./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product34.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 6b4ec56b Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product34.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 86e7038cbd7079ed991c0d8924416f9d170b15a53536a052f3097e1f394171ef --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-6b4ec56 [2022-11-20 10:30:30,293 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-20 10:30:30,295 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-20 10:30:30,314 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-20 10:30:30,322 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-20 10:30:30,323 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-20 10:30:30,326 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-20 10:30:30,330 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-20 10:30:30,332 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-20 10:30:30,334 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-20 10:30:30,336 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-20 10:30:30,340 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-20 10:30:30,340 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-20 10:30:30,344 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-20 10:30:30,348 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-20 10:30:30,350 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-20 10:30:30,352 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-20 10:30:30,354 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-20 10:30:30,360 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-20 10:30:30,362 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-20 10:30:30,366 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-20 10:30:30,368 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-20 10:30:30,370 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-20 10:30:30,371 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-20 10:30:30,378 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-20 10:30:30,382 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-20 10:30:30,383 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-20 10:30:30,384 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-20 10:30:30,385 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-20 10:30:30,386 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-20 10:30:30,388 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-20 10:30:30,389 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-20 10:30:30,391 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-20 10:30:30,393 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-20 10:30:30,395 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-20 10:30:30,396 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-20 10:30:30,397 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-20 10:30:30,397 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-20 10:30:30,398 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-20 10:30:30,401 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-20 10:30:30,402 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-20 10:30:30,403 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-11-20 10:30:30,443 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-20 10:30:30,443 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-20 10:30:30,444 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-20 10:30:30,444 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-20 10:30:30,445 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-20 10:30:30,446 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-20 10:30:30,446 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-20 10:30:30,447 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-20 10:30:30,447 INFO L138 SettingsManager]: * Use SBE=true [2022-11-20 10:30:30,447 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-20 10:30:30,448 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-20 10:30:30,449 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-20 10:30:30,449 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-20 10:30:30,449 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-20 10:30:30,449 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-20 10:30:30,450 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-20 10:30:30,450 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-20 10:30:30,450 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-20 10:30:30,450 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-20 10:30:30,450 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-20 10:30:30,451 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-20 10:30:30,451 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-20 10:30:30,451 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-20 10:30:30,452 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-20 10:30:30,452 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-20 10:30:30,452 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-20 10:30:30,452 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-20 10:30:30,453 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-20 10:30:30,453 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-20 10:30:30,453 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-20 10:30:30,454 INFO L138 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2022-11-20 10:30:30,454 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-11-20 10:30:30,454 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-20 10:30:30,455 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 86e7038cbd7079ed991c0d8924416f9d170b15a53536a052f3097e1f394171ef [2022-11-20 10:30:30,772 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-20 10:30:30,805 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-20 10:30:30,809 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-20 10:30:30,810 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-20 10:30:30,810 INFO L275 PluginConnector]: CDTParser initialized [2022-11-20 10:30:30,812 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/../../sv-benchmarks/c/product-lines/minepump_spec5_product34.cil.c [2022-11-20 10:30:33,817 INFO L500 CDTParser]: Created temporary CDT project at NULL [2022-11-20 10:30:34,066 INFO L351 CDTParser]: Found 1 translation units. [2022-11-20 10:30:34,066 INFO L172 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/sv-benchmarks/c/product-lines/minepump_spec5_product34.cil.c [2022-11-20 10:30:34,080 INFO L394 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/data/cd0043543/e08ab91ecb644bea946f7b417c118dad/FLAGfaf329594 [2022-11-20 10:30:34,111 INFO L402 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/data/cd0043543/e08ab91ecb644bea946f7b417c118dad [2022-11-20 10:30:34,114 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-20 10:30:34,115 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-20 10:30:34,117 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-20 10:30:34,117 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-20 10:30:34,121 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-20 10:30:34,122 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,124 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6c63999e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34, skipping insertion in model container [2022-11-20 10:30:34,124 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,133 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-20 10:30:34,200 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-20 10:30:34,365 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/sv-benchmarks/c/product-lines/minepump_spec5_product34.cil.c[2141,2154] [2022-11-20 10:30:34,497 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 10:30:34,514 INFO L203 MainTranslator]: Completed pre-run [2022-11-20 10:30:34,547 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/sv-benchmarks/c/product-lines/minepump_spec5_product34.cil.c[2141,2154] [2022-11-20 10:30:34,630 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 10:30:34,651 INFO L208 MainTranslator]: Completed translation [2022-11-20 10:30:34,651 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34 WrapperNode [2022-11-20 10:30:34,652 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-20 10:30:34,653 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-20 10:30:34,653 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-20 10:30:34,654 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-20 10:30:34,661 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,690 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,728 INFO L138 Inliner]: procedures = 55, calls = 97, calls flagged for inlining = 23, calls inlined = 19, statements flattened = 175 [2022-11-20 10:30:34,729 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-20 10:30:34,729 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-20 10:30:34,730 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-20 10:30:34,730 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-20 10:30:34,740 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,741 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,759 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,759 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,763 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,782 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,783 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,784 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,787 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-20 10:30:34,788 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-20 10:30:34,788 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-20 10:30:34,788 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-20 10:30:34,789 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (1/1) ... [2022-11-20 10:30:34,796 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-20 10:30:34,806 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 [2022-11-20 10:30:34,823 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-20 10:30:34,825 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-20 10:30:34,867 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-20 10:30:34,867 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-20 10:30:34,867 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-20 10:30:34,868 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-20 10:30:34,868 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-20 10:30:34,868 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-20 10:30:34,868 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-20 10:30:34,874 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-20 10:30:34,875 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-20 10:30:34,876 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-20 10:30:34,876 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-20 10:30:34,876 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-20 10:30:34,876 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-20 10:30:34,876 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-20 10:30:34,876 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-20 10:30:34,876 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-20 10:30:34,995 INFO L235 CfgBuilder]: Building ICFG [2022-11-20 10:30:34,997 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-20 10:30:35,353 INFO L276 CfgBuilder]: Performing block encoding [2022-11-20 10:30:35,369 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-20 10:30:35,376 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-20 10:30:35,378 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 10:30:35 BoogieIcfgContainer [2022-11-20 10:30:35,379 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-20 10:30:35,381 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-20 10:30:35,381 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-20 10:30:35,384 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-20 10:30:35,386 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.11 10:30:34" (1/3) ... [2022-11-20 10:30:35,387 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@287c7ad7 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.11 10:30:35, skipping insertion in model container [2022-11-20 10:30:35,387 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 10:30:34" (2/3) ... [2022-11-20 10:30:35,388 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@287c7ad7 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.11 10:30:35, skipping insertion in model container [2022-11-20 10:30:35,389 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 10:30:35" (3/3) ... [2022-11-20 10:30:35,391 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product34.cil.c [2022-11-20 10:30:35,443 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-20 10:30:35,443 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-20 10:30:35,536 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-20 10:30:35,543 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@275f0dfa, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-20 10:30:35,544 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-20 10:30:35,552 INFO L276 IsEmpty]: Start isEmpty. Operand has 81 states, 63 states have (on average 1.380952380952381) internal successors, (87), 69 states have internal predecessors, (87), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2022-11-20 10:30:35,565 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-20 10:30:35,565 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:35,566 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:35,566 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:35,574 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:35,574 INFO L85 PathProgramCache]: Analyzing trace with hash -1727540319, now seen corresponding path program 1 times [2022-11-20 10:30:35,585 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:35,585 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [49502594] [2022-11-20 10:30:35,585 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:35,586 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:35,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:35,854 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-11-20 10:30:35,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:35,873 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-11-20 10:30:35,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:35,878 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:35,887 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:35,888 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [49502594] [2022-11-20 10:30:35,889 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [49502594] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:35,890 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:35,890 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-20 10:30:35,892 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [728805626] [2022-11-20 10:30:35,893 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:35,899 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-20 10:30:35,899 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:35,933 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-20 10:30:35,934 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-20 10:30:35,936 INFO L87 Difference]: Start difference. First operand has 81 states, 63 states have (on average 1.380952380952381) internal successors, (87), 69 states have internal predecessors, (87), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 10:30:35,991 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:35,992 INFO L93 Difference]: Finished difference Result 153 states and 208 transitions. [2022-11-20 10:30:35,993 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-20 10:30:35,994 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-11-20 10:30:35,995 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:36,004 INFO L225 Difference]: With dead ends: 153 [2022-11-20 10:30:36,004 INFO L226 Difference]: Without dead ends: 72 [2022-11-20 10:30:36,008 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-20 10:30:36,011 INFO L413 NwaCegarLoop]: 101 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 101 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:36,013 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 101 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 10:30:36,027 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 72 states. [2022-11-20 10:30:36,047 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 72 to 72. [2022-11-20 10:30:36,049 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 72 states, 56 states have (on average 1.3035714285714286) internal successors, (73), 61 states have internal predecessors, (73), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-11-20 10:30:36,051 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 72 states to 72 states and 92 transitions. [2022-11-20 10:30:36,053 INFO L78 Accepts]: Start accepts. Automaton has 72 states and 92 transitions. Word has length 32 [2022-11-20 10:30:36,053 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:36,053 INFO L495 AbstractCegarLoop]: Abstraction has 72 states and 92 transitions. [2022-11-20 10:30:36,053 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 10:30:36,054 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 92 transitions. [2022-11-20 10:30:36,056 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-11-20 10:30:36,056 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:36,056 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:36,056 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-20 10:30:36,057 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:36,057 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:36,057 INFO L85 PathProgramCache]: Analyzing trace with hash -1451153767, now seen corresponding path program 1 times [2022-11-20 10:30:36,057 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:36,058 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [35916286] [2022-11-20 10:30:36,058 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:36,058 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:36,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,167 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-11-20 10:30:36,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-11-20 10:30:36,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,183 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:36,184 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:36,185 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [35916286] [2022-11-20 10:30:36,185 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [35916286] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:36,186 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:36,186 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-20 10:30:36,186 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [264217300] [2022-11-20 10:30:36,187 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:36,189 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-20 10:30:36,189 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:36,190 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-20 10:30:36,191 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 10:30:36,191 INFO L87 Difference]: Start difference. First operand 72 states and 92 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 10:30:36,208 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:36,209 INFO L93 Difference]: Finished difference Result 108 states and 138 transitions. [2022-11-20 10:30:36,209 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-20 10:30:36,210 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-11-20 10:30:36,210 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:36,211 INFO L225 Difference]: With dead ends: 108 [2022-11-20 10:30:36,211 INFO L226 Difference]: Without dead ends: 63 [2022-11-20 10:30:36,212 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 10:30:36,213 INFO L413 NwaCegarLoop]: 79 mSDtfsCounter, 13 mSDsluCounter, 62 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 16 SdHoareTripleChecker+Valid, 141 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:36,214 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [16 Valid, 141 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 10:30:36,215 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 63 states. [2022-11-20 10:30:36,221 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 63 to 63. [2022-11-20 10:30:36,222 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 63 states, 50 states have (on average 1.32) internal successors, (66), 55 states have internal predecessors, (66), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-11-20 10:30:36,223 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 63 states to 63 states and 80 transitions. [2022-11-20 10:30:36,223 INFO L78 Accepts]: Start accepts. Automaton has 63 states and 80 transitions. Word has length 33 [2022-11-20 10:30:36,224 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:36,224 INFO L495 AbstractCegarLoop]: Abstraction has 63 states and 80 transitions. [2022-11-20 10:30:36,224 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 10:30:36,224 INFO L276 IsEmpty]: Start isEmpty. Operand 63 states and 80 transitions. [2022-11-20 10:30:36,225 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-11-20 10:30:36,226 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:36,226 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:36,226 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-20 10:30:36,226 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:36,227 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:36,227 INFO L85 PathProgramCache]: Analyzing trace with hash -1441161401, now seen corresponding path program 1 times [2022-11-20 10:30:36,228 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:36,228 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1200897992] [2022-11-20 10:30:36,228 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:36,228 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:36,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-20 10:30:36,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-11-20 10:30:36,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,478 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:36,479 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:36,479 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1200897992] [2022-11-20 10:30:36,479 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1200897992] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:36,480 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:36,480 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-20 10:30:36,480 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [290178136] [2022-11-20 10:30:36,480 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:36,481 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-20 10:30:36,481 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:36,481 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-20 10:30:36,482 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-11-20 10:30:36,482 INFO L87 Difference]: Start difference. First operand 63 states and 80 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 6 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:36,596 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:36,599 INFO L93 Difference]: Finished difference Result 118 states and 153 transitions. [2022-11-20 10:30:36,600 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-20 10:30:36,601 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 6 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 38 [2022-11-20 10:30:36,601 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:36,602 INFO L225 Difference]: With dead ends: 118 [2022-11-20 10:30:36,603 INFO L226 Difference]: Without dead ends: 63 [2022-11-20 10:30:36,605 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-11-20 10:30:36,607 INFO L413 NwaCegarLoop]: 73 mSDtfsCounter, 107 mSDsluCounter, 88 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 107 SdHoareTripleChecker+Valid, 161 SdHoareTripleChecker+Invalid, 46 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:36,610 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [107 Valid, 161 Invalid, 46 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 10:30:36,611 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 63 states. [2022-11-20 10:30:36,630 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 63 to 63. [2022-11-20 10:30:36,631 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 63 states, 50 states have (on average 1.3) internal successors, (65), 55 states have internal predecessors, (65), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-11-20 10:30:36,632 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 63 states to 63 states and 79 transitions. [2022-11-20 10:30:36,633 INFO L78 Accepts]: Start accepts. Automaton has 63 states and 79 transitions. Word has length 38 [2022-11-20 10:30:36,635 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:36,639 INFO L495 AbstractCegarLoop]: Abstraction has 63 states and 79 transitions. [2022-11-20 10:30:36,640 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 6 states have internal predecessors, (31), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:36,640 INFO L276 IsEmpty]: Start isEmpty. Operand 63 states and 79 transitions. [2022-11-20 10:30:36,641 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 44 [2022-11-20 10:30:36,641 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:36,642 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:36,642 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-20 10:30:36,642 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:36,645 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:36,645 INFO L85 PathProgramCache]: Analyzing trace with hash 700709160, now seen corresponding path program 1 times [2022-11-20 10:30:36,646 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:36,646 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1443802170] [2022-11-20 10:30:36,646 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:36,646 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:36,678 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,811 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-20 10:30:36,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-11-20 10:30:36,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,833 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2022-11-20 10:30:36,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,836 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:36,836 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:36,836 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1443802170] [2022-11-20 10:30:36,836 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1443802170] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:36,836 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:36,837 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-20 10:30:36,837 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [869967154] [2022-11-20 10:30:36,837 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:36,837 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-20 10:30:36,838 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:36,838 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-20 10:30:36,838 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 10:30:36,839 INFO L87 Difference]: Start difference. First operand 63 states and 79 transitions. Second operand has 3 states, 3 states have (on average 11.333333333333334) internal successors, (34), 3 states have internal predecessors, (34), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-20 10:30:36,871 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:36,872 INFO L93 Difference]: Finished difference Result 162 states and 208 transitions. [2022-11-20 10:30:36,872 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-20 10:30:36,872 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.333333333333334) internal successors, (34), 3 states have internal predecessors, (34), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 43 [2022-11-20 10:30:36,873 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:36,874 INFO L225 Difference]: With dead ends: 162 [2022-11-20 10:30:36,874 INFO L226 Difference]: Without dead ends: 107 [2022-11-20 10:30:36,875 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 10:30:36,876 INFO L413 NwaCegarLoop]: 97 mSDtfsCounter, 47 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 7 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 47 SdHoareTripleChecker+Valid, 153 SdHoareTripleChecker+Invalid, 10 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 7 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:36,877 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [47 Valid, 153 Invalid, 10 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 7 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 10:30:36,878 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 107 states. [2022-11-20 10:30:36,893 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 107 to 105. [2022-11-20 10:30:36,894 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 105 states, 82 states have (on average 1.2926829268292683) internal successors, (106), 88 states have internal predecessors, (106), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-11-20 10:30:36,896 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 105 states to 105 states and 132 transitions. [2022-11-20 10:30:36,896 INFO L78 Accepts]: Start accepts. Automaton has 105 states and 132 transitions. Word has length 43 [2022-11-20 10:30:36,896 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:36,896 INFO L495 AbstractCegarLoop]: Abstraction has 105 states and 132 transitions. [2022-11-20 10:30:36,897 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.333333333333334) internal successors, (34), 3 states have internal predecessors, (34), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-20 10:30:36,897 INFO L276 IsEmpty]: Start isEmpty. Operand 105 states and 132 transitions. [2022-11-20 10:30:36,898 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2022-11-20 10:30:36,898 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:36,898 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:36,899 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-20 10:30:36,899 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:36,899 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:36,900 INFO L85 PathProgramCache]: Analyzing trace with hash 1850730352, now seen corresponding path program 1 times [2022-11-20 10:30:36,900 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:36,900 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [261309858] [2022-11-20 10:30:36,900 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:36,901 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:36,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-20 10:30:36,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-11-20 10:30:36,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:36,992 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:36,992 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:36,992 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [261309858] [2022-11-20 10:30:36,992 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [261309858] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:36,992 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:36,993 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-20 10:30:36,993 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1564281682] [2022-11-20 10:30:36,993 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:36,993 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-20 10:30:36,994 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:36,994 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-20 10:30:36,994 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-20 10:30:36,994 INFO L87 Difference]: Start difference. First operand 105 states and 132 transitions. Second operand has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:37,052 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:37,053 INFO L93 Difference]: Finished difference Result 221 states and 282 transitions. [2022-11-20 10:30:37,053 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-20 10:30:37,053 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 47 [2022-11-20 10:30:37,054 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:37,055 INFO L225 Difference]: With dead ends: 221 [2022-11-20 10:30:37,055 INFO L226 Difference]: Without dead ends: 124 [2022-11-20 10:30:37,056 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-11-20 10:30:37,058 INFO L413 NwaCegarLoop]: 94 mSDtfsCounter, 58 mSDsluCounter, 258 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 60 SdHoareTripleChecker+Valid, 352 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:37,058 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [60 Valid, 352 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 10:30:37,059 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 124 states. [2022-11-20 10:30:37,076 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 124 to 108. [2022-11-20 10:30:37,077 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 108 states, 85 states have (on average 1.2823529411764707) internal successors, (109), 91 states have internal predecessors, (109), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-11-20 10:30:37,078 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 108 states to 108 states and 135 transitions. [2022-11-20 10:30:37,078 INFO L78 Accepts]: Start accepts. Automaton has 108 states and 135 transitions. Word has length 47 [2022-11-20 10:30:37,078 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:37,079 INFO L495 AbstractCegarLoop]: Abstraction has 108 states and 135 transitions. [2022-11-20 10:30:37,079 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:37,079 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 135 transitions. [2022-11-20 10:30:37,080 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2022-11-20 10:30:37,080 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:37,080 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:37,081 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-20 10:30:37,081 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:37,081 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:37,081 INFO L85 PathProgramCache]: Analyzing trace with hash 262382450, now seen corresponding path program 1 times [2022-11-20 10:30:37,082 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:37,082 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1385545644] [2022-11-20 10:30:37,082 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:37,082 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:37,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-20 10:30:37,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,213 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-11-20 10:30:37,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,218 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:37,219 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:37,220 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1385545644] [2022-11-20 10:30:37,220 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1385545644] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:37,220 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:37,220 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-20 10:30:37,221 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2041781044] [2022-11-20 10:30:37,221 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:37,221 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-20 10:30:37,222 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:37,223 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-20 10:30:37,224 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-20 10:30:37,224 INFO L87 Difference]: Start difference. First operand 108 states and 135 transitions. Second operand has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:37,289 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:37,290 INFO L93 Difference]: Finished difference Result 227 states and 291 transitions. [2022-11-20 10:30:37,290 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-20 10:30:37,292 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 47 [2022-11-20 10:30:37,293 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:37,297 INFO L225 Difference]: With dead ends: 227 [2022-11-20 10:30:37,297 INFO L226 Difference]: Without dead ends: 127 [2022-11-20 10:30:37,301 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-11-20 10:30:37,304 INFO L413 NwaCegarLoop]: 94 mSDtfsCounter, 35 mSDsluCounter, 154 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 35 SdHoareTripleChecker+Valid, 248 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:37,308 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [35 Valid, 248 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 10:30:37,312 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 127 states. [2022-11-20 10:30:37,327 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 127 to 110. [2022-11-20 10:30:37,328 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 110 states, 87 states have (on average 1.2758620689655173) internal successors, (111), 93 states have internal predecessors, (111), 12 states have call successors, (12), 10 states have call predecessors, (12), 10 states have return successors, (14), 12 states have call predecessors, (14), 12 states have call successors, (14) [2022-11-20 10:30:37,329 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 110 states to 110 states and 137 transitions. [2022-11-20 10:30:37,329 INFO L78 Accepts]: Start accepts. Automaton has 110 states and 137 transitions. Word has length 47 [2022-11-20 10:30:37,330 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:37,330 INFO L495 AbstractCegarLoop]: Abstraction has 110 states and 137 transitions. [2022-11-20 10:30:37,330 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:37,330 INFO L276 IsEmpty]: Start isEmpty. Operand 110 states and 137 transitions. [2022-11-20 10:30:37,331 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2022-11-20 10:30:37,332 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:37,332 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:37,332 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-20 10:30:37,332 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:37,333 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:37,333 INFO L85 PathProgramCache]: Analyzing trace with hash -1426561292, now seen corresponding path program 1 times [2022-11-20 10:30:37,333 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:37,333 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2135720343] [2022-11-20 10:30:37,333 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:37,334 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:37,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-20 10:30:37,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-11-20 10:30:37,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,439 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:37,439 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:37,440 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2135720343] [2022-11-20 10:30:37,440 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2135720343] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:37,440 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:37,440 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-20 10:30:37,440 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [746576329] [2022-11-20 10:30:37,441 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:37,441 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-20 10:30:37,441 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:37,442 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-20 10:30:37,442 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 10:30:37,442 INFO L87 Difference]: Start difference. First operand 110 states and 137 transitions. Second operand has 3 states, 3 states have (on average 13.333333333333334) internal successors, (40), 3 states have internal predecessors, (40), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:37,479 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:37,479 INFO L93 Difference]: Finished difference Result 261 states and 329 transitions. [2022-11-20 10:30:37,480 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-20 10:30:37,480 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 13.333333333333334) internal successors, (40), 3 states have internal predecessors, (40), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 47 [2022-11-20 10:30:37,480 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:37,481 INFO L225 Difference]: With dead ends: 261 [2022-11-20 10:30:37,482 INFO L226 Difference]: Without dead ends: 159 [2022-11-20 10:30:37,482 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 10:30:37,483 INFO L413 NwaCegarLoop]: 88 mSDtfsCounter, 39 mSDsluCounter, 65 mSDsCounter, 0 mSdLazyCounter, 10 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 153 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 10 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:37,484 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [39 Valid, 153 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 10 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 10:30:37,485 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 159 states. [2022-11-20 10:30:37,515 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 159 to 157. [2022-11-20 10:30:37,516 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 157 states, 124 states have (on average 1.2580645161290323) internal successors, (156), 131 states have internal predecessors, (156), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) [2022-11-20 10:30:37,518 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 157 states to 157 states and 194 transitions. [2022-11-20 10:30:37,518 INFO L78 Accepts]: Start accepts. Automaton has 157 states and 194 transitions. Word has length 47 [2022-11-20 10:30:37,519 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:37,521 INFO L495 AbstractCegarLoop]: Abstraction has 157 states and 194 transitions. [2022-11-20 10:30:37,521 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 13.333333333333334) internal successors, (40), 3 states have internal predecessors, (40), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 10:30:37,521 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 194 transitions. [2022-11-20 10:30:37,531 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2022-11-20 10:30:37,531 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:37,532 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:37,532 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-20 10:30:37,533 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:37,533 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:37,536 INFO L85 PathProgramCache]: Analyzing trace with hash -316039472, now seen corresponding path program 1 times [2022-11-20 10:30:37,543 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:37,543 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [635976038] [2022-11-20 10:30:37,543 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:37,543 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:37,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,696 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-11-20 10:30:37,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 34 [2022-11-20 10:30:37,721 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,723 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 41 [2022-11-20 10:30:37,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:37,739 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-20 10:30:37,740 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:37,740 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [635976038] [2022-11-20 10:30:37,740 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [635976038] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:37,740 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:37,740 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-20 10:30:37,741 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1754395028] [2022-11-20 10:30:37,741 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:37,741 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-20 10:30:37,741 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:37,742 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-20 10:30:37,742 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-20 10:30:37,742 INFO L87 Difference]: Start difference. First operand 157 states and 194 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-11-20 10:30:37,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:37,849 INFO L93 Difference]: Finished difference Result 313 states and 390 transitions. [2022-11-20 10:30:37,849 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-20 10:30:37,850 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 49 [2022-11-20 10:30:37,850 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:37,851 INFO L225 Difference]: With dead ends: 313 [2022-11-20 10:30:37,851 INFO L226 Difference]: Without dead ends: 164 [2022-11-20 10:30:37,852 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-20 10:30:37,853 INFO L413 NwaCegarLoop]: 91 mSDtfsCounter, 32 mSDsluCounter, 297 mSDsCounter, 0 mSdLazyCounter, 50 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 33 SdHoareTripleChecker+Valid, 388 SdHoareTripleChecker+Invalid, 53 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 50 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:37,853 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [33 Valid, 388 Invalid, 53 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 50 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 10:30:37,854 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 164 states. [2022-11-20 10:30:37,870 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 164 to 155. [2022-11-20 10:30:37,871 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 155 states, 122 states have (on average 1.2295081967213115) internal successors, (150), 129 states have internal predecessors, (150), 18 states have call successors, (18), 15 states have call predecessors, (18), 14 states have return successors, (20), 17 states have call predecessors, (20), 18 states have call successors, (20) [2022-11-20 10:30:37,872 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 155 states to 155 states and 188 transitions. [2022-11-20 10:30:37,872 INFO L78 Accepts]: Start accepts. Automaton has 155 states and 188 transitions. Word has length 49 [2022-11-20 10:30:37,873 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:37,873 INFO L495 AbstractCegarLoop]: Abstraction has 155 states and 188 transitions. [2022-11-20 10:30:37,873 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 1 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-11-20 10:30:37,873 INFO L276 IsEmpty]: Start isEmpty. Operand 155 states and 188 transitions. [2022-11-20 10:30:37,874 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-11-20 10:30:37,874 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:37,874 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:37,874 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-20 10:30:37,875 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:37,875 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:37,875 INFO L85 PathProgramCache]: Analyzing trace with hash -1105737062, now seen corresponding path program 1 times [2022-11-20 10:30:37,875 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:37,876 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [692294544] [2022-11-20 10:30:37,876 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:37,876 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:37,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,053 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-20 10:30:38,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,060 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-11-20 10:30:38,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-11-20 10:30:38,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,067 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-11-20 10:30:38,067 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:38,067 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [692294544] [2022-11-20 10:30:38,067 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [692294544] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 10:30:38,067 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 10:30:38,067 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-20 10:30:38,068 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [702359731] [2022-11-20 10:30:38,068 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 10:30:38,068 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-20 10:30:38,068 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:38,069 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-20 10:30:38,069 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2022-11-20 10:30:38,069 INFO L87 Difference]: Start difference. First operand 155 states and 188 transitions. Second operand has 8 states, 8 states have (on average 5.25) internal successors, (42), 7 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-20 10:30:38,601 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:38,601 INFO L93 Difference]: Finished difference Result 528 states and 674 transitions. [2022-11-20 10:30:38,602 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2022-11-20 10:30:38,602 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.25) internal successors, (42), 7 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 51 [2022-11-20 10:30:38,603 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:38,609 INFO L225 Difference]: With dead ends: 528 [2022-11-20 10:30:38,609 INFO L226 Difference]: Without dead ends: 427 [2022-11-20 10:30:38,610 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 58 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=95, Invalid=247, Unknown=0, NotChecked=0, Total=342 [2022-11-20 10:30:38,613 INFO L413 NwaCegarLoop]: 107 mSDtfsCounter, 376 mSDsluCounter, 384 mSDsCounter, 0 mSdLazyCounter, 258 mSolverCounterSat, 99 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 386 SdHoareTripleChecker+Valid, 491 SdHoareTripleChecker+Invalid, 357 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 99 IncrementalHoareTripleChecker+Valid, 258 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:38,613 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [386 Valid, 491 Invalid, 357 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [99 Valid, 258 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-20 10:30:38,616 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 427 states. [2022-11-20 10:30:38,681 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 427 to 397. [2022-11-20 10:30:38,683 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 397 states, 313 states have (on average 1.2044728434504792) internal successors, (377), 332 states have internal predecessors, (377), 45 states have call successors, (45), 33 states have call predecessors, (45), 38 states have return successors, (64), 43 states have call predecessors, (64), 45 states have call successors, (64) [2022-11-20 10:30:38,686 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 397 states to 397 states and 486 transitions. [2022-11-20 10:30:38,686 INFO L78 Accepts]: Start accepts. Automaton has 397 states and 486 transitions. Word has length 51 [2022-11-20 10:30:38,686 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:38,687 INFO L495 AbstractCegarLoop]: Abstraction has 397 states and 486 transitions. [2022-11-20 10:30:38,687 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.25) internal successors, (42), 7 states have internal predecessors, (42), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-20 10:30:38,687 INFO L276 IsEmpty]: Start isEmpty. Operand 397 states and 486 transitions. [2022-11-20 10:30:38,690 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 84 [2022-11-20 10:30:38,690 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 10:30:38,690 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:38,690 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-20 10:30:38,691 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 10:30:38,691 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 10:30:38,691 INFO L85 PathProgramCache]: Analyzing trace with hash -1979077538, now seen corresponding path program 1 times [2022-11-20 10:30:38,691 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-11-20 10:30:38,691 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1207928608] [2022-11-20 10:30:38,692 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:38,692 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 10:30:38,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-11-20 10:30:38,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-11-20 10:30:38,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-11-20 10:30:38,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-11-20 10:30:38,941 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-11-20 10:30:38,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-11-20 10:30:38,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:38,968 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 18 proven. 7 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-11-20 10:30:38,969 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-11-20 10:30:38,969 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1207928608] [2022-11-20 10:30:38,969 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1207928608] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 10:30:38,969 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [270432821] [2022-11-20 10:30:38,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 10:30:38,969 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-20 10:30:38,970 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 [2022-11-20 10:30:38,979 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-20 10:30:38,993 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-20 10:30:39,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 10:30:39,084 INFO L263 TraceCheckSpWp]: Trace formula consists of 305 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-20 10:30:39,101 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 10:30:39,311 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 23 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-20 10:30:39,311 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 10:30:39,538 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 6 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-11-20 10:30:39,539 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [270432821] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-20 10:30:39,539 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-20 10:30:39,539 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-11-20 10:30:39,539 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1676997580] [2022-11-20 10:30:39,539 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-20 10:30:39,540 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-20 10:30:39,540 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-11-20 10:30:39,541 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-20 10:30:39,541 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=35, Invalid=175, Unknown=0, NotChecked=0, Total=210 [2022-11-20 10:30:39,541 INFO L87 Difference]: Start difference. First operand 397 states and 486 transitions. Second operand has 15 states, 15 states have (on average 6.933333333333334) internal successors, (104), 11 states have internal predecessors, (104), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-11-20 10:30:40,209 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 10:30:40,210 INFO L93 Difference]: Finished difference Result 633 states and 801 transitions. [2022-11-20 10:30:40,210 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-20 10:30:40,210 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 6.933333333333334) internal successors, (104), 11 states have internal predecessors, (104), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) Word has length 83 [2022-11-20 10:30:40,211 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 10:30:40,211 INFO L225 Difference]: With dead ends: 633 [2022-11-20 10:30:40,211 INFO L226 Difference]: Without dead ends: 0 [2022-11-20 10:30:40,213 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 211 GetRequests, 178 SyntacticMatches, 4 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 166 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=176, Invalid=754, Unknown=0, NotChecked=0, Total=930 [2022-11-20 10:30:40,214 INFO L413 NwaCegarLoop]: 130 mSDtfsCounter, 250 mSDsluCounter, 721 mSDsCounter, 0 mSdLazyCounter, 474 mSolverCounterSat, 94 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 251 SdHoareTripleChecker+Valid, 851 SdHoareTripleChecker+Invalid, 568 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 94 IncrementalHoareTripleChecker+Valid, 474 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-20 10:30:40,215 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [251 Valid, 851 Invalid, 568 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [94 Valid, 474 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-20 10:30:40,216 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-20 10:30:40,216 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-20 10:30:40,216 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-20 10:30:40,217 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-20 10:30:40,217 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 83 [2022-11-20 10:30:40,217 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 10:30:40,217 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-20 10:30:40,218 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 6.933333333333334) internal successors, (104), 11 states have internal predecessors, (104), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-11-20 10:30:40,218 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-20 10:30:40,218 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-20 10:30:40,221 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-20 10:30:40,228 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-11-20 10:30:40,426 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-20 10:30:40,428 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-20 10:30:43,731 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 670 676) no Hoare annotation was computed. [2022-11-20 10:30:43,732 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 670 676) the Hoare annotation is: true [2022-11-20 10:30:43,732 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 496 507) the Hoare annotation is: true [2022-11-20 10:30:43,732 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 496 507) no Hoare annotation was computed. [2022-11-20 10:30:43,732 INFO L899 garLoopResultBuilder]: For program point L500-1(lines 496 507) no Hoare annotation was computed. [2022-11-20 10:30:43,732 INFO L899 garLoopResultBuilder]: For program point L864(line 864) no Hoare annotation was computed. [2022-11-20 10:30:43,732 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 853 882) no Hoare annotation was computed. [2022-11-20 10:30:43,732 INFO L902 garLoopResultBuilder]: At program point L863-2(lines 863 877) the Hoare annotation is: true [2022-11-20 10:30:43,732 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 853 882) the Hoare annotation is: true [2022-11-20 10:30:43,733 INFO L902 garLoopResultBuilder]: At program point L859(line 859) the Hoare annotation is: true [2022-11-20 10:30:43,733 INFO L899 garLoopResultBuilder]: For program point L859-1(line 859) no Hoare annotation was computed. [2022-11-20 10:30:43,733 INFO L902 garLoopResultBuilder]: At program point L878(lines 853 882) the Hoare annotation is: true [2022-11-20 10:30:43,733 INFO L899 garLoopResultBuilder]: For program point L874(line 874) no Hoare annotation was computed. [2022-11-20 10:30:43,733 INFO L899 garLoopResultBuilder]: For program point L867(lines 867 871) no Hoare annotation was computed. [2022-11-20 10:30:43,733 INFO L902 garLoopResultBuilder]: At program point L867-1(lines 867 871) the Hoare annotation is: true [2022-11-20 10:30:43,733 INFO L895 garLoopResultBuilder]: At program point L832(line 832) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (<= 1 ~pumpRunning~0)) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (= ~waterLevel~0 1)) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6) (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse7 (not (= |old(~waterLevel~0)| 1)) .cse0 (and (= ~pumpRunning~0 0) (= |timeShift_processEnvironment_~tmp~4#1| 0) .cse4)) (or .cse7 .cse0 .cse2 .cse6))) [2022-11-20 10:30:43,734 INFO L899 garLoopResultBuilder]: For program point L832-1(line 832) no Hoare annotation was computed. [2022-11-20 10:30:43,734 INFO L895 garLoopResultBuilder]: At program point L93(lines 88 95) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse4 .cse0 .cse2 .cse3))) [2022-11-20 10:30:43,734 INFO L895 garLoopResultBuilder]: At program point L692(line 692) the Hoare annotation is: (let ((.cse6 (= 1 ~systemActive~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 2 |old(~waterLevel~0)|))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (= ~pumpRunning~0 0)) (.cse7 (= |timeShift_processEnvironment_~tmp~4#1| 0)) (.cse0 (not .cse6))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 .cse0 .cse2 (and .cse5 .cse6 .cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse3) (or .cse4 (not (= |old(~waterLevel~0)| 1)) (and .cse5 .cse6 .cse7 (= ~waterLevel~0 1)) .cse0)))) [2022-11-20 10:30:43,734 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 643 669) no Hoare annotation was computed. [2022-11-20 10:30:43,734 INFO L895 garLoopResultBuilder]: At program point L697(line 697) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (<= 1 ~pumpRunning~0)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse5) (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse6 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse6 .cse0 .cse2 .cse5))) [2022-11-20 10:30:43,735 INFO L895 garLoopResultBuilder]: At program point L697-1(lines 678 702) the Hoare annotation is: (let ((.cse9 (= 1 ~systemActive~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (= ~waterLevel~0 1)) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not .cse9)) (.cse3 (<= 1 ~pumpRunning~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (= ~pumpRunning~0 0)) (.cse10 (= |timeShift_processEnvironment_~tmp~4#1| 0)) (.cse6 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6) (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse7 (not (= |old(~waterLevel~0)| 1)) (and .cse8 .cse9 .cse10 .cse4) .cse0) (let ((.cse11 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse7 .cse0 (and .cse3 .cse11) .cse2 (and .cse8 .cse9 .cse10 .cse11) .cse6))))) [2022-11-20 10:30:43,735 INFO L895 garLoopResultBuilder]: At program point L817(line 817) the Hoare annotation is: (let ((.cse5 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse5 .cse8)) (.cse4 (= ~pumpRunning~0 0)) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (and .cse4 .cse5 (= ~waterLevel~0 1)) .cse6 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse0 .cse1 .cse2 .cse3 .cse7) (or (and .cse4 .cse5 .cse8) .cse6 .cse0 .cse2 .cse7)))) [2022-11-20 10:30:43,735 INFO L899 garLoopResultBuilder]: For program point L817-1(line 817) no Hoare annotation was computed. [2022-11-20 10:30:43,735 INFO L899 garLoopResultBuilder]: For program point L784(lines 784 788) no Hoare annotation was computed. [2022-11-20 10:30:43,735 INFO L899 garLoopResultBuilder]: For program point L784-2(lines 784 788) no Hoare annotation was computed. [2022-11-20 10:30:43,735 INFO L899 garLoopResultBuilder]: For program point L553(lines 553 559) no Hoare annotation was computed. [2022-11-20 10:30:43,736 INFO L899 garLoopResultBuilder]: For program point L834(lines 834 844) no Hoare annotation was computed. [2022-11-20 10:30:43,736 INFO L895 garLoopResultBuilder]: At program point L545(lines 540 548) the Hoare annotation is: (let ((.cse8 (= 1 ~systemActive~0))) (let ((.cse10 (not (<= 2 |old(~waterLevel~0)|))) (.cse11 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (<= 1 ~pumpRunning~0)) (.cse13 (<= 1 ~switchedOnBeforeTS~0)) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (= ~pumpRunning~0 0)) (.cse9 (= |timeShift_processEnvironment_~tmp~4#1| 0)) (.cse12 (= ~waterLevel~0 1)) (.cse5 (not .cse8))) (and (let ((.cse1 (<= |timeShift_getWaterLevel_#res#1| 2)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (<= 2 |timeShift_getWaterLevel_#res#1|))) (or (and .cse0 .cse1 .cse2 .cse3) .cse4 .cse5 .cse6 (and .cse7 .cse1 .cse8 .cse9 .cse2 .cse3) .cse10)) (or .cse5 .cse11 .cse6 (and .cse0 .cse12 .cse13) .cse10) (or .cse5 .cse11 .cse6 (and .cse0 (<= ~waterLevel~0 2) .cse13) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 (not (= |old(~waterLevel~0)| 1)) (and .cse7 .cse8 .cse9 .cse12) .cse5)))) [2022-11-20 10:30:43,736 INFO L899 garLoopResultBuilder]: For program point L830(lines 830 847) no Hoare annotation was computed. [2022-11-20 10:30:43,736 INFO L895 garLoopResultBuilder]: At program point L830-1(lines 822 850) the Hoare annotation is: (let ((.cse14 (= 1 ~systemActive~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (<= 1 ~switchedOnBeforeTS~0)) (.cse3 (<= 1 ~pumpRunning~0)) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse13 (= ~pumpRunning~0 0)) (.cse15 (= |timeShift_processEnvironment_~tmp~4#1| 0)) (.cse4 (= ~waterLevel~0 1)) (.cse0 (not .cse14))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6) (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse5) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (let ((.cse8 (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1|)) (.cse9 (<= |timeShift_getWaterLevel_#res#1| 2)) (.cse10 (<= |timeShift___utac_acc__Specification5_spec__3_~tmp~6#1| 2)) (.cse11 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse12 (<= 2 |timeShift_getWaterLevel_#res#1|))) (or .cse7 (and .cse3 .cse8 .cse9 .cse10 .cse11 .cse12) .cse0 (and .cse13 .cse8 .cse9 .cse10 .cse14 .cse15 .cse11 .cse12) .cse2 .cse6)) (or .cse7 (not (= |old(~waterLevel~0)| 1)) (and .cse13 .cse14 .cse15 .cse4) .cse0)))) [2022-11-20 10:30:43,736 INFO L899 garLoopResultBuilder]: For program point L657-1(lines 657 663) no Hoare annotation was computed. [2022-11-20 10:30:43,737 INFO L895 garLoopResultBuilder]: At program point L558(lines 549 562) the Hoare annotation is: (let ((.cse3 (not (<= 2 |old(~waterLevel~0)|))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse5 (= ~pumpRunning~0 0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 (and .cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse2 .cse3) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0 (and (= |timeShift_isHighWaterSensorDry_#res#1| 1) .cse5 (= ~waterLevel~0 1))))) [2022-11-20 10:30:43,737 INFO L899 garLoopResultBuilder]: For program point L686(lines 686 694) no Hoare annotation was computed. [2022-11-20 10:30:43,737 INFO L899 garLoopResultBuilder]: For program point L682(lines 682 699) no Hoare annotation was computed. [2022-11-20 10:30:43,737 INFO L899 garLoopResultBuilder]: For program point L835(lines 835 841) no Hoare annotation was computed. [2022-11-20 10:30:43,737 INFO L899 garLoopResultBuilder]: For program point L476(lines 476 480) no Hoare annotation was computed. [2022-11-20 10:30:43,737 INFO L899 garLoopResultBuilder]: For program point L92(line 92) no Hoare annotation was computed. [2022-11-20 10:30:43,737 INFO L895 garLoopResultBuilder]: At program point L476-2(lines 472 483) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (<= 1 ~pumpRunning~0)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (= ~waterLevel~0 1) .cse4) .cse5) (or .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse6 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse6 .cse0 .cse2 .cse5))) [2022-11-20 10:30:43,738 INFO L895 garLoopResultBuilder]: At program point L790(lines 775 793) the Hoare annotation is: (let ((.cse3 (not (<= 2 |old(~waterLevel~0)|))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse5 (= ~pumpRunning~0 0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 (and .cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse2 .cse3) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0 (and .cse5 (= |timeShift_isHighWaterLevel_#res#1| 0) (= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0) (= ~waterLevel~0 1))))) [2022-11-20 10:30:43,738 INFO L895 garLoopResultBuilder]: At program point L819(lines 812 821) the Hoare annotation is: (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse3 (not (= 1 ~systemActive~0))) (.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (and (<= 1 ~pumpRunning~0) .cse2 (<= 1 ~switchedOnBeforeTS~0))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 (and .cse1 .cse2) .cse3 .cse4 .cse5) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse3 (and .cse1 (= ~waterLevel~0 1))) (or .cse3 .cse6 .cse7 .cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse6 .cse7 .cse4 .cse5)))) [2022-11-20 10:30:43,738 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 643 669) the Hoare annotation is: (let ((.cse5 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse5 .cse8)) (.cse4 (= ~pumpRunning~0 0)) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or (and .cse4 .cse5 (= ~waterLevel~0 1)) .cse6 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse0 .cse1 .cse2 .cse3 .cse7) (or (and .cse4 .cse5 .cse8) .cse6 .cse0 .cse2 .cse7)))) [2022-11-20 10:30:43,738 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 643 669) no Hoare annotation was computed. [2022-11-20 10:30:43,738 INFO L899 garLoopResultBuilder]: For program point L650(lines 650 656) no Hoare annotation was computed. [2022-11-20 10:30:43,741 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 92) no Hoare annotation was computed. [2022-11-20 10:30:43,742 INFO L899 garLoopResultBuilder]: For program point L650-2(lines 646 668) no Hoare annotation was computed. [2022-11-20 10:30:43,742 INFO L895 garLoopResultBuilder]: At program point L708(lines 703 710) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (<= 2 |old(~waterLevel~0)|))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse1 .cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 .cse0 (and (<= 1 ~pumpRunning~0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse2 .cse3) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0))) [2022-11-20 10:30:43,742 INFO L895 garLoopResultBuilder]: At program point L799(lines 794 801) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (<= 2 ~waterLevel~0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (<= ~waterLevel~0 2)) (.cse6 (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and .cse0 .cse2 .cse3 .cse4 .cse5 (<= 1 ~switchedOnBeforeTS~0) .cse6) (and .cse7 .cse2 .cse3 .cse4 (= ~waterLevel~0 1) .cse6) (and .cse7 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6))) [2022-11-20 10:30:43,743 INFO L899 garLoopResultBuilder]: For program point L597(lines 597 603) no Hoare annotation was computed. [2022-11-20 10:30:43,743 INFO L899 garLoopResultBuilder]: For program point L597-1(lines 597 603) no Hoare annotation was computed. [2022-11-20 10:30:43,743 INFO L902 garLoopResultBuilder]: At program point L944(lines 925 947) the Hoare annotation is: true [2022-11-20 10:30:43,744 INFO L895 garLoopResultBuilder]: At program point L911(lines 907 913) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)) [2022-11-20 10:30:43,744 INFO L895 garLoopResultBuilder]: At program point L622(lines 577 624) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (<= 2 ~waterLevel~0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (<= ~waterLevel~0 2)) (.cse6 (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and .cse0 .cse2 .cse3 .cse4 .cse5 (<= 1 ~switchedOnBeforeTS~0) .cse6) (and .cse7 .cse2 .cse3 .cse4 (= ~waterLevel~0 1) .cse6) (and .cse7 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6))) [2022-11-20 10:30:43,744 INFO L895 garLoopResultBuilder]: At program point L589(line 589) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (<= 2 ~waterLevel~0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (<= ~waterLevel~0 2)) (.cse6 (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and .cse0 .cse2 .cse3 .cse4 .cse5 (<= 1 ~switchedOnBeforeTS~0) .cse6) (and .cse7 .cse2 .cse3 .cse4 (= ~waterLevel~0 1) .cse6) (and .cse7 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6))) [2022-11-20 10:30:43,745 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-11-20 10:30:43,745 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-11-20 10:30:43,745 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-11-20 10:30:43,745 INFO L895 garLoopResultBuilder]: At program point L809(lines 804 811) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)) [2022-11-20 10:30:43,745 INFO L899 garLoopResultBuilder]: For program point L615(lines 615 619) no Hoare annotation was computed. [2022-11-20 10:30:43,746 INFO L895 garLoopResultBuilder]: At program point L615-2(lines 607 620) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (<= 2 ~waterLevel~0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (<= ~waterLevel~0 2)) (.cse6 (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and .cse0 .cse2 .cse3 .cse4 .cse5 (<= 1 ~switchedOnBeforeTS~0) .cse6) (and .cse7 .cse2 .cse3 .cse4 (= ~waterLevel~0 1) .cse6) (and .cse7 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6))) [2022-11-20 10:30:43,746 INFO L899 garLoopResultBuilder]: For program point L578(lines 577 624) no Hoare annotation was computed. [2022-11-20 10:30:43,746 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-20 10:30:43,746 INFO L899 garLoopResultBuilder]: For program point L607(lines 607 620) no Hoare annotation was computed. [2022-11-20 10:30:43,746 INFO L895 garLoopResultBuilder]: At program point L599(line 599) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (<= 2 ~waterLevel~0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse4 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse5 (<= ~waterLevel~0 2)) (.cse6 (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and .cse0 .cse2 .cse3 .cse4 .cse5 (<= 1 ~switchedOnBeforeTS~0) .cse6) (and .cse7 .cse2 .cse3 .cse4 (= ~waterLevel~0 1) .cse6) (and .cse7 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6))) [2022-11-20 10:30:43,747 INFO L902 garLoopResultBuilder]: At program point L628(lines 567 632) the Hoare annotation is: true [2022-11-20 10:30:43,747 INFO L895 garLoopResultBuilder]: At program point L83(lines 78 86) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-20 10:30:43,747 INFO L895 garLoopResultBuilder]: At program point L75(lines 71 77) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-20 10:30:43,747 INFO L899 garLoopResultBuilder]: For program point L587(lines 587 593) no Hoare annotation was computed. [2022-11-20 10:30:43,747 INFO L899 garLoopResultBuilder]: For program point L587-1(lines 587 593) no Hoare annotation was computed. [2022-11-20 10:30:43,748 INFO L899 garLoopResultBuilder]: For program point L579(lines 579 583) no Hoare annotation was computed. [2022-11-20 10:30:43,748 INFO L902 garLoopResultBuilder]: At program point L922(lines 914 924) the Hoare annotation is: true [2022-11-20 10:30:43,748 INFO L895 garLoopResultBuilder]: At program point L625(lines 576 626) the Hoare annotation is: false [2022-11-20 10:30:43,748 INFO L899 garLoopResultBuilder]: For program point L935(lines 935 942) no Hoare annotation was computed. [2022-11-20 10:30:43,748 INFO L899 garLoopResultBuilder]: For program point L935-2(lines 935 942) no Hoare annotation was computed. [2022-11-20 10:30:43,749 INFO L895 garLoopResultBuilder]: At program point L68(lines 64 70) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-11-20 10:30:43,749 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 484 495) no Hoare annotation was computed. [2022-11-20 10:30:43,749 INFO L899 garLoopResultBuilder]: For program point L488-1(lines 484 495) no Hoare annotation was computed. [2022-11-20 10:30:43,749 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 484 495) the Hoare annotation is: (let ((.cse0 (not (= ~pumpRunning~0 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 ~pumpRunning~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (= ~waterLevel~0 1)) (or .cse1 .cse5 .cse2 .cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse1 .cse5 .cse2 .cse3 .cse4))) [2022-11-20 10:30:43,749 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 730 738) no Hoare annotation was computed. [2022-11-20 10:30:43,750 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 730 738) the Hoare annotation is: true [2022-11-20 10:30:43,750 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 730 738) no Hoare annotation was computed. [2022-11-20 10:30:43,753 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 10:30:43,756 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-20 10:30:43,798 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.11 10:30:43 BoogieIcfgContainer [2022-11-20 10:30:43,803 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-20 10:30:43,804 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-20 10:30:43,804 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-20 10:30:43,804 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-20 10:30:43,805 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 10:30:35" (3/4) ... [2022-11-20 10:30:43,809 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-20 10:30:43,815 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-20 10:30:43,815 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-20 10:30:43,815 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-20 10:30:43,816 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-20 10:30:43,816 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-20 10:30:43,816 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-20 10:30:43,825 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 20 nodes and edges [2022-11-20 10:30:43,825 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 8 nodes and edges [2022-11-20 10:30:43,826 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 4 nodes and edges [2022-11-20 10:30:43,826 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-20 10:30:43,826 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-20 10:30:43,854 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 [2022-11-20 10:30:43,855 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive [2022-11-20 10:30:43,855 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive [2022-11-20 10:30:43,855 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) || ((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == systemActive)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel == 1) && tmp == systemActive)) || ((((((pumpRunning == 0 && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) [2022-11-20 10:30:43,857 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-11-20 10:30:43,858 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-11-20 10:30:43,858 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) || ((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == systemActive)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel == 1) && tmp == systemActive)) || ((((((pumpRunning == 0 && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) [2022-11-20 10:30:43,859 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (((((1 <= pumpRunning && 1 < tmp) && \result <= 2) && tmp <= 2) && \old(waterLevel) == waterLevel) && 2 <= \result)) || !(1 == systemActive)) || (((((((pumpRunning == 0 && 1 < tmp) && \result <= 2) && tmp <= 2) && 1 == systemActive) && tmp == 0) && \old(waterLevel) == waterLevel) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && waterLevel == 1)) || !(1 == systemActive)) [2022-11-20 10:30:43,859 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && waterLevel == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) [2022-11-20 10:30:43,860 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-11-20 10:30:43,860 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((1 <= pumpRunning && \result <= 2) && \old(waterLevel) == waterLevel) && 2 <= \result) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == 0 && \result <= 2) && 1 == systemActive) && tmp == 0) && \old(waterLevel) == waterLevel) && 2 <= \result)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && waterLevel == 1)) || !(1 == systemActive)) [2022-11-20 10:30:43,860 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((\result == 1 && pumpRunning == 0) && waterLevel == 1)) [2022-11-20 10:30:43,861 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (((pumpRunning == 0 && \result == 0) && tmp___0 == 0) && waterLevel == 1)) [2022-11-20 10:30:43,861 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) [2022-11-20 10:30:43,902 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/witness.graphml [2022-11-20 10:30:43,902 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-20 10:30:43,903 INFO L158 Benchmark]: Toolchain (without parser) took 9787.24ms. Allocated memory was 153.1MB in the beginning and 184.5MB in the end (delta: 31.5MB). Free memory was 114.0MB in the beginning and 53.5MB in the end (delta: 60.5MB). Peak memory consumption was 93.9MB. Max. memory is 16.1GB. [2022-11-20 10:30:43,903 INFO L158 Benchmark]: CDTParser took 0.28ms. Allocated memory is still 113.2MB. Free memory is still 88.4MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-20 10:30:43,904 INFO L158 Benchmark]: CACSL2BoogieTranslator took 535.13ms. Allocated memory is still 153.1MB. Free memory was 114.0MB in the beginning and 95.6MB in the end (delta: 18.4MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-20 10:30:43,904 INFO L158 Benchmark]: Boogie Procedure Inliner took 75.94ms. Allocated memory is still 153.1MB. Free memory was 95.1MB in the beginning and 93.0MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-20 10:30:43,905 INFO L158 Benchmark]: Boogie Preprocessor took 57.36ms. Allocated memory is still 153.1MB. Free memory was 93.0MB in the beginning and 91.8MB in the end (delta: 1.2MB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-20 10:30:43,905 INFO L158 Benchmark]: RCFGBuilder took 591.28ms. Allocated memory is still 153.1MB. Free memory was 91.8MB in the beginning and 76.2MB in the end (delta: 15.6MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2022-11-20 10:30:43,906 INFO L158 Benchmark]: TraceAbstraction took 8422.37ms. Allocated memory was 153.1MB in the beginning and 184.5MB in the end (delta: 31.5MB). Free memory was 75.8MB in the beginning and 58.7MB in the end (delta: 17.1MB). Peak memory consumption was 64.6MB. Max. memory is 16.1GB. [2022-11-20 10:30:43,907 INFO L158 Benchmark]: Witness Printer took 98.35ms. Allocated memory is still 184.5MB. Free memory was 58.7MB in the beginning and 53.5MB in the end (delta: 5.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-20 10:30:43,909 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.28ms. Allocated memory is still 113.2MB. Free memory is still 88.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 535.13ms. Allocated memory is still 153.1MB. Free memory was 114.0MB in the beginning and 95.6MB in the end (delta: 18.4MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 75.94ms. Allocated memory is still 153.1MB. Free memory was 95.1MB in the beginning and 93.0MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 57.36ms. Allocated memory is still 153.1MB. Free memory was 93.0MB in the beginning and 91.8MB in the end (delta: 1.2MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 591.28ms. Allocated memory is still 153.1MB. Free memory was 91.8MB in the beginning and 76.2MB in the end (delta: 15.6MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 8422.37ms. Allocated memory was 153.1MB in the beginning and 184.5MB in the end (delta: 31.5MB). Free memory was 75.8MB in the beginning and 58.7MB in the end (delta: 17.1MB). Peak memory consumption was 64.6MB. Max. memory is 16.1GB. * Witness Printer took 98.35ms. Allocated memory is still 184.5MB. Free memory was 58.7MB in the beginning and 53.5MB in the end (delta: 5.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 92]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 7 procedures, 81 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 8.2s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 1.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 3.3s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 974 SdHoareTripleChecker+Valid, 0.9s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 957 mSDsluCounter, 3039 SdHoareTripleChecker+Invalid, 0.7s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2085 mSDsCounter, 224 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 855 IncrementalHoareTripleChecker+Invalid, 1079 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 224 mSolverCounterUnsat, 954 mSDtfsCounter, 855 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 313 GetRequests, 239 SyntacticMatches, 4 SemanticMatches, 70 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 227 ImplicationChecksByTransitivity, 0.6s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=397occurred in iteration=9, InterpolantAutomatonStates: 71, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 10 MinimizatonAttempts, 76 StatesRemovedByMinimization, 6 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 37 LocationsWithAnnotation, 612 PreInvPairs, 719 NumberOfFragments, 1943 HoareAnnotationTreeSize, 612 FomulaSimplifications, 601 FormulaSimplificationTreeSizeReduction, 0.2s HoareSimplificationTime, 37 FomulaSimplificationsInter, 3371 FormulaSimplificationTreeSizeReductionInter, 3.0s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.9s InterpolantComputationTime, 553 NumberOfCodeBlocks, 553 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 624 ConstructedInterpolants, 0 QuantifiedInterpolants, 1299 SizeOfPredicates, 3 NumberOfNonLiveVariables, 305 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 97/117 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 914]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 925]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 576]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 804]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive - InvariantResult [Line: 907]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive - InvariantResult [Line: 78]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 - InvariantResult [Line: 64]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 794]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) || ((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == systemActive)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel == 1) && tmp == systemActive)) || ((((((pumpRunning == 0 && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) - InvariantResult [Line: 775]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (((pumpRunning == 0 && \result == 0) && tmp___0 == 0) && waterLevel == 1)) - InvariantResult [Line: 812]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 678]: Loop Invariant Derived loop invariant: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && waterLevel == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 853]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 549]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((\result == 1 && pumpRunning == 0) && waterLevel == 1)) - InvariantResult [Line: 71]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 577]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) || ((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && 1 <= switchedOnBeforeTS) && tmp == systemActive)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel == 1) && tmp == systemActive)) || ((((((pumpRunning == 0 && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == systemActive) - InvariantResult [Line: 540]: Loop Invariant Derived loop invariant: ((((((((((1 <= pumpRunning && \result <= 2) && \old(waterLevel) == waterLevel) && 2 <= \result) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || (((((pumpRunning == 0 && \result <= 2) && 1 == systemActive) && tmp == 0) && \old(waterLevel) == waterLevel) && 2 <= \result)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && waterLevel == 1)) || !(1 == systemActive)) - InvariantResult [Line: 472]: Loop Invariant Derived loop invariant: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 703]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) - InvariantResult [Line: 567]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 822]: Loop Invariant Derived loop invariant: ((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel <= 2) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(\old(pumpRunning) == 0) || (((((1 <= pumpRunning && 1 < tmp) && \result <= 2) && tmp <= 2) && \old(waterLevel) == waterLevel) && 2 <= \result)) || !(1 == systemActive)) || (((((((pumpRunning == 0 && 1 < tmp) && \result <= 2) && tmp <= 2) && 1 == systemActive) && tmp == 0) && \old(waterLevel) == waterLevel) && 2 <= \result)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (((pumpRunning == 0 && 1 == systemActive) && tmp == 0) && waterLevel == 1)) || !(1 == systemActive)) - InvariantResult [Line: 88]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(\old(waterLevel) <= 2)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 863]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-11-20 10:30:43,963 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5a6e295-d30a-4a9c-97e0-0b1700ac2e38/bin/uautomizer-ug76WZFUDN/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE