, (203), 175 states have internal predecessors, (203), 28 states have call successors, (28), 21 states have call predecessors, (28), 26 states have return successors, (39), 30 states have call predecessors, (39), 28 states have call successors, (39) [2022-11-16 11:15:27,484 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 218 states to 218 states and 270 transitions. [2022-11-16 11:15:27,485 INFO L78 Accepts]: Start accepts. Automaton has 218 states and 270 transitions. Word has length 68 [2022-11-16 11:15:27,485 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:27,485 INFO L495 AbstractCegarLoop]: Abstraction has 218 states and 270 transitions. [2022-11-16 11:15:27,485 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 13.75) internal successors, (55), 3 states have internal predecessors, (55), 3 states have call successors, (6), 3 states have call predecessors, (6), 1 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-16 11:15:27,486 INFO L276 IsEmpty]: Start isEmpty. Operand 218 states and 270 transitions. [2022-11-16 11:15:27,487 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 66 [2022-11-16 11:15:27,487 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:27,487 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:27,488 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-16 11:15:27,488 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:27,488 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:27,488 INFO L85 PathProgramCache]: Analyzing trace with hash -578050563, now seen corresponding path program 1 times [2022-11-16 11:15:27,489 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:27,489 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [689090413] [2022-11-16 11:15:27,489 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:27,489 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:27,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 11:15:27,574 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-16 11:15:27,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:27,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:27,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-11-16 11:15:27,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:27,639 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:27,639 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:27,639 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [689090413] [2022-11-16 11:15:27,640 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [689090413] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:27,640 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:27,640 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-16 11:15:27,640 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [617061924] [2022-11-16 11:15:27,640 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:27,641 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-16 11:15:27,641 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:27,641 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-16 11:15:27,641 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-16 11:15:27,642 INFO L87 Difference]: Start difference. First operand 218 states and 270 transitions. Second operand has 6 states, 6 states have (on average 8.666666666666666) internal successors, (52), 5 states have internal predecessors, (52), 2 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2022-11-16 11:15:27,910 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:27,910 INFO L93 Difference]: Finished difference Result 438 states and 557 transitions. [2022-11-16 11:15:27,911 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 11:15:27,911 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 8.666666666666666) internal successors, (52), 5 states have internal predecessors, (52), 2 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) Word has length 65 [2022-11-16 11:15:27,912 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:27,914 INFO L225 Difference]: With dead ends: 438 [2022-11-16 11:15:27,914 INFO L226 Difference]: Without dead ends: 228 [2022-11-16 11:15:27,916 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 21 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:15:27,925 INFO L413 NwaCegarLoop]: 103 mSDtfsCounter, 82 mSDsluCounter, 341 mSDsCounter, 0 mSdLazyCounter, 159 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 87 SdHoareTripleChecker+Valid, 444 SdHoareTripleChecker+Invalid, 188 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 159 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:27,928 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [87 Valid, 444 Invalid, 188 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 159 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:15:27,929 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 228 states. [2022-11-16 11:15:27,961 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 228 to 221. [2022-11-16 11:15:27,962 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 221 states, 166 states have (on average 1.2409638554216869) internal successors, (206), 178 states have internal predecessors, (206), 28 states have call successors, (28), 21 states have call predecessors, (28), 26 states have return successors, (39), 30 states have call predecessors, (39), 28 states have call successors, (39) [2022-11-16 11:15:27,964 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 221 states to 221 states and 273 transitions. [2022-11-16 11:15:27,964 INFO L78 Accepts]: Start accepts. Automaton has 221 states and 273 transitions. Word has length 65 [2022-11-16 11:15:27,964 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:27,964 INFO L495 AbstractCegarLoop]: Abstraction has 221 states and 273 transitions. [2022-11-16 11:15:27,965 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 8.666666666666666) internal successors, (52), 5 states have internal predecessors, (52), 2 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2022-11-16 11:15:27,965 INFO L276 IsEmpty]: Start isEmpty. Operand 221 states and 273 transitions. [2022-11-16 11:15:27,966 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 66 [2022-11-16 11:15:27,967 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:27,967 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:27,967 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-16 11:15:27,968 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:27,968 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:27,968 INFO L85 PathProgramCache]: Analyzing trace with hash 808152831, now seen corresponding path program 1 times [2022-11-16 11:15:27,969 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:27,969 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [822590711] [2022-11-16 11:15:27,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:27,969 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:27,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 11:15:28,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-16 11:15:28,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:28,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:28,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-11-16 11:15:28,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,185 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:28,186 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:28,186 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [822590711] [2022-11-16 11:15:28,187 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [822590711] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:28,187 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:28,188 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-16 11:15:28,188 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1724894508] [2022-11-16 11:15:28,188 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:28,188 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-16 11:15:28,188 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:28,189 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-16 11:15:28,189 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 11:15:28,189 INFO L87 Difference]: Start difference. First operand 221 states and 273 transitions. Second operand has 5 states, 5 states have (on average 10.4) internal successors, (52), 4 states have internal predecessors, (52), 2 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2022-11-16 11:15:28,402 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:28,408 INFO L93 Difference]: Finished difference Result 444 states and 562 transitions. [2022-11-16 11:15:28,408 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-16 11:15:28,409 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.4) internal successors, (52), 4 states have internal predecessors, (52), 2 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) Word has length 65 [2022-11-16 11:15:28,410 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:28,413 INFO L225 Difference]: With dead ends: 444 [2022-11-16 11:15:28,413 INFO L226 Difference]: Without dead ends: 231 [2022-11-16 11:15:28,414 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-11-16 11:15:28,419 INFO L413 NwaCegarLoop]: 105 mSDtfsCounter, 83 mSDsluCounter, 242 mSDsCounter, 0 mSdLazyCounter, 125 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 89 SdHoareTripleChecker+Valid, 347 SdHoareTripleChecker+Invalid, 148 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 125 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:28,419 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [89 Valid, 347 Invalid, 148 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 125 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 11:15:28,421 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 231 states. [2022-11-16 11:15:28,451 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 231 to 223. [2022-11-16 11:15:28,452 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 223 states, 168 states have (on average 1.2380952380952381) internal successors, (208), 180 states have internal predecessors, (208), 28 states have call successors, (28), 21 states have call predecessors, (28), 26 states have return successors, (39), 30 states have call predecessors, (39), 28 states have call successors, (39) [2022-11-16 11:15:28,454 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 223 states to 223 states and 275 transitions. [2022-11-16 11:15:28,455 INFO L78 Accepts]: Start accepts. Automaton has 223 states and 275 transitions. Word has length 65 [2022-11-16 11:15:28,455 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:28,455 INFO L495 AbstractCegarLoop]: Abstraction has 223 states and 275 transitions. [2022-11-16 11:15:28,455 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 10.4) internal successors, (52), 4 states have internal predecessors, (52), 2 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2022-11-16 11:15:28,455 INFO L276 IsEmpty]: Start isEmpty. Operand 223 states and 275 transitions. [2022-11-16 11:15:28,457 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 66 [2022-11-16 11:15:28,457 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:28,458 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:28,458 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-16 11:15:28,459 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:28,459 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:28,459 INFO L85 PathProgramCache]: Analyzing trace with hash 1509752705, now seen corresponding path program 1 times [2022-11-16 11:15:28,459 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:28,459 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1135954658] [2022-11-16 11:15:28,461 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:28,461 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:28,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 11:15:28,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-16 11:15:28,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:28,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:28,636 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-11-16 11:15:28,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:28,648 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:28,649 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:28,649 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1135954658] [2022-11-16 11:15:28,649 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1135954658] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:28,649 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:28,649 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-16 11:15:28,649 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2077478991] [2022-11-16 11:15:28,650 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:28,651 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-16 11:15:28,651 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:28,653 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-16 11:15:28,657 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 11:15:28,657 INFO L87 Difference]: Start difference. First operand 223 states and 275 transitions. Second operand has 5 states, 5 states have (on average 10.4) internal successors, (52), 4 states have internal predecessors, (52), 4 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-16 11:15:28,987 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:28,988 INFO L93 Difference]: Finished difference Result 661 states and 844 transitions. [2022-11-16 11:15:28,988 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 11:15:28,988 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.4) internal successors, (52), 4 states have internal predecessors, (52), 4 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) Word has length 65 [2022-11-16 11:15:28,989 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:28,993 INFO L225 Difference]: With dead ends: 661 [2022-11-16 11:15:28,993 INFO L226 Difference]: Without dead ends: 446 [2022-11-16 11:15:28,994 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 14 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-16 11:15:28,995 INFO L413 NwaCegarLoop]: 159 mSDtfsCounter, 259 mSDsluCounter, 215 mSDsCounter, 0 mSdLazyCounter, 204 mSolverCounterSat, 80 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 267 SdHoareTripleChecker+Valid, 374 SdHoareTripleChecker+Invalid, 284 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 80 IncrementalHoareTripleChecker+Valid, 204 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:28,995 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [267 Valid, 374 Invalid, 284 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [80 Valid, 204 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-16 11:15:28,997 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 446 states. [2022-11-16 11:15:29,044 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 446 to 444. [2022-11-16 11:15:29,046 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 444 states, 334 states have (on average 1.2125748502994012) internal successors, (405), 354 states have internal predecessors, (405), 59 states have call successors, (59), 48 states have call predecessors, (59), 50 states have return successors, (86), 59 states have call predecessors, (86), 59 states have call successors, (86) [2022-11-16 11:15:29,049 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 444 states to 444 states and 550 transitions. [2022-11-16 11:15:29,049 INFO L78 Accepts]: Start accepts. Automaton has 444 states and 550 transitions. Word has length 65 [2022-11-16 11:15:29,049 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:29,049 INFO L495 AbstractCegarLoop]: Abstraction has 444 states and 550 transitions. [2022-11-16 11:15:29,050 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 10.4) internal successors, (52), 4 states have internal predecessors, (52), 4 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-16 11:15:29,050 INFO L276 IsEmpty]: Start isEmpty. Operand 444 states and 550 transitions. [2022-11-16 11:15:29,051 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 70 [2022-11-16 11:15:29,051 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:29,051 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:29,051 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-16 11:15:29,051 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:29,052 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:29,052 INFO L85 PathProgramCache]: Analyzing trace with hash 920584039, now seen corresponding path program 1 times [2022-11-16 11:15:29,052 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:29,052 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2028346178] [2022-11-16 11:15:29,052 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:29,052 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:29,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:29,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:15:29,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:29,326 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-11-16 11:15:29,327 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:29,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-11-16 11:15:29,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:29,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:29,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:29,390 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:29,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:29,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-11-16 11:15:29,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:29,398 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-16 11:15:29,398 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:29,398 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2028346178] [2022-11-16 11:15:29,398 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2028346178] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 11:15:29,398 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 11:15:29,399 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-11-16 11:15:29,399 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1361566041] [2022-11-16 11:15:29,399 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 11:15:29,400 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-11-16 11:15:29,400 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:29,401 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-11-16 11:15:29,401 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2022-11-16 11:15:29,401 INFO L87 Difference]: Start difference. First operand 444 states and 550 transitions. Second operand has 10 states, 10 states have (on average 5.4) internal successors, (54), 8 states have internal predecessors, (54), 5 states have call successors, (7), 4 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 5 states have call successors, (6) [2022-11-16 11:15:30,738 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:30,738 INFO L93 Difference]: Finished difference Result 1346 states and 1729 transitions. [2022-11-16 11:15:30,739 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2022-11-16 11:15:30,739 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 5.4) internal successors, (54), 8 states have internal predecessors, (54), 5 states have call successors, (7), 4 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 5 states have call successors, (6) Word has length 69 [2022-11-16 11:15:30,741 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:30,747 INFO L225 Difference]: With dead ends: 1346 [2022-11-16 11:15:30,747 INFO L226 Difference]: Without dead ends: 1003 [2022-11-16 11:15:30,749 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 15 SyntacticMatches, 1 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 296 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=221, Invalid=969, Unknown=0, NotChecked=0, Total=1190 [2022-11-16 11:15:30,753 INFO L413 NwaCegarLoop]: 132 mSDtfsCounter, 664 mSDsluCounter, 735 mSDsCounter, 0 mSdLazyCounter, 1181 mSolverCounterSat, 249 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 675 SdHoareTripleChecker+Valid, 867 SdHoareTripleChecker+Invalid, 1430 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 249 IncrementalHoareTripleChecker+Valid, 1181 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:30,754 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [675 Valid, 867 Invalid, 1430 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [249 Valid, 1181 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-11-16 11:15:30,757 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1003 states. [2022-11-16 11:15:30,874 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1003 to 822. [2022-11-16 11:15:30,876 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 822 states, 617 states have (on average 1.2106969205834683) internal successors, (747), 658 states have internal predecessors, (747), 109 states have call successors, (109), 83 states have call predecessors, (109), 95 states have return successors, (160), 110 states have call predecessors, (160), 109 states have call successors, (160) [2022-11-16 11:15:30,881 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 822 states to 822 states and 1016 transitions. [2022-11-16 11:15:30,882 INFO L78 Accepts]: Start accepts. Automaton has 822 states and 1016 transitions. Word has length 69 [2022-11-16 11:15:30,883 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:30,883 INFO L495 AbstractCegarLoop]: Abstraction has 822 states and 1016 transitions. [2022-11-16 11:15:30,883 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 5.4) internal successors, (54), 8 states have internal predecessors, (54), 5 states have call successors, (7), 4 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 5 states have call successors, (6) [2022-11-16 11:15:30,885 INFO L276 IsEmpty]: Start isEmpty. Operand 822 states and 1016 transitions. [2022-11-16 11:15:30,893 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 124 [2022-11-16 11:15:30,893 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:30,893 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:30,893 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-16 11:15:30,894 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:30,894 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:30,894 INFO L85 PathProgramCache]: Analyzing trace with hash 1227003405, now seen corresponding path program 1 times [2022-11-16 11:15:30,894 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:30,895 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [74888467] [2022-11-16 11:15:30,895 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:30,895 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:30,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:15:31,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-16 11:15:31,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:15:31,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,198 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:15:31,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,211 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:31,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:31,230 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-11-16 11:15:31,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,251 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-11-16 11:15:31,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-11-16 11:15:31,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-16 11:15:31,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:31,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-11-16 11:15:31,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,293 INFO L134 CoverageAnalysis]: Checked inductivity of 42 backedges. 18 proven. 11 refuted. 0 times theorem prover too weak. 13 trivial. 0 not checked. [2022-11-16 11:15:31,294 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:31,294 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [74888467] [2022-11-16 11:15:31,294 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [74888467] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 11:15:31,294 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1316053980] [2022-11-16 11:15:31,295 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:31,295 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:15:31,295 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:15:31,302 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 11:15:31,308 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-16 11:15:31,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:31,463 INFO L263 TraceCheckSpWp]: Trace formula consists of 541 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-16 11:15:31,473 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 11:15:31,783 INFO L134 CoverageAnalysis]: Checked inductivity of 42 backedges. 31 proven. 11 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 11:15:31,783 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 11:15:32,080 INFO L134 CoverageAnalysis]: Checked inductivity of 42 backedges. 19 proven. 10 refuted. 0 times theorem prover too weak. 13 trivial. 0 not checked. [2022-11-16 11:15:32,080 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1316053980] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 11:15:32,080 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 11:15:32,081 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 6, 6] total 16 [2022-11-16 11:15:32,081 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1966819439] [2022-11-16 11:15:32,081 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 11:15:32,081 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 16 states [2022-11-16 11:15:32,082 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:32,082 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2022-11-16 11:15:32,082 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=38, Invalid=202, Unknown=0, NotChecked=0, Total=240 [2022-11-16 11:15:32,082 INFO L87 Difference]: Start difference. First operand 822 states and 1016 transitions. Second operand has 16 states, 16 states have (on average 9.0625) internal successors, (145), 11 states have internal predecessors, (145), 5 states have call successors, (29), 7 states have call predecessors, (29), 6 states have return successors, (23), 7 states have call predecessors, (23), 5 states have call successors, (23) [2022-11-16 11:15:33,996 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:33,998 INFO L93 Difference]: Finished difference Result 1882 states and 2408 transitions. [2022-11-16 11:15:33,998 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 41 states. [2022-11-16 11:15:33,999 INFO L78 Accepts]: Start accepts. Automaton has has 16 states, 16 states have (on average 9.0625) internal successors, (145), 11 states have internal predecessors, (145), 5 states have call successors, (29), 7 states have call predecessors, (29), 6 states have return successors, (23), 7 states have call predecessors, (23), 5 states have call successors, (23) Word has length 123 [2022-11-16 11:15:33,999 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:34,005 INFO L225 Difference]: With dead ends: 1882 [2022-11-16 11:15:34,005 INFO L226 Difference]: Without dead ends: 1157 [2022-11-16 11:15:34,008 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 332 GetRequests, 279 SyntacticMatches, 4 SemanticMatches, 49 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 682 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=429, Invalid=2121, Unknown=0, NotChecked=0, Total=2550 [2022-11-16 11:15:34,009 INFO L413 NwaCegarLoop]: 192 mSDtfsCounter, 479 mSDsluCounter, 1465 mSDsCounter, 0 mSdLazyCounter, 1634 mSolverCounterSat, 220 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 480 SdHoareTripleChecker+Valid, 1657 SdHoareTripleChecker+Invalid, 1854 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 220 IncrementalHoareTripleChecker+Valid, 1634 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:34,010 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [480 Valid, 1657 Invalid, 1854 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [220 Valid, 1634 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2022-11-16 11:15:34,012 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1157 states. [2022-11-16 11:15:34,110 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1157 to 919. [2022-11-16 11:15:34,112 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 919 states, 682 states have (on average 1.187683284457478) internal successors, (810), 735 states have internal predecessors, (810), 126 states have call successors, (126), 104 states have call predecessors, (126), 110 states have return successors, (159), 116 states have call predecessors, (159), 126 states have call successors, (159) [2022-11-16 11:15:34,116 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 919 states to 919 states and 1095 transitions. [2022-11-16 11:15:34,117 INFO L78 Accepts]: Start accepts. Automaton has 919 states and 1095 transitions. Word has length 123 [2022-11-16 11:15:34,118 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:34,118 INFO L495 AbstractCegarLoop]: Abstraction has 919 states and 1095 transitions. [2022-11-16 11:15:34,119 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 16 states, 16 states have (on average 9.0625) internal successors, (145), 11 states have internal predecessors, (145), 5 states have call successors, (29), 7 states have call predecessors, (29), 6 states have return successors, (23), 7 states have call predecessors, (23), 5 states have call successors, (23) [2022-11-16 11:15:34,119 INFO L276 IsEmpty]: Start isEmpty. Operand 919 states and 1095 transitions. [2022-11-16 11:15:34,125 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 216 [2022-11-16 11:15:34,126 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 11:15:34,126 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:34,137 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-16 11:15:34,332 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-16 11:15:34,332 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-16 11:15:34,332 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 11:15:34,332 INFO L85 PathProgramCache]: Analyzing trace with hash 238833209, now seen corresponding path program 1 times [2022-11-16 11:15:34,333 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-16 11:15:34,333 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1342956101] [2022-11-16 11:15:34,333 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:34,333 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-16 11:15:34,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,579 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:15:34,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-16 11:15:34,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:15:34,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-11-16 11:15:34,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:34,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:34,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,620 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-11-16 11:15:34,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,629 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:15:34,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:15:34,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 11:15:34,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2022-11-16 11:15:34,639 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:34,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-11-16 11:15:34,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-16 11:15:34,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-16 11:15:34,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-16 11:15:34,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-11-16 11:15:34,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 178 [2022-11-16 11:15:34,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-11-16 11:15:34,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,752 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-11-16 11:15:34,753 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 207 [2022-11-16 11:15:34,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,758 INFO L134 CoverageAnalysis]: Checked inductivity of 231 backedges. 69 proven. 5 refuted. 0 times theorem prover too weak. 157 trivial. 0 not checked. [2022-11-16 11:15:34,758 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-16 11:15:34,758 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1342956101] [2022-11-16 11:15:34,758 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1342956101] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 11:15:34,759 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2077851251] [2022-11-16 11:15:34,759 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 11:15:34,759 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:15:34,759 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 11:15:34,760 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-16 11:15:34,793 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-16 11:15:34,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 11:15:34,943 INFO L263 TraceCheckSpWp]: Trace formula consists of 781 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-16 11:15:34,949 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 11:15:35,197 INFO L134 CoverageAnalysis]: Checked inductivity of 231 backedges. 167 proven. 4 refuted. 0 times theorem prover too weak. 60 trivial. 0 not checked. [2022-11-16 11:15:35,197 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 11:15:35,813 INFO L134 CoverageAnalysis]: Checked inductivity of 231 backedges. 81 proven. 39 refuted. 0 times theorem prover too weak. 111 trivial. 0 not checked. [2022-11-16 11:15:35,813 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2077851251] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 11:15:35,814 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-16 11:15:35,814 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 10, 11] total 25 [2022-11-16 11:15:35,814 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [674831192] [2022-11-16 11:15:35,814 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-16 11:15:35,815 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 25 states [2022-11-16 11:15:35,815 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-16 11:15:35,816 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 25 interpolants. [2022-11-16 11:15:35,816 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=481, Unknown=0, NotChecked=0, Total=600 [2022-11-16 11:15:35,816 INFO L87 Difference]: Start difference. First operand 919 states and 1095 transitions. Second operand has 25 states, 25 states have (on average 9.12) internal successors, (228), 21 states have internal predecessors, (228), 9 states have call successors, (41), 9 states have call predecessors, (41), 9 states have return successors, (40), 8 states have call predecessors, (40), 9 states have call successors, (40) [2022-11-16 11:15:37,780 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 11:15:37,780 INFO L93 Difference]: Finished difference Result 2013 states and 2471 transitions. [2022-11-16 11:15:37,780 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2022-11-16 11:15:37,781 INFO L78 Accepts]: Start accepts. Automaton has has 25 states, 25 states have (on average 9.12) internal successors, (228), 21 states have internal predecessors, (228), 9 states have call successors, (41), 9 states have call predecessors, (41), 9 states have return successors, (40), 8 states have call predecessors, (40), 9 states have call successors, (40) Word has length 215 [2022-11-16 11:15:37,781 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 11:15:37,782 INFO L225 Difference]: With dead ends: 2013 [2022-11-16 11:15:37,782 INFO L226 Difference]: Without dead ends: 0 [2022-11-16 11:15:37,790 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 518 GetRequests, 463 SyntacticMatches, 5 SemanticMatches, 50 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 561 ImplicationChecksByTransitivity, 0.9s TimeCoverageRelationStatistics Valid=575, Invalid=2077, Unknown=0, NotChecked=0, Total=2652 [2022-11-16 11:15:37,791 INFO L413 NwaCegarLoop]: 108 mSDtfsCounter, 1033 mSDsluCounter, 875 mSDsCounter, 0 mSdLazyCounter, 1564 mSolverCounterSat, 448 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1039 SdHoareTripleChecker+Valid, 983 SdHoareTripleChecker+Invalid, 2012 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 448 IncrementalHoareTripleChecker+Valid, 1564 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-16 11:15:37,791 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1039 Valid, 983 Invalid, 2012 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [448 Valid, 1564 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2022-11-16 11:15:37,791 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-16 11:15:37,792 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-16 11:15:37,792 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-16 11:15:37,792 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-16 11:15:37,792 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 215 [2022-11-16 11:15:37,792 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 11:15:37,793 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-16 11:15:37,793 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 25 states, 25 states have (on average 9.12) internal successors, (228), 21 states have internal predecessors, (228), 9 states have call successors, (41), 9 states have call predecessors, (41), 9 states have return successors, (40), 8 states have call predecessors, (40), 9 states have call successors, (40) [2022-11-16 11:15:37,793 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-16 11:15:37,793 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-16 11:15:37,796 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-16 11:15:37,808 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-16 11:15:38,003 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-16 11:15:38,005 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-16 11:15:48,215 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 325 332) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 (not (= 2 ~waterLevel~0)) .cse2) (or .cse0 .cse1 (not (<= ~waterLevel~0 2)) .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:15:48,216 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 325 332) no Hoare annotation was computed. [2022-11-16 11:15:48,216 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 325 332) no Hoare annotation was computed. [2022-11-16 11:15:48,216 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 215 221) no Hoare annotation was computed. [2022-11-16 11:15:48,216 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 215 221) the Hoare annotation is: true [2022-11-16 11:15:48,216 INFO L899 garLoopResultBuilder]: For program point L417(lines 417 421) no Hoare annotation was computed. [2022-11-16 11:15:48,216 INFO L899 garLoopResultBuilder]: For program point L417-2(lines 417 421) no Hoare annotation was computed. [2022-11-16 11:15:48,216 INFO L895 garLoopResultBuilder]: At program point L263(line 263) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,217 INFO L895 garLoopResultBuilder]: At program point L259(line 259) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,217 INFO L899 garLoopResultBuilder]: For program point L257(lines 257 265) no Hoare annotation was computed. [2022-11-16 11:15:48,217 INFO L899 garLoopResultBuilder]: For program point L253(lines 253 270) no Hoare annotation was computed. [2022-11-16 11:15:48,217 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__methaneQueryENTRY(lines 249 273) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,218 INFO L895 garLoopResultBuilder]: At program point L268(line 268) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,218 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__methaneQueryEXIT(lines 249 273) no Hoare annotation was computed. [2022-11-16 11:15:48,218 INFO L899 garLoopResultBuilder]: For program point L268-1(lines 249 273) no Hoare annotation was computed. [2022-11-16 11:15:48,218 INFO L895 garLoopResultBuilder]: At program point L423(lines 408 426) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,218 INFO L895 garLoopResultBuilder]: At program point L549(lines 544 552) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,219 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 344 352) no Hoare annotation was computed. [2022-11-16 11:15:48,219 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 344 352) the Hoare annotation is: true [2022-11-16 11:15:48,219 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 344 352) no Hoare annotation was computed. [2022-11-16 11:15:48,219 INFO L899 garLoopResultBuilder]: For program point L481-1(lines 477 488) no Hoare annotation was computed. [2022-11-16 11:15:48,219 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 477 488) the Hoare annotation is: true [2022-11-16 11:15:48,219 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 477 488) no Hoare annotation was computed. [2022-11-16 11:15:48,220 INFO L899 garLoopResultBuilder]: For program point L576(line 576) no Hoare annotation was computed. [2022-11-16 11:15:48,220 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 555 584) no Hoare annotation was computed. [2022-11-16 11:15:48,220 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 555 584) the Hoare annotation is: true [2022-11-16 11:15:48,220 INFO L899 garLoopResultBuilder]: For program point L569(lines 569 573) no Hoare annotation was computed. [2022-11-16 11:15:48,220 INFO L902 garLoopResultBuilder]: At program point L569-1(lines 569 573) the Hoare annotation is: true [2022-11-16 11:15:48,220 INFO L899 garLoopResultBuilder]: For program point L566(line 566) no Hoare annotation was computed. [2022-11-16 11:15:48,221 INFO L902 garLoopResultBuilder]: At program point L565-2(lines 565 579) the Hoare annotation is: true [2022-11-16 11:15:48,221 INFO L902 garLoopResultBuilder]: At program point L561(line 561) the Hoare annotation is: true [2022-11-16 11:15:48,221 INFO L899 garLoopResultBuilder]: For program point L561-1(line 561) no Hoare annotation was computed. [2022-11-16 11:15:48,221 INFO L902 garLoopResultBuilder]: At program point L580(lines 555 584) the Hoare annotation is: true [2022-11-16 11:15:48,221 INFO L899 garLoopResultBuilder]: For program point L283(lines 283 291) no Hoare annotation was computed. [2022-11-16 11:15:48,221 INFO L899 garLoopResultBuilder]: For program point L279(lines 279 296) no Hoare annotation was computed. [2022-11-16 11:15:48,221 INFO L899 garLoopResultBuilder]: For program point L85(lines 85 91) no Hoare annotation was computed. [2022-11-16 11:15:48,222 INFO L895 garLoopResultBuilder]: At program point L659(lines 654 661) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= 0 ~systemActive~0)) (.cse0 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse1 (not (< 1 |old(~waterLevel~0)|)) .cse2 .cse0) (or .cse1 .cse2 .cse0 (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-11-16 11:15:48,222 INFO L899 garLoopResultBuilder]: For program point L457(lines 457 461) no Hoare annotation was computed. [2022-11-16 11:15:48,222 INFO L895 garLoopResultBuilder]: At program point L457-2(lines 453 464) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and .cse1 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (= 0 ~systemActive~0)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or (not (<= |old(~waterLevel~0)| 1)) (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse3 .cse4 .cse5 .cse6) (or .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse1 (= ~waterLevel~0 1) .cse2) .cse5 .cse0) (or (not (= |old(~waterLevel~0)| 1)) .cse3 .cse4 .cse5 .cse6)))) [2022-11-16 11:15:48,222 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 188 214) no Hoare annotation was computed. [2022-11-16 11:15:48,223 INFO L895 garLoopResultBuilder]: At program point L69(lines 62 71) the Hoare annotation is: (let ((.cse3 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse3 (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= 0 ~systemActive~0))) (and (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse3) (not (<= |old(~waterLevel~0)| 2))) (or .cse0 .cse1 (not (= |old(~waterLevel~0)| 2)) .cse2)))) [2022-11-16 11:15:48,223 INFO L895 garLoopResultBuilder]: At program point L82(line 82) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse2 (<= ~waterLevel~0 1)) (.cse14 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse15 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse11 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse7 (and (<= 1 ~pumpRunning~0) .cse10 .cse13 .cse2 .cse14 .cse15 .cse11)) (.cse1 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse8 (and .cse13 .cse0 .cse2 .cse14 .cse15 .cse11)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (= 0 ~systemActive~0)) (.cse4 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and .cse0 (< |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2) .cse1 .cse2 .cse3) .cse4) (or .cse5 (not (= |old(~waterLevel~0)| 2)) .cse6 .cse7 .cse8) (or (not (= |old(~waterLevel~0)| 1)) .cse5 .cse6 .cse7 .cse9 .cse8) (let ((.cse12 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1|)))) (or .cse5 (and .cse10 .cse1 .cse3 .cse11 .cse12) .cse6 .cse4 .cse7 (and .cse0 .cse1 .cse3 .cse11 .cse12) .cse9 .cse8)) (or .cse5 (not (< 1 |old(~waterLevel~0)|)) .cse6 (= ~waterLevel~0 1) .cse4)))) [2022-11-16 11:15:48,223 INFO L899 garLoopResultBuilder]: For program point L82-1(line 82) no Hoare annotation was computed. [2022-11-16 11:15:48,224 INFO L899 garLoopResultBuilder]: For program point L202-1(lines 202 208) no Hoare annotation was computed. [2022-11-16 11:15:48,224 INFO L895 garLoopResultBuilder]: At program point L289(line 289) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and .cse1 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (= 0 ~systemActive~0)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or (not (<= |old(~waterLevel~0)| 1)) (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse3 .cse4 .cse5 .cse6) (or .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse1 (= ~waterLevel~0 1) .cse2) .cse5 .cse0) (or (not (= |old(~waterLevel~0)| 1)) .cse3 .cse4 .cse5 .cse6)))) [2022-11-16 11:15:48,224 INFO L895 garLoopResultBuilder]: At program point L285(line 285) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and .cse1 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (= 0 ~systemActive~0)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or (not (<= |old(~waterLevel~0)| 1)) (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse3 .cse4 .cse5 .cse6) (or .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse1 (= ~waterLevel~0 1) .cse2) .cse5 .cse0) (or (not (= |old(~waterLevel~0)| 1)) .cse3 .cse4 .cse5 .cse6)))) [2022-11-16 11:15:48,225 INFO L895 garLoopResultBuilder]: At program point L281(line 281) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse0 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and .cse1 (<= ~waterLevel~0 1) (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) .cse2)) (.cse5 (= 0 ~systemActive~0)) (.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or (not (<= |old(~waterLevel~0)| 1)) (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) .cse2) .cse3 .cse4 .cse5 .cse6) (or .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse1 (= ~waterLevel~0 1) .cse2) .cse5 .cse0) (or (not (= |old(~waterLevel~0)| 1)) .cse3 .cse4 .cse5 .cse6)))) [2022-11-16 11:15:48,225 INFO L899 garLoopResultBuilder]: For program point L281-1(line 281) no Hoare annotation was computed. [2022-11-16 11:15:48,225 INFO L895 garLoopResultBuilder]: At program point L294(line 294) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 0)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (= 0 ~systemActive~0)) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not .cse2)) (or .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse2 .cse1) (or .cse0 .cse1 (and .cse4 (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2)) (not (<= 2 |old(~waterLevel~0)|))) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 (and .cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse3 .cse2 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-11-16 11:15:48,226 INFO L895 garLoopResultBuilder]: At program point L294-1(lines 275 299) the Hoare annotation is: (let ((.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (<= ~waterLevel~0 1)) (.cse14 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse2 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse9 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (and .cse0 .cse13 .cse14 .cse2)) (.cse12 (not (= |old(~waterLevel~0)| 2))) (.cse6 (= 0 ~systemActive~0)) (.cse8 (and .cse5 .cse13 .cse14 .cse2)) (.cse10 (not (= |old(~pumpRunning~0)| 0))) (.cse11 (and .cse5 .cse1))) (and (or (and .cse0 .cse1 .cse2) .cse3 .cse4 (and .cse5 .cse1 .cse2) .cse6 .cse7 .cse8 .cse9) (or .cse10 .cse7 (not .cse6)) (or (not (= |old(~waterLevel~0)| 1)) .cse3 .cse4 .cse6 .cse8 .cse9) (or .cse10 .cse11 (and (<= 1 ~pumpRunning~0) .cse1) .cse12) (or .cse3 (not (< 1 |old(~waterLevel~0)|)) .cse6 (= ~waterLevel~0 1) .cse7) (or .cse3 .cse4 .cse12 .cse6 .cse8) (or (not (<= |old(~waterLevel~0)| 1)) .cse10 .cse11)))) [2022-11-16 11:15:48,226 INFO L895 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (= ~pumpRunning~0 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse0 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 (not (< 1 |old(~waterLevel~0)|)) (and .cse1 .cse2 (< 1 ~waterLevel~0) .cse3) .cse4 .cse5) (or (and .cse6 .cse2 .cse7) (not (<= |old(~waterLevel~0)| 1)) .cse8) (or .cse8 (and .cse6 .cse2 (<= 2 ~waterLevel~0) .cse3) .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse4 .cse5 (and .cse1 .cse2 .cse7) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-11-16 11:15:48,226 INFO L899 garLoopResultBuilder]: For program point L195(lines 195 201) no Hoare annotation was computed. [2022-11-16 11:15:48,226 INFO L899 garLoopResultBuilder]: For program point L67-1(line 67) no Hoare annotation was computed. [2022-11-16 11:15:48,226 INFO L899 garLoopResultBuilder]: For program point L195-2(lines 191 213) no Hoare annotation was computed. [2022-11-16 11:15:48,226 INFO L899 garLoopResultBuilder]: For program point L84(lines 84 94) no Hoare annotation was computed. [2022-11-16 11:15:48,227 INFO L899 garLoopResultBuilder]: For program point L658(line 658) no Hoare annotation was computed. [2022-11-16 11:15:48,227 INFO L899 garLoopResultBuilder]: For program point L80(lines 80 97) no Hoare annotation was computed. [2022-11-16 11:15:48,227 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 188 214) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (= ~pumpRunning~0 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse0 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= 0 ~systemActive~0)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 (not (< 1 |old(~waterLevel~0)|)) (and .cse1 .cse2 (< 1 ~waterLevel~0) .cse3) .cse4 .cse5) (or (and .cse6 .cse2 .cse7) (not (<= |old(~waterLevel~0)| 1)) .cse8) (or .cse8 (and .cse6 .cse2 (<= 2 ~waterLevel~0) .cse3) .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse4 .cse5 (and .cse1 .cse2 .cse7) (not (<= 1 |old(~switchedOnBeforeTS~0)|))))) [2022-11-16 11:15:48,228 INFO L895 garLoopResultBuilder]: At program point L80-1(lines 72 100) the Hoare annotation is: (let ((.cse2 (= 0 ~systemActive~0))) (let ((.cse11 (= ~pumpRunning~0 0)) (.cse12 (not .cse2)) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse17 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse20 (<= ~waterLevel~0 1)) (.cse21 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse18 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse9 (<= 1 ~switchedOnBeforeTS~0))) (let ((.cse1 (and .cse6 .cse17 .cse20 .cse21 .cse18 .cse9)) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse4 (and .cse17 .cse11 .cse20 .cse21 .cse18 .cse9 .cse12)) (.cse5 (not (<= |old(~waterLevel~0)| 1))) (.cse7 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse10 (not (<= 2 |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1|))) (.cse0 (not (<= 1 |old(~pumpRunning~0)|))) (.cse14 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse15 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (.cse13 (not (= |old(~pumpRunning~0)| 0))) (.cse16 (not (= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse0 .cse1 (and .cse6 .cse7 .cse8 .cse9 .cse10) (and .cse11 .cse7 .cse8 .cse9 .cse12 .cse10) .cse2 .cse3 .cse4) (or .cse5 .cse13 (and .cse6 .cse7 .cse8 .cse10)) (or .cse13 (and .cse11 .cse14 .cse8 .cse12 .cse15) (and (<= 1 ~pumpRunning~0) .cse14 .cse8 .cse15) .cse16 .cse2) (let ((.cse19 (= ~waterLevel~0 1))) (or (and .cse6 .cse17 .cse18 .cse19 .cse9) .cse0 (not (< 1 |old(~waterLevel~0)|)) (and .cse17 .cse11 .cse18 .cse19 .cse9 .cse12) .cse2 (not (<= |old(~waterLevel~0)| 2)))) (or (and .cse11 .cse14 .cse8 .cse15) .cse13 .cse16 .cse12))))) [2022-11-16 11:15:48,228 INFO L895 garLoopResultBuilder]: At program point L526(lines 521 529) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse5 (<= |timeShift_getWaterLevel_#res#1| ~waterLevel~0)) (.cse10 (<= ~waterLevel~0 1)) (.cse17 (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|)) (.cse7 (<= 1 ~switchedOnBeforeTS~0)) (.cse8 (= ~pumpRunning~0 0)) (.cse12 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse11 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (and .cse8 .cse12 .cse11)) (.cse9 (not (<= |old(~waterLevel~0)| 2))) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse13 (< |timeShift_getWaterLevel_#res#1| 2)) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse14 (and .cse4 .cse5 .cse10 .cse17 .cse7)) (.cse2 (= 0 ~systemActive~0)) (.cse15 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse16 (and .cse5 .cse8 .cse10 .cse17 .cse7))) (and (or .cse0 .cse1 (not (= |old(~waterLevel~0)| 2)) (not .cse2)) (let ((.cse6 (= ~waterLevel~0 1))) (or .cse3 (not (< 1 |old(~waterLevel~0)|)) (and .cse4 .cse5 .cse6 .cse7) (and .cse5 .cse8 .cse6 .cse7) .cse2 .cse9)) (or .cse0 .cse1 (and .cse10 .cse11) (and (<= 1 ~pumpRunning~0) .cse12 .cse11) .cse9) (or (and .cse8 .cse13 .cse11 .cse7) .cse3 .cse14 (and .cse4 .cse13 .cse11 .cse7) .cse2 .cse9 .cse15 .cse16) (or (not (<= |old(~waterLevel~0)| 1)) .cse1 (and .cse8 .cse13)) (or (not (= |old(~waterLevel~0)| 1)) .cse3 .cse14 .cse2 .cse15 .cse16)))) [2022-11-16 11:15:48,228 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 188 214) no Hoare annotation was computed. [2022-11-16 11:15:48,228 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 658) no Hoare annotation was computed. [2022-11-16 11:15:48,229 INFO L895 garLoopResultBuilder]: At program point L168(lines 117 169) the Hoare annotation is: false [2022-11-16 11:15:48,229 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-16 11:15:48,229 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-16 11:15:48,229 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-16 11:15:48,229 INFO L899 garLoopResultBuilder]: For program point L156(lines 156 162) no Hoare annotation was computed. [2022-11-16 11:15:48,230 INFO L895 garLoopResultBuilder]: At program point L156-2(lines 148 163) the Hoare annotation is: (let ((.cse4 (<= 1 ~pumpRunning~0)) (.cse0 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse1 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2 .cse3) (and .cse4 .cse0 (<= ~waterLevel~0 1) .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0) .cse5) (and .cse4 .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3 .cse5))) [2022-11-16 11:15:48,230 INFO L899 garLoopResultBuilder]: For program point L119(lines 118 167) no Hoare annotation was computed. [2022-11-16 11:15:48,230 INFO L895 garLoopResultBuilder]: At program point L693(lines 688 696) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-11-16 11:15:48,230 INFO L899 garLoopResultBuilder]: For program point L148(lines 148 163) no Hoare annotation was computed. [2022-11-16 11:15:48,230 INFO L895 garLoopResultBuilder]: At program point L433(line 433) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 (<= ~waterLevel~0 1) .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 (<= ~waterLevel~0 2) .cse4))) [2022-11-16 11:15:48,231 INFO L895 garLoopResultBuilder]: At program point L685(lines 681 687) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-11-16 11:15:48,231 INFO L895 garLoopResultBuilder]: At program point L140(line 140) the Hoare annotation is: (let ((.cse4 (<= 1 ~pumpRunning~0)) (.cse0 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse1 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse5 (not (= 0 ~systemActive~0)))) (or (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2 .cse3) (and .cse4 .cse0 (<= ~waterLevel~0 1) .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0) .cse5) (and .cse4 .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse3 .cse5))) [2022-11-16 11:15:48,231 INFO L895 garLoopResultBuilder]: At program point L165(lines 118 167) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse6 (<= ~waterLevel~0 1)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 2 ~waterLevel~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse2 .cse6 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0) .cse5) (and .cse7 .cse2 .cse6 .cse3 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4))) [2022-11-16 11:15:48,231 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-16 11:15:48,231 INFO L899 garLoopResultBuilder]: For program point L640(lines 640 647) no Hoare annotation was computed. [2022-11-16 11:15:48,232 INFO L899 garLoopResultBuilder]: For program point L128(lines 128 134) no Hoare annotation was computed. [2022-11-16 11:15:48,232 INFO L899 garLoopResultBuilder]: For program point L128-1(lines 128 134) no Hoare annotation was computed. [2022-11-16 11:15:48,232 INFO L899 garLoopResultBuilder]: For program point L640-2(lines 640 647) no Hoare annotation was computed. [2022-11-16 11:15:48,232 INFO L899 garLoopResultBuilder]: For program point L120(lines 120 124) no Hoare annotation was computed. [2022-11-16 11:15:48,232 INFO L902 garLoopResultBuilder]: At program point L624(lines 616 626) the Hoare annotation is: true [2022-11-16 11:15:48,232 INFO L902 garLoopResultBuilder]: At program point L649(lines 630 652) the Hoare annotation is: true [2022-11-16 11:15:48,233 INFO L895 garLoopResultBuilder]: At program point L678(lines 674 680) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-11-16 11:15:48,233 INFO L895 garLoopResultBuilder]: At program point L447(lines 442 449) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (<= ~waterLevel~0 2)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 (<= ~waterLevel~0 1) .cse2 .cse3 (<= 1 ~switchedOnBeforeTS~0) .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3 .cse5 .cse4) (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse5 .cse4))) [2022-11-16 11:15:48,233 INFO L895 garLoopResultBuilder]: At program point L59(lines 54 61) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-11-16 11:15:48,233 INFO L895 garLoopResultBuilder]: At program point L439(lines 427 441) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (<= ~waterLevel~0 2) (= 0 ~systemActive~0)) [2022-11-16 11:15:48,233 INFO L899 garLoopResultBuilder]: For program point L431(lines 431 437) no Hoare annotation was computed. [2022-11-16 11:15:48,234 INFO L899 garLoopResultBuilder]: For program point L431-1(lines 431 437) no Hoare annotation was computed. [2022-11-16 11:15:48,234 INFO L902 garLoopResultBuilder]: At program point L171(lines 108 175) the Hoare annotation is: true [2022-11-16 11:15:48,234 INFO L899 garLoopResultBuilder]: For program point L138(lines 138 144) no Hoare annotation was computed. [2022-11-16 11:15:48,234 INFO L899 garLoopResultBuilder]: For program point L138-1(lines 138 144) no Hoare annotation was computed. [2022-11-16 11:15:48,234 INFO L895 garLoopResultBuilder]: At program point L613(lines 609 615) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= ~waterLevel~0 1) (not (= 0 ~systemActive~0))) [2022-11-16 11:15:48,234 INFO L895 garLoopResultBuilder]: At program point L130(line 130) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse6 (<= ~waterLevel~0 1)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 2 ~waterLevel~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse0 .cse2 .cse6 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0) .cse5) (and .cse7 .cse2 .cse6 .cse3 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4))) [2022-11-16 11:15:48,235 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 223 247) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,235 INFO L895 garLoopResultBuilder]: At program point L539(lines 530 543) the Hoare annotation is: (let ((.cse1 (not (<= ~waterLevel~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 1)) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 (= ~pumpRunning~0 0) (not (<= ~waterLevel~0 2)) .cse2))) [2022-11-16 11:15:48,235 INFO L895 garLoopResultBuilder]: At program point L242(line 242) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (not (<= ~waterLevel~0 2)) .cse0))) [2022-11-16 11:15:48,235 INFO L899 garLoopResultBuilder]: For program point L242-1(lines 223 247) no Hoare annotation was computed. [2022-11-16 11:15:48,236 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 223 247) no Hoare annotation was computed. [2022-11-16 11:15:48,236 INFO L899 garLoopResultBuilder]: For program point L315(lines 315 321) no Hoare annotation was computed. [2022-11-16 11:15:48,236 INFO L895 garLoopResultBuilder]: At program point L313(line 313) the Hoare annotation is: (let ((.cse1 (not (<= ~waterLevel~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 (= ~pumpRunning~0 0) (not (<= ~waterLevel~0 2)) .cse2))) [2022-11-16 11:15:48,236 INFO L895 garLoopResultBuilder]: At program point L315-2(lines 308 324) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (<= ~waterLevel~0 1))) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2) (or (<= 1 ~pumpRunning~0) .cse0 (= ~pumpRunning~0 0) (not (= 2 ~waterLevel~0)) .cse2) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:15:48,236 INFO L899 garLoopResultBuilder]: For program point L313-1(line 313) no Hoare annotation was computed. [2022-11-16 11:15:48,237 INFO L899 garLoopResultBuilder]: For program point L534(lines 534 540) no Hoare annotation was computed. [2022-11-16 11:15:48,237 INFO L895 garLoopResultBuilder]: At program point L404(lines 389 407) the Hoare annotation is: (let ((.cse1 (= 0 ~systemActive~0))) (and (let ((.cse0 (= ~pumpRunning~0 0))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse0 (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2)) (and .cse0 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)) .cse1)) (or (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse1 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:15:48,237 INFO L895 garLoopResultBuilder]: At program point L305(lines 300 307) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0)) (not (<= ~waterLevel~0 2)) .cse0) (or (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))))) [2022-11-16 11:15:48,237 INFO L899 garLoopResultBuilder]: For program point L398(lines 398 402) no Hoare annotation was computed. [2022-11-16 11:15:48,237 INFO L895 garLoopResultBuilder]: At program point L237(line 237) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or (not (<= 1 |old(~pumpRunning~0)|)) (not (<= ~waterLevel~0 1)) .cse0 (not (<= 1 ~switchedOnBeforeTS~0))) (or (not (= |old(~pumpRunning~0)| 0)) (not (<= ~waterLevel~0 2)) .cse0 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0))))) [2022-11-16 11:15:48,238 INFO L899 garLoopResultBuilder]: For program point L398-2(lines 398 402) no Hoare annotation was computed. [2022-11-16 11:15:48,238 INFO L899 garLoopResultBuilder]: For program point L231(lines 231 239) no Hoare annotation was computed. [2022-11-16 11:15:48,238 INFO L899 garLoopResultBuilder]: For program point L227(lines 227 244) no Hoare annotation was computed. [2022-11-16 11:15:48,238 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 465 476) no Hoare annotation was computed. [2022-11-16 11:15:48,238 INFO L899 garLoopResultBuilder]: For program point L469-1(lines 465 476) no Hoare annotation was computed. [2022-11-16 11:15:48,239 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 465 476) the Hoare annotation is: (let ((.cse0 (not (<= 1 ~pumpRunning~0))) (.cse2 (= 0 ~systemActive~0)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or (not (<= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse0 (not (= |old(~waterLevel~0)| 2)) .cse1 .cse2) (or (not (= ~pumpRunning~0 0)) .cse1 (not (<= |old(~waterLevel~0)| 2))))) [2022-11-16 11:15:48,239 INFO L902 garLoopResultBuilder]: At program point isMethaneAlarmENTRY(lines 333 343) the Hoare annotation is: true [2022-11-16 11:15:48,239 INFO L902 garLoopResultBuilder]: At program point L494(lines 489 497) the Hoare annotation is: true [2022-11-16 11:15:48,239 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmEXIT(lines 333 343) no Hoare annotation was computed. [2022-11-16 11:15:48,239 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmFINAL(lines 333 343) no Hoare annotation was computed. [2022-11-16 11:15:48,243 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 11:15:48,245 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-16 11:15:48,296 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 16.11 11:15:48 BoogieIcfgContainer [2022-11-16 11:15:48,296 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-16 11:15:48,296 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-16 11:15:48,296 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-16 11:15:48,306 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-16 11:15:48,306 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 11:15:25" (3/4) ... [2022-11-16 11:15:48,309 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-16 11:15:48,321 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-16 11:15:48,321 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-16 11:15:48,321 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-16 11:15:48,321 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-16 11:15:48,321 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-16 11:15:48,322 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-16 11:15:48,322 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-16 11:15:48,322 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__methaneQuery [2022-11-16 11:15:48,322 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-16 11:15:48,322 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneAlarm [2022-11-16 11:15:48,330 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 53 nodes and edges [2022-11-16 11:15:48,333 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-11-16 11:15:48,333 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-11-16 11:15:48,334 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-16 11:15:48,334 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-16 11:15:48,335 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 11:15:48,335 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-16 11:15:48,363 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && \result == 1) && waterLevel == 1) && !(0 == systemActive) [2022-11-16 11:15:48,363 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == 1) && tmp == 1) && waterLevel == 1) && !(0 == systemActive) [2022-11-16 11:15:48,363 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == 1) && tmp == 1) && waterLevel == 1) && !(0 == systemActive) [2022-11-16 11:15:48,364 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((1 <= pumpRunning && 2 == waterLevel) && \result == 1) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive)) || ((((((1 <= pumpRunning && \result == 1) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && !(0 == systemActive))) || ((((pumpRunning == 0 && \result == 1) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0)) || ((((pumpRunning == 0 && 2 == waterLevel) && \result == 1) && tmp == 1) && splverifierCounter == 0) [2022-11-16 11:15:48,366 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) == 2)) || 0 == systemActive) [2022-11-16 11:15:48,366 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:15:48,367 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((1 <= pumpRunning && \result == 1) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)) || (((((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive))) || ((((((1 <= pumpRunning && \result == 1) && 2 <= waterLevel) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive)) [2022-11-16 11:15:48,368 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || (((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || ((((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && !(0 == systemActive))) && (((((((!(\old(waterLevel) <= 1) || !(1 <= \old(pumpRunning))) || (((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || ((((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(2 <= tmp))) || (((((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)) && !(2 <= tmp))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || ((((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && !(2 <= tmp)))) && ((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && !(0 == systemActive)) && tmp == 2)) || (((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((\result <= waterLevel && pumpRunning == 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) [2022-11-16 11:15:48,368 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || (((pumpRunning == 0 && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) == 2))) && ((((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || 0 == systemActive) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(1 <= \old(pumpRunning)) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((pumpRunning == 0 && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) [2022-11-16 11:15:48,369 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && (((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) [2022-11-16 11:15:48,369 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive [2022-11-16 11:15:48,369 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) && (((((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || (((\result <= waterLevel && pumpRunning == 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || (waterLevel <= 1 && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || (((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \result < 2))) && (((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || ((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) [2022-11-16 11:15:48,370 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == \old(pumpRunning) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || 0 == systemActive) [2022-11-16 11:15:48,374 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || !(waterLevel <= 1)) || 0 == systemActive) && ((((1 <= pumpRunning || !(\old(pumpRunning) == 0)) || pumpRunning == 0) || !(2 == waterLevel)) || 0 == systemActive)) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) [2022-11-16 11:15:48,374 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(waterLevel <= 1)) || 0 == systemActive) || \result == 1) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(waterLevel <= 2)) || 0 == systemActive) [2022-11-16 11:15:48,375 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) || 0 == systemActive) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) [2022-11-16 11:15:48,375 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == \old(pumpRunning) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || 0 == systemActive) [2022-11-16 11:15:48,375 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && 2 == waterLevel)) || !(waterLevel <= 2)) || ((pumpRunning == 0 && tmp___0 == 0) && \result == 0)) || 0 == systemActive) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) [2022-11-16 11:15:48,435 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/witness.graphml [2022-11-16 11:15:48,435 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-16 11:15:48,436 INFO L158 Benchmark]: Toolchain (without parser) took 24692.70ms. Allocated memory was 102.8MB in the beginning and 218.1MB in the end (delta: 115.3MB). Free memory was 61.0MB in the beginning and 95.8MB in the end (delta: -34.8MB). Peak memory consumption was 78.6MB. Max. memory is 16.1GB. [2022-11-16 11:15:48,436 INFO L158 Benchmark]: CDTParser took 0.18ms. Allocated memory is still 102.8MB. Free memory is still 78.6MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 11:15:48,436 INFO L158 Benchmark]: CACSL2BoogieTranslator took 577.10ms. Allocated memory is still 102.8MB. Free memory was 60.8MB in the beginning and 67.9MB in the end (delta: -7.1MB). Peak memory consumption was 6.4MB. Max. memory is 16.1GB. [2022-11-16 11:15:48,437 INFO L158 Benchmark]: Boogie Procedure Inliner took 50.38ms. Allocated memory is still 102.8MB. Free memory was 67.9MB in the beginning and 65.1MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 11:15:48,437 INFO L158 Benchmark]: Boogie Preprocessor took 30.61ms. Allocated memory is still 102.8MB. Free memory was 65.1MB in the beginning and 63.4MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 11:15:48,438 INFO L158 Benchmark]: RCFGBuilder took 776.13ms. Allocated memory is still 102.8MB. Free memory was 63.4MB in the beginning and 42.4MB in the end (delta: 21.0MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. [2022-11-16 11:15:48,438 INFO L158 Benchmark]: TraceAbstraction took 23109.42ms. Allocated memory was 102.8MB in the beginning and 218.1MB in the end (delta: 115.3MB). Free memory was 42.0MB in the beginning and 103.1MB in the end (delta: -61.1MB). Peak memory consumption was 99.5MB. Max. memory is 16.1GB. [2022-11-16 11:15:48,439 INFO L158 Benchmark]: Witness Printer took 138.76ms. Allocated memory is still 218.1MB. Free memory was 103.1MB in the beginning and 95.8MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-16 11:15:48,441 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.18ms. Allocated memory is still 102.8MB. Free memory is still 78.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 577.10ms. Allocated memory is still 102.8MB. Free memory was 60.8MB in the beginning and 67.9MB in the end (delta: -7.1MB). Peak memory consumption was 6.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 50.38ms. Allocated memory is still 102.8MB. Free memory was 67.9MB in the beginning and 65.1MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 30.61ms. Allocated memory is still 102.8MB. Free memory was 65.1MB in the beginning and 63.4MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 776.13ms. Allocated memory is still 102.8MB. Free memory was 63.4MB in the beginning and 42.4MB in the end (delta: 21.0MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. * TraceAbstraction took 23109.42ms. Allocated memory was 102.8MB in the beginning and 218.1MB in the end (delta: 115.3MB). Free memory was 42.0MB in the beginning and 103.1MB in the end (delta: -61.1MB). Peak memory consumption was 99.5MB. Max. memory is 16.1GB. * Witness Printer took 138.76ms. Allocated memory is still 218.1MB. Free memory was 103.1MB in the beginning and 95.8MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 658]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 11 procedures, 118 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 22.9s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 6.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 10.2s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 3032 SdHoareTripleChecker+Valid, 4.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2981 mSDsluCounter, 6360 SdHoareTripleChecker+Invalid, 3.4s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4873 mSDsCounter, 1108 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 5058 IncrementalHoareTripleChecker+Invalid, 6166 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1108 mSolverCounterUnsat, 1487 mSDtfsCounter, 5058 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1013 GetRequests, 835 SyntacticMatches, 11 SemanticMatches, 167 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1548 ImplicationChecksByTransitivity, 2.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=919occurred in iteration=10, InterpolantAutomatonStates: 149, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 11 MinimizatonAttempts, 453 StatesRemovedByMinimization, 8 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 55 LocationsWithAnnotation, 2234 PreInvPairs, 2607 NumberOfFragments, 2959 HoareAnnotationTreeSize, 2234 FomulaSimplifications, 5054 FormulaSimplificationTreeSizeReduction, 1.1s HoareSimplificationTime, 55 FomulaSimplificationsInter, 32876 FormulaSimplificationTreeSizeReductionInter, 9.0s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 3.8s InterpolantComputationTime, 1152 NumberOfCodeBlocks, 1152 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 1475 ConstructedInterpolants, 0 QuantifiedInterpolants, 2849 SizeOfPredicates, 6 NumberOfNonLiveVariables, 1322 ConjunctsInSsa, 21 ConjunctsInUnsatCore, 15 InterpolantComputations, 9 PerfectInterpolantSequences, 766/846 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 674]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 654]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && (((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 54]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == 1) && tmp == 1) && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 565]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 275]: Loop Invariant Derived loop invariant: ((((((((((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || (((pumpRunning == 0 && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) == 2))) && ((((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || 0 == systemActive) || waterLevel == 1) || !(\old(waterLevel) <= 2))) && ((((!(1 <= \old(pumpRunning)) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((pumpRunning == 0 && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) - InvariantResult [Line: 117]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 609]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == 1) && tmp == 1) && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 108]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 616]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 118]: Loop Invariant Derived loop invariant: (((((((1 <= pumpRunning && 2 == waterLevel) && \result == 1) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive)) || ((((((1 <= pumpRunning && \result == 1) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && !(0 == systemActive))) || ((((pumpRunning == 0 && \result == 1) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0)) || ((((pumpRunning == 0 && 2 == waterLevel) && \result == 1) && tmp == 1) && splverifierCounter == 0) - InvariantResult [Line: 453]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) && (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 308]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || !(waterLevel <= 1)) || 0 == systemActive) && ((((1 <= pumpRunning || !(\old(pumpRunning) == 0)) || pumpRunning == 0) || !(2 == waterLevel)) || 0 == systemActive)) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 300]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 == waterLevel)) || !(waterLevel <= 2)) || 0 == systemActive) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 489]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 389]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && 2 == waterLevel)) || !(waterLevel <= 2)) || ((pumpRunning == 0 && tmp___0 == 0) && \result == 0)) || 0 == systemActive) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) - InvariantResult [Line: 681]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 521]: Loop Invariant Derived loop invariant: (((((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) && (((((!(1 <= \old(pumpRunning)) || !(1 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || (((\result <= waterLevel && pumpRunning == 0) && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || (waterLevel <= 1 && \old(waterLevel) == waterLevel)) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && ((((((((((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || (((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS))) || ((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (pumpRunning == 0 && \result < 2))) && (((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || ((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || ((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 62]: Loop Invariant Derived loop invariant: (((((!(\old(waterLevel) <= 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) == 2)) || 0 == systemActive) - InvariantResult [Line: 555]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 688]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && \result == 1) && waterLevel == 1) && !(0 == systemActive) - InvariantResult [Line: 427]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: (((((((((!(\old(waterLevel) == 1) || !(1 <= \old(pumpRunning))) || (((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || ((((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && !(0 == systemActive))) && (((((((!(\old(waterLevel) <= 1) || !(1 <= \old(pumpRunning))) || (((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS)) || ((((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(2 <= tmp))) || (((((pumpRunning == 0 && \result < 2) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)) && !(2 <= tmp))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || ((((((\result <= waterLevel && pumpRunning == 0) && waterLevel <= 1) && waterLevel + 1 <= \old(waterLevel)) && tmp <= waterLevel) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)))) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (((pumpRunning == \old(pumpRunning) && \result < 2) && \old(waterLevel) == waterLevel) && !(2 <= tmp)))) && ((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && !(0 == systemActive)) && tmp == 2)) || (((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2)) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((((((pumpRunning == \old(pumpRunning) && \result <= waterLevel) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || (((((\result <= waterLevel && pumpRunning == 0) && tmp <= waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((((pumpRunning == 0 && 2 == \result) && \old(waterLevel) == waterLevel) && tmp == 2) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 2)) || !(0 == systemActive)) - InvariantResult [Line: 530]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(waterLevel <= 1)) || 0 == systemActive) || \result == 1) && (((!(1 <= \old(pumpRunning)) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(waterLevel <= 2)) || 0 == systemActive) - InvariantResult [Line: 630]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 442]: Loop Invariant Derived loop invariant: (((((((1 <= pumpRunning && \result == 1) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)) || (((((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive))) || ((((((1 <= pumpRunning && \result == 1) && 2 <= waterLevel) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive)) - InvariantResult [Line: 408]: Loop Invariant Derived loop invariant: ((((pumpRunning == \old(pumpRunning) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || 0 == systemActive) - InvariantResult [Line: 544]: Loop Invariant Derived loop invariant: ((((pumpRunning == \old(pumpRunning) || !(1 <= \old(pumpRunning))) || !(waterLevel <= 1)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) && ((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || 0 == systemActive) RESULT: Ultimate proved your program to be correct! [2022-11-16 11:15:48,490 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_0c6b4adc-1155-493f-87e5-a9aae7fcce44/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE