./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 2329fc70 Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash e5a4c274bc0fec0eeea8ea2f72c4bc5bbc7aef2fd24f2cf907e22c2c7f3759d4 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-2329fc7 [2022-12-13 11:39:51,796 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-12-13 11:39:51,798 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-12-13 11:39:51,816 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-12-13 11:39:51,816 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-12-13 11:39:51,817 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-12-13 11:39:51,818 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-12-13 11:39:51,820 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-12-13 11:39:51,821 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-12-13 11:39:51,822 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-12-13 11:39:51,823 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-12-13 11:39:51,824 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-12-13 11:39:51,824 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-12-13 11:39:51,825 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-12-13 11:39:51,826 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-12-13 11:39:51,827 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-12-13 11:39:51,828 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-12-13 11:39:51,829 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-12-13 11:39:51,830 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-12-13 11:39:51,832 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-12-13 11:39:51,833 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-12-13 11:39:51,834 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-12-13 11:39:51,835 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-12-13 11:39:51,836 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-12-13 11:39:51,839 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-12-13 11:39:51,840 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-12-13 11:39:51,840 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-12-13 11:39:51,841 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-12-13 11:39:51,841 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-12-13 11:39:51,842 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-12-13 11:39:51,842 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-12-13 11:39:51,843 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-12-13 11:39:51,843 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-12-13 11:39:51,844 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-12-13 11:39:51,845 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-12-13 11:39:51,845 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-12-13 11:39:51,846 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-12-13 11:39:51,846 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-12-13 11:39:51,846 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-12-13 11:39:51,847 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-12-13 11:39:51,847 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-12-13 11:39:51,848 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-12-13 11:39:51,865 INFO L113 SettingsManager]: Loading preferences was successful [2022-12-13 11:39:51,866 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-12-13 11:39:51,866 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-12-13 11:39:51,866 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-12-13 11:39:51,867 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-12-13 11:39:51,867 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-12-13 11:39:51,867 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-12-13 11:39:51,868 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-12-13 11:39:51,868 INFO L138 SettingsManager]: * Use SBE=true [2022-12-13 11:39:51,868 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-12-13 11:39:51,868 INFO L138 SettingsManager]: * sizeof long=4 [2022-12-13 11:39:51,868 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-12-13 11:39:51,868 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-12-13 11:39:51,869 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-12-13 11:39:51,869 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-12-13 11:39:51,869 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-12-13 11:39:51,869 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-12-13 11:39:51,869 INFO L138 SettingsManager]: * sizeof long double=12 [2022-12-13 11:39:51,869 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-12-13 11:39:51,870 INFO L138 SettingsManager]: * Use constant arrays=true [2022-12-13 11:39:51,870 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-12-13 11:39:51,870 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-12-13 11:39:51,870 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-12-13 11:39:51,870 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-12-13 11:39:51,870 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-12-13 11:39:51,871 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-12-13 11:39:51,871 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-12-13 11:39:51,871 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-12-13 11:39:51,871 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-12-13 11:39:51,871 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-12-13 11:39:51,871 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-12-13 11:39:51,871 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-12-13 11:39:51,872 INFO L138 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2022-12-13 11:39:51,872 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-12-13 11:39:51,872 INFO L138 SettingsManager]: * Independence relation used for large block encoding in concurrent analysis=SYNTACTIC [2022-12-13 11:39:51,872 INFO L138 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> e5a4c274bc0fec0eeea8ea2f72c4bc5bbc7aef2fd24f2cf907e22c2c7f3759d4 [2022-12-13 11:39:52,062 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-12-13 11:39:52,078 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-12-13 11:39:52,080 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-12-13 11:39:52,081 INFO L271 PluginConnector]: Initializing CDTParser... [2022-12-13 11:39:52,082 INFO L275 PluginConnector]: CDTParser initialized [2022-12-13 11:39:52,083 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/../../sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c [2022-12-13 11:39:54,692 INFO L500 CDTParser]: Created temporary CDT project at NULL [2022-12-13 11:39:54,870 INFO L351 CDTParser]: Found 1 translation units. [2022-12-13 11:39:54,871 INFO L172 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c [2022-12-13 11:39:54,880 INFO L394 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/data/e67430de8/8b8d1e69042a474c8db9933419d74ac5/FLAGc1f799269 [2022-12-13 11:39:54,890 INFO L402 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/data/e67430de8/8b8d1e69042a474c8db9933419d74ac5 [2022-12-13 11:39:54,892 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-12-13 11:39:54,893 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-12-13 11:39:54,894 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-12-13 11:39:54,894 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-12-13 11:39:54,897 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-12-13 11:39:54,897 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 13.12 11:39:54" (1/1) ... [2022-12-13 11:39:54,898 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1c11ce89 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:54, skipping insertion in model container [2022-12-13 11:39:54,898 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 13.12 11:39:54" (1/1) ... [2022-12-13 11:39:54,905 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-12-13 11:39:54,941 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-12-13 11:39:55,113 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c[18537,18550] [2022-12-13 11:39:55,116 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-12-13 11:39:55,124 INFO L203 MainTranslator]: Completed pre-run [2022-12-13 11:39:55,166 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/sv-benchmarks/c/product-lines/minepump_spec5_product43.cil.c[18537,18550] [2022-12-13 11:39:55,166 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-12-13 11:39:55,178 INFO L208 MainTranslator]: Completed translation [2022-12-13 11:39:55,178 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55 WrapperNode [2022-12-13 11:39:55,179 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-12-13 11:39:55,179 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-12-13 11:39:55,179 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-12-13 11:39:55,179 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-12-13 11:39:55,185 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,194 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,210 INFO L138 Inliner]: procedures = 56, calls = 100, calls flagged for inlining = 26, calls inlined = 23, statements flattened = 202 [2022-12-13 11:39:55,210 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-12-13 11:39:55,210 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-12-13 11:39:55,211 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-12-13 11:39:55,211 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-12-13 11:39:55,218 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,218 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,219 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,219 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,222 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,225 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,226 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,227 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,228 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-12-13 11:39:55,229 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-12-13 11:39:55,229 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-12-13 11:39:55,229 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-12-13 11:39:55,230 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (1/1) ... [2022-12-13 11:39:55,235 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-12-13 11:39:55,244 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 [2022-12-13 11:39:55,253 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-12-13 11:39:55,255 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-12-13 11:39:55,287 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-12-13 11:39:55,287 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-12-13 11:39:55,287 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-12-13 11:39:55,287 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-12-13 11:39:55,288 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-12-13 11:39:55,288 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-12-13 11:39:55,288 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-12-13 11:39:55,288 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-12-13 11:39:55,288 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-12-13 11:39:55,288 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-12-13 11:39:55,288 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-12-13 11:39:55,288 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-12-13 11:39:55,289 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-12-13 11:39:55,289 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-12-13 11:39:55,289 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-12-13 11:39:55,289 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-12-13 11:39:55,352 INFO L235 CfgBuilder]: Building ICFG [2022-12-13 11:39:55,354 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-12-13 11:39:55,550 INFO L276 CfgBuilder]: Performing block encoding [2022-12-13 11:39:55,556 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-12-13 11:39:55,556 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-12-13 11:39:55,557 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.12 11:39:55 BoogieIcfgContainer [2022-12-13 11:39:55,557 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-12-13 11:39:55,559 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-12-13 11:39:55,559 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-12-13 11:39:55,561 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-12-13 11:39:55,562 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 13.12 11:39:54" (1/3) ... [2022-12-13 11:39:55,562 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@57a86ae5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 13.12 11:39:55, skipping insertion in model container [2022-12-13 11:39:55,562 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 13.12 11:39:55" (2/3) ... [2022-12-13 11:39:55,563 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@57a86ae5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 13.12 11:39:55, skipping insertion in model container [2022-12-13 11:39:55,563 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.12 11:39:55" (3/3) ... [2022-12-13 11:39:55,564 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product43.cil.c [2022-12-13 11:39:55,578 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-12-13 11:39:55,578 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-12-13 11:39:55,616 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-12-13 11:39:55,621 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@48815de6, mLbeIndependenceSettings=[IndependenceType=SYNTACTIC, AbstractionType=NONE, UseConditional=, UseSemiCommutativity=, Solver=, SolverTimeout=] [2022-12-13 11:39:55,621 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-12-13 11:39:55,626 INFO L276 IsEmpty]: Start isEmpty. Operand has 88 states, 70 states have (on average 1.3714285714285714) internal successors, (96), 76 states have internal predecessors, (96), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2022-12-13 11:39:55,633 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-12-13 11:39:55,633 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:55,634 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:55,634 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:55,638 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:55,639 INFO L85 PathProgramCache]: Analyzing trace with hash 991645006, now seen corresponding path program 1 times [2022-12-13 11:39:55,645 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:55,646 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1774703288] [2022-12-13 11:39:55,646 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:55,646 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:55,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:55,814 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-12-13 11:39:55,816 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:55,821 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-12-13 11:39:55,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:55,827 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:55,827 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:55,828 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1774703288] [2022-12-13 11:39:55,828 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1774703288] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:55,829 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:55,829 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-12-13 11:39:55,830 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [635588355] [2022-12-13 11:39:55,831 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:55,835 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-12-13 11:39:55,835 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:55,865 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-12-13 11:39:55,865 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-12-13 11:39:55,868 INFO L87 Difference]: Start difference. First operand has 88 states, 70 states have (on average 1.3714285714285714) internal successors, (96), 76 states have internal predecessors, (96), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-12-13 11:39:55,903 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:55,903 INFO L93 Difference]: Finished difference Result 167 states and 226 transitions. [2022-12-13 11:39:55,904 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-12-13 11:39:55,905 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2022-12-13 11:39:55,905 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:55,914 INFO L225 Difference]: With dead ends: 167 [2022-12-13 11:39:55,915 INFO L226 Difference]: Without dead ends: 79 [2022-12-13 11:39:55,918 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-12-13 11:39:55,922 INFO L413 NwaCegarLoop]: 110 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 110 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:55,923 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 110 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:55,939 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 79 states. [2022-12-13 11:39:55,957 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 79 to 79. [2022-12-13 11:39:55,958 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 79 states, 63 states have (on average 1.3015873015873016) internal successors, (82), 68 states have internal predecessors, (82), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-12-13 11:39:55,960 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 101 transitions. [2022-12-13 11:39:55,961 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 101 transitions. Word has length 32 [2022-12-13 11:39:55,961 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:55,961 INFO L495 AbstractCegarLoop]: Abstraction has 79 states and 101 transitions. [2022-12-13 11:39:55,961 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-12-13 11:39:55,962 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 101 transitions. [2022-12-13 11:39:55,963 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-12-13 11:39:55,963 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:55,963 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:55,964 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-12-13 11:39:55,964 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:55,964 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:55,964 INFO L85 PathProgramCache]: Analyzing trace with hash -43910683, now seen corresponding path program 1 times [2022-12-13 11:39:55,965 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:55,965 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1706746056] [2022-12-13 11:39:55,965 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:55,965 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:55,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-12-13 11:39:56,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-12-13 11:39:56,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,044 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:56,044 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:56,044 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1706746056] [2022-12-13 11:39:56,044 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1706746056] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:56,044 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:56,045 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-12-13 11:39:56,045 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1236658493] [2022-12-13 11:39:56,045 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:56,046 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-12-13 11:39:56,046 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:56,047 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-12-13 11:39:56,047 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-12-13 11:39:56,047 INFO L87 Difference]: Start difference. First operand 79 states and 101 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-12-13 11:39:56,060 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:56,061 INFO L93 Difference]: Finished difference Result 119 states and 152 transitions. [2022-12-13 11:39:56,061 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-12-13 11:39:56,061 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 33 [2022-12-13 11:39:56,062 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:56,063 INFO L225 Difference]: With dead ends: 119 [2022-12-13 11:39:56,063 INFO L226 Difference]: Without dead ends: 70 [2022-12-13 11:39:56,064 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-12-13 11:39:56,064 INFO L413 NwaCegarLoop]: 88 mSDtfsCounter, 17 mSDsluCounter, 67 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 155 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:56,065 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 155 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:56,065 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 70 states. [2022-12-13 11:39:56,070 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 70 to 70. [2022-12-13 11:39:56,070 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 70 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 62 states have internal predecessors, (75), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-12-13 11:39:56,071 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 70 states to 70 states and 89 transitions. [2022-12-13 11:39:56,071 INFO L78 Accepts]: Start accepts. Automaton has 70 states and 89 transitions. Word has length 33 [2022-12-13 11:39:56,072 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:56,072 INFO L495 AbstractCegarLoop]: Abstraction has 70 states and 89 transitions. [2022-12-13 11:39:56,072 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-12-13 11:39:56,072 INFO L276 IsEmpty]: Start isEmpty. Operand 70 states and 89 transitions. [2022-12-13 11:39:56,073 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-12-13 11:39:56,074 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:56,074 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:56,074 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-12-13 11:39:56,074 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:56,074 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:56,075 INFO L85 PathProgramCache]: Analyzing trace with hash -1721110732, now seen corresponding path program 1 times [2022-12-13 11:39:56,075 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:56,075 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1432462502] [2022-12-13 11:39:56,075 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:56,075 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:56,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-12-13 11:39:56,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-12-13 11:39:56,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,216 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:56,216 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:56,216 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1432462502] [2022-12-13 11:39:56,216 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1432462502] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:56,217 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:56,217 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-12-13 11:39:56,217 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1583072147] [2022-12-13 11:39:56,217 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:56,217 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-12-13 11:39:56,218 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:56,218 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-12-13 11:39:56,219 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-12-13 11:39:56,219 INFO L87 Difference]: Start difference. First operand 70 states and 89 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:56,350 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:56,350 INFO L93 Difference]: Finished difference Result 237 states and 310 transitions. [2022-12-13 11:39:56,351 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-12-13 11:39:56,351 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2022-12-13 11:39:56,352 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:56,354 INFO L225 Difference]: With dead ends: 237 [2022-12-13 11:39:56,354 INFO L226 Difference]: Without dead ends: 175 [2022-12-13 11:39:56,355 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-12-13 11:39:56,356 INFO L413 NwaCegarLoop]: 109 mSDtfsCounter, 183 mSDsluCounter, 367 mSDsCounter, 0 mSdLazyCounter, 74 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 476 SdHoareTripleChecker+Invalid, 84 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 74 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:56,356 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [183 Valid, 476 Invalid, 84 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 74 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-12-13 11:39:56,357 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 175 states. [2022-12-13 11:39:56,373 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 175 to 165. [2022-12-13 11:39:56,374 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 165 states, 131 states have (on average 1.3435114503816794) internal successors, (176), 142 states have internal predecessors, (176), 19 states have call successors, (19), 14 states have call predecessors, (19), 14 states have return successors, (20), 17 states have call predecessors, (20), 19 states have call successors, (20) [2022-12-13 11:39:56,375 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 165 states to 165 states and 215 transitions. [2022-12-13 11:39:56,376 INFO L78 Accepts]: Start accepts. Automaton has 165 states and 215 transitions. Word has length 37 [2022-12-13 11:39:56,376 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:56,376 INFO L495 AbstractCegarLoop]: Abstraction has 165 states and 215 transitions. [2022-12-13 11:39:56,376 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:56,376 INFO L276 IsEmpty]: Start isEmpty. Operand 165 states and 215 transitions. [2022-12-13 11:39:56,377 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-12-13 11:39:56,377 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:56,378 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:56,378 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-12-13 11:39:56,378 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:56,378 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:56,378 INFO L85 PathProgramCache]: Analyzing trace with hash 845444465, now seen corresponding path program 1 times [2022-12-13 11:39:56,378 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:56,379 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [814308860] [2022-12-13 11:39:56,379 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:56,379 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:56,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,449 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-12-13 11:39:56,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,454 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-12-13 11:39:56,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,456 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 34 [2022-12-13 11:39:56,457 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,458 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:56,458 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:56,458 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [814308860] [2022-12-13 11:39:56,458 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [814308860] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:56,459 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:56,459 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-12-13 11:39:56,459 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2078574568] [2022-12-13 11:39:56,459 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:56,459 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-12-13 11:39:56,459 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:56,460 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-12-13 11:39:56,460 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-12-13 11:39:56,460 INFO L87 Difference]: Start difference. First operand 165 states and 215 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-12-13 11:39:56,490 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:56,490 INFO L93 Difference]: Finished difference Result 407 states and 539 transitions. [2022-12-13 11:39:56,491 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-12-13 11:39:56,491 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 42 [2022-12-13 11:39:56,491 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:56,492 INFO L225 Difference]: With dead ends: 407 [2022-12-13 11:39:56,492 INFO L226 Difference]: Without dead ends: 250 [2022-12-13 11:39:56,493 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-12-13 11:39:56,494 INFO L413 NwaCegarLoop]: 97 mSDtfsCounter, 57 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 153 SdHoareTripleChecker+Invalid, 14 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:56,494 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [57 Valid, 153 Invalid, 14 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:56,495 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 250 states. [2022-12-13 11:39:56,513 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 250 to 248. [2022-12-13 11:39:56,513 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 248 states, 194 states have (on average 1.3144329896907216) internal successors, (255), 209 states have internal predecessors, (255), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-12-13 11:39:56,515 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 248 states to 248 states and 319 transitions. [2022-12-13 11:39:56,515 INFO L78 Accepts]: Start accepts. Automaton has 248 states and 319 transitions. Word has length 42 [2022-12-13 11:39:56,515 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:56,515 INFO L495 AbstractCegarLoop]: Abstraction has 248 states and 319 transitions. [2022-12-13 11:39:56,516 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-12-13 11:39:56,516 INFO L276 IsEmpty]: Start isEmpty. Operand 248 states and 319 transitions. [2022-12-13 11:39:56,516 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-12-13 11:39:56,516 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:56,517 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:56,517 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-12-13 11:39:56,517 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:56,517 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:56,517 INFO L85 PathProgramCache]: Analyzing trace with hash 1493412905, now seen corresponding path program 1 times [2022-12-13 11:39:56,517 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:56,518 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [577676167] [2022-12-13 11:39:56,518 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:56,518 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:56,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,584 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-12-13 11:39:56,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,588 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-12-13 11:39:56,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,599 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-12-13 11:39:56,599 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:56,599 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [577676167] [2022-12-13 11:39:56,599 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [577676167] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:56,600 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:56,600 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-12-13 11:39:56,600 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [348556147] [2022-12-13 11:39:56,600 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:56,600 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-12-13 11:39:56,600 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:56,601 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-12-13 11:39:56,601 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-12-13 11:39:56,601 INFO L87 Difference]: Start difference. First operand 248 states and 319 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-12-13 11:39:56,685 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:56,685 INFO L93 Difference]: Finished difference Result 500 states and 651 transitions. [2022-12-13 11:39:56,685 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-12-13 11:39:56,685 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-12-13 11:39:56,686 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:56,689 INFO L225 Difference]: With dead ends: 500 [2022-12-13 11:39:56,689 INFO L226 Difference]: Without dead ends: 260 [2022-12-13 11:39:56,690 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-12-13 11:39:56,691 INFO L413 NwaCegarLoop]: 99 mSDtfsCounter, 47 mSDsluCounter, 320 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 48 SdHoareTripleChecker+Valid, 419 SdHoareTripleChecker+Invalid, 60 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:56,691 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [48 Valid, 419 Invalid, 60 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 55 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:56,692 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 260 states. [2022-12-13 11:39:56,708 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 260 to 245. [2022-12-13 11:39:56,708 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 245 states, 191 states have (on average 1.287958115183246) internal successors, (246), 206 states have internal predecessors, (246), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-12-13 11:39:56,709 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 245 states to 245 states and 310 transitions. [2022-12-13 11:39:56,710 INFO L78 Accepts]: Start accepts. Automaton has 245 states and 310 transitions. Word has length 41 [2022-12-13 11:39:56,710 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:56,710 INFO L495 AbstractCegarLoop]: Abstraction has 245 states and 310 transitions. [2022-12-13 11:39:56,710 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-12-13 11:39:56,710 INFO L276 IsEmpty]: Start isEmpty. Operand 245 states and 310 transitions. [2022-12-13 11:39:56,711 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-12-13 11:39:56,711 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:56,712 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:56,712 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-12-13 11:39:56,712 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:56,712 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:56,712 INFO L85 PathProgramCache]: Analyzing trace with hash -1271259535, now seen corresponding path program 1 times [2022-12-13 11:39:56,712 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:56,713 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [854727261] [2022-12-13 11:39:56,713 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:56,713 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:56,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,777 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-12-13 11:39:56,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-12-13 11:39:56,781 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,782 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:56,782 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:56,783 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [854727261] [2022-12-13 11:39:56,783 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [854727261] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:56,783 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:56,783 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-12-13 11:39:56,783 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [552905786] [2022-12-13 11:39:56,783 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:56,784 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-12-13 11:39:56,784 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:56,784 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-12-13 11:39:56,785 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-12-13 11:39:56,785 INFO L87 Difference]: Start difference. First operand 245 states and 310 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:56,835 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:56,835 INFO L93 Difference]: Finished difference Result 530 states and 688 transitions. [2022-12-13 11:39:56,836 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-12-13 11:39:56,836 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-12-13 11:39:56,836 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:56,838 INFO L225 Difference]: With dead ends: 530 [2022-12-13 11:39:56,838 INFO L226 Difference]: Without dead ends: 293 [2022-12-13 11:39:56,839 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-12-13 11:39:56,840 INFO L413 NwaCegarLoop]: 101 mSDtfsCounter, 40 mSDsluCounter, 278 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 42 SdHoareTripleChecker+Valid, 379 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:56,841 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [42 Valid, 379 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:56,842 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 293 states. [2022-12-13 11:39:56,864 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 293 to 251. [2022-12-13 11:39:56,865 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 251 states, 197 states have (on average 1.2791878172588833) internal successors, (252), 212 states have internal predecessors, (252), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-12-13 11:39:56,867 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 251 states to 251 states and 316 transitions. [2022-12-13 11:39:56,867 INFO L78 Accepts]: Start accepts. Automaton has 251 states and 316 transitions. Word has length 50 [2022-12-13 11:39:56,867 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:56,867 INFO L495 AbstractCegarLoop]: Abstraction has 251 states and 316 transitions. [2022-12-13 11:39:56,868 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:56,868 INFO L276 IsEmpty]: Start isEmpty. Operand 251 states and 316 transitions. [2022-12-13 11:39:56,869 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-12-13 11:39:56,869 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:56,869 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:56,870 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-12-13 11:39:56,870 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:56,870 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:56,870 INFO L85 PathProgramCache]: Analyzing trace with hash -848557709, now seen corresponding path program 1 times [2022-12-13 11:39:56,870 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:56,870 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1728588541] [2022-12-13 11:39:56,871 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:56,871 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:56,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-12-13 11:39:56,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-12-13 11:39:56,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:56,953 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:56,953 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:56,953 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1728588541] [2022-12-13 11:39:56,953 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1728588541] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:56,953 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:56,954 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-12-13 11:39:56,954 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [652274212] [2022-12-13 11:39:56,954 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:56,954 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-12-13 11:39:56,954 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:56,955 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-12-13 11:39:56,955 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-12-13 11:39:56,955 INFO L87 Difference]: Start difference. First operand 251 states and 316 transitions. Second operand has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:57,008 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:57,009 INFO L93 Difference]: Finished difference Result 548 states and 708 transitions. [2022-12-13 11:39:57,009 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-12-13 11:39:57,009 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-12-13 11:39:57,010 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:57,011 INFO L225 Difference]: With dead ends: 548 [2022-12-13 11:39:57,011 INFO L226 Difference]: Without dead ends: 305 [2022-12-13 11:39:57,012 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=39, Unknown=0, NotChecked=0, Total=56 [2022-12-13 11:39:57,012 INFO L413 NwaCegarLoop]: 111 mSDtfsCounter, 73 mSDsluCounter, 355 mSDsCounter, 0 mSdLazyCounter, 19 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 75 SdHoareTripleChecker+Valid, 466 SdHoareTripleChecker+Invalid, 30 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 19 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:57,013 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [75 Valid, 466 Invalid, 30 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 19 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:57,013 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 305 states. [2022-12-13 11:39:57,028 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 305 to 255. [2022-12-13 11:39:57,029 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 255 states, 201 states have (on average 1.2736318407960199) internal successors, (256), 216 states have internal predecessors, (256), 29 states have call successors, (29), 24 states have call predecessors, (29), 24 states have return successors, (35), 29 states have call predecessors, (35), 29 states have call successors, (35) [2022-12-13 11:39:57,030 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 255 states to 255 states and 320 transitions. [2022-12-13 11:39:57,030 INFO L78 Accepts]: Start accepts. Automaton has 255 states and 320 transitions. Word has length 50 [2022-12-13 11:39:57,030 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:57,030 INFO L495 AbstractCegarLoop]: Abstraction has 255 states and 320 transitions. [2022-12-13 11:39:57,030 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.166666666666667) internal successors, (43), 6 states have internal predecessors, (43), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:57,030 INFO L276 IsEmpty]: Start isEmpty. Operand 255 states and 320 transitions. [2022-12-13 11:39:57,031 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-12-13 11:39:57,031 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:57,031 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:57,031 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-12-13 11:39:57,031 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:57,032 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:57,032 INFO L85 PathProgramCache]: Analyzing trace with hash 1640971253, now seen corresponding path program 1 times [2022-12-13 11:39:57,032 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:57,032 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [615376720] [2022-12-13 11:39:57,032 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:57,032 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:57,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-12-13 11:39:57,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-12-13 11:39:57,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,083 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:57,084 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:57,084 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [615376720] [2022-12-13 11:39:57,084 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [615376720] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:57,084 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:57,084 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-12-13 11:39:57,084 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1373990489] [2022-12-13 11:39:57,084 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:57,084 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-12-13 11:39:57,084 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:57,085 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-12-13 11:39:57,085 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-12-13 11:39:57,085 INFO L87 Difference]: Start difference. First operand 255 states and 320 transitions. Second operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:57,121 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:57,122 INFO L93 Difference]: Finished difference Result 629 states and 799 transitions. [2022-12-13 11:39:57,122 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-12-13 11:39:57,122 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 50 [2022-12-13 11:39:57,122 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:57,124 INFO L225 Difference]: With dead ends: 629 [2022-12-13 11:39:57,124 INFO L226 Difference]: Without dead ends: 382 [2022-12-13 11:39:57,125 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-12-13 11:39:57,126 INFO L413 NwaCegarLoop]: 92 mSDtfsCounter, 39 mSDsluCounter, 75 mSDsCounter, 0 mSdLazyCounter, 10 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 167 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 10 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:57,126 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [39 Valid, 167 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 10 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:57,127 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 382 states. [2022-12-13 11:39:57,153 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 382 to 382. [2022-12-13 11:39:57,153 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 382 states, 300 states have (on average 1.2466666666666666) internal successors, (374), 318 states have internal predecessors, (374), 46 states have call successors, (46), 38 states have call predecessors, (46), 35 states have return successors, (53), 43 states have call predecessors, (53), 46 states have call successors, (53) [2022-12-13 11:39:57,155 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 382 states to 382 states and 473 transitions. [2022-12-13 11:39:57,156 INFO L78 Accepts]: Start accepts. Automaton has 382 states and 473 transitions. Word has length 50 [2022-12-13 11:39:57,156 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:57,156 INFO L495 AbstractCegarLoop]: Abstraction has 382 states and 473 transitions. [2022-12-13 11:39:57,156 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 3 states have internal predecessors, (43), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-12-13 11:39:57,156 INFO L276 IsEmpty]: Start isEmpty. Operand 382 states and 473 transitions. [2022-12-13 11:39:57,157 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2022-12-13 11:39:57,157 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:57,158 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:57,158 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-12-13 11:39:57,158 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:57,158 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:57,158 INFO L85 PathProgramCache]: Analyzing trace with hash 832166863, now seen corresponding path program 1 times [2022-12-13 11:39:57,158 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:57,158 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [232351559] [2022-12-13 11:39:57,159 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:57,159 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:57,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-12-13 11:39:57,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2022-12-13 11:39:57,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,316 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2022-12-13 11:39:57,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,318 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-12-13 11:39:57,318 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:57,319 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [232351559] [2022-12-13 11:39:57,319 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [232351559] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:57,319 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-12-13 11:39:57,319 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-12-13 11:39:57,319 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1656901008] [2022-12-13 11:39:57,319 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:57,319 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-12-13 11:39:57,320 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:57,320 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-12-13 11:39:57,320 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-12-13 11:39:57,320 INFO L87 Difference]: Start difference. First operand 382 states and 473 transitions. Second operand has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-12-13 11:39:57,635 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:57,635 INFO L93 Difference]: Finished difference Result 1255 states and 1604 transitions. [2022-12-13 11:39:57,635 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-12-13 11:39:57,635 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 54 [2022-12-13 11:39:57,635 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:57,638 INFO L225 Difference]: With dead ends: 1255 [2022-12-13 11:39:57,639 INFO L226 Difference]: Without dead ends: 1008 [2022-12-13 11:39:57,640 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 7 SyntacticMatches, 1 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=56, Invalid=184, Unknown=0, NotChecked=0, Total=240 [2022-12-13 11:39:57,640 INFO L413 NwaCegarLoop]: 124 mSDtfsCounter, 241 mSDsluCounter, 547 mSDsCounter, 0 mSdLazyCounter, 299 mSolverCounterSat, 50 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 250 SdHoareTripleChecker+Valid, 671 SdHoareTripleChecker+Invalid, 349 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 50 IncrementalHoareTripleChecker+Valid, 299 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:57,640 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [250 Valid, 671 Invalid, 349 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [50 Valid, 299 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-12-13 11:39:57,641 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1008 states. [2022-12-13 11:39:57,692 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1008 to 931. [2022-12-13 11:39:57,693 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 931 states, 737 states have (on average 1.2293080054274084) internal successors, (906), 787 states have internal predecessors, (906), 106 states have call successors, (106), 81 states have call predecessors, (106), 87 states have return successors, (132), 101 states have call predecessors, (132), 106 states have call successors, (132) [2022-12-13 11:39:57,696 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 931 states to 931 states and 1144 transitions. [2022-12-13 11:39:57,696 INFO L78 Accepts]: Start accepts. Automaton has 931 states and 1144 transitions. Word has length 54 [2022-12-13 11:39:57,696 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:57,696 INFO L495 AbstractCegarLoop]: Abstraction has 931 states and 1144 transitions. [2022-12-13 11:39:57,697 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.625) internal successors, (45), 7 states have internal predecessors, (45), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-12-13 11:39:57,697 INFO L276 IsEmpty]: Start isEmpty. Operand 931 states and 1144 transitions. [2022-12-13 11:39:57,698 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-12-13 11:39:57,698 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:57,698 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:57,698 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-12-13 11:39:57,698 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:57,699 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:57,699 INFO L85 PathProgramCache]: Analyzing trace with hash -1448493659, now seen corresponding path program 1 times [2022-12-13 11:39:57,699 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:57,699 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1847835541] [2022-12-13 11:39:57,699 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:57,699 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:57,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-12-13 11:39:57,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-12-13 11:39:57,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-12-13 11:39:57,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-12-13 11:39:57,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-12-13 11:39:57,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-12-13 11:39:57,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,843 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 17 proven. 7 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-12-13 11:39:57,843 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:57,843 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1847835541] [2022-12-13 11:39:57,843 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1847835541] provided 0 perfect and 1 imperfect interpolant sequences [2022-12-13 11:39:57,843 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [39333883] [2022-12-13 11:39:57,843 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:57,843 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-12-13 11:39:57,844 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 [2022-12-13 11:39:57,844 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-12-13 11:39:57,846 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-12-13 11:39:57,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:57,921 INFO L263 TraceCheckSpWp]: Trace formula consists of 310 conjuncts, 8 conjunts are in the unsatisfiable core [2022-12-13 11:39:57,925 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-12-13 11:39:58,043 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 22 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-12-13 11:39:58,043 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-12-13 11:39:58,184 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 18 proven. 6 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-12-13 11:39:58,184 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [39333883] provided 0 perfect and 2 imperfect interpolant sequences [2022-12-13 11:39:58,184 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-12-13 11:39:58,184 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2022-12-13 11:39:58,185 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2104179098] [2022-12-13 11:39:58,185 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-12-13 11:39:58,185 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-12-13 11:39:58,185 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:58,186 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-12-13 11:39:58,186 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=35, Invalid=175, Unknown=0, NotChecked=0, Total=210 [2022-12-13 11:39:58,186 INFO L87 Difference]: Start difference. First operand 931 states and 1144 transitions. Second operand has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-12-13 11:39:58,906 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:58,906 INFO L93 Difference]: Finished difference Result 1736 states and 2209 transitions. [2022-12-13 11:39:58,907 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-12-13 11:39:58,907 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) Word has length 85 [2022-12-13 11:39:58,907 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:58,910 INFO L225 Difference]: With dead ends: 1736 [2022-12-13 11:39:58,910 INFO L226 Difference]: Without dead ends: 934 [2022-12-13 11:39:58,912 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 229 GetRequests, 184 SyntacticMatches, 4 SemanticMatches, 41 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 442 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=326, Invalid=1480, Unknown=0, NotChecked=0, Total=1806 [2022-12-13 11:39:58,913 INFO L413 NwaCegarLoop]: 163 mSDtfsCounter, 318 mSDsluCounter, 1002 mSDsCounter, 0 mSdLazyCounter, 634 mSolverCounterSat, 157 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 319 SdHoareTripleChecker+Valid, 1165 SdHoareTripleChecker+Invalid, 791 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 157 IncrementalHoareTripleChecker+Valid, 634 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:58,913 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [319 Valid, 1165 Invalid, 791 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [157 Valid, 634 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-12-13 11:39:58,914 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 934 states. [2022-12-13 11:39:58,953 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 934 to 818. [2022-12-13 11:39:58,954 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 818 states, 633 states have (on average 1.2116903633491312) internal successors, (767), 677 states have internal predecessors, (767), 100 states have call successors, (100), 84 states have call predecessors, (100), 84 states have return successors, (119), 89 states have call predecessors, (119), 100 states have call successors, (119) [2022-12-13 11:39:58,956 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 818 states to 818 states and 986 transitions. [2022-12-13 11:39:58,957 INFO L78 Accepts]: Start accepts. Automaton has 818 states and 986 transitions. Word has length 85 [2022-12-13 11:39:58,957 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:58,957 INFO L495 AbstractCegarLoop]: Abstraction has 818 states and 986 transitions. [2022-12-13 11:39:58,957 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 7.0) internal successors, (105), 11 states have internal predecessors, (105), 5 states have call successors, (16), 6 states have call predecessors, (16), 6 states have return successors, (13), 7 states have call predecessors, (13), 5 states have call successors, (13) [2022-12-13 11:39:58,957 INFO L276 IsEmpty]: Start isEmpty. Operand 818 states and 986 transitions. [2022-12-13 11:39:58,964 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 159 [2022-12-13 11:39:58,964 INFO L187 NwaCegarLoop]: Found error trace [2022-12-13 11:39:58,964 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:39:58,970 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-12-13 11:39:59,164 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-12-13 11:39:59,165 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-12-13 11:39:59,165 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-12-13 11:39:59,165 INFO L85 PathProgramCache]: Analyzing trace with hash -366703378, now seen corresponding path program 1 times [2022-12-13 11:39:59,165 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-12-13 11:39:59,165 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1155319362] [2022-12-13 11:39:59,165 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:59,165 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-12-13 11:39:59,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-12-13 11:39:59,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-12-13 11:39:59,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,219 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-12-13 11:39:59,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,221 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-12-13 11:39:59,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,225 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-12-13 11:39:59,225 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,226 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-12-13 11:39:59,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-12-13 11:39:59,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-12-13 11:39:59,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-12-13 11:39:59,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-12-13 11:39:59,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-12-13 11:39:59,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,236 INFO L134 CoverageAnalysis]: Checked inductivity of 175 backedges. 44 proven. 3 refuted. 0 times theorem prover too weak. 128 trivial. 0 not checked. [2022-12-13 11:39:59,236 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-12-13 11:39:59,236 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1155319362] [2022-12-13 11:39:59,236 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1155319362] provided 0 perfect and 1 imperfect interpolant sequences [2022-12-13 11:39:59,236 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [151918931] [2022-12-13 11:39:59,236 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-12-13 11:39:59,236 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-12-13 11:39:59,236 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 [2022-12-13 11:39:59,237 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-12-13 11:39:59,238 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-12-13 11:39:59,312 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-12-13 11:39:59,315 INFO L263 TraceCheckSpWp]: Trace formula consists of 506 conjuncts, 3 conjunts are in the unsatisfiable core [2022-12-13 11:39:59,317 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-12-13 11:39:59,335 INFO L134 CoverageAnalysis]: Checked inductivity of 175 backedges. 68 proven. 0 refuted. 0 times theorem prover too weak. 107 trivial. 0 not checked. [2022-12-13 11:39:59,336 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-12-13 11:39:59,336 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [151918931] provided 1 perfect and 0 imperfect interpolant sequences [2022-12-13 11:39:59,336 INFO L184 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-12-13 11:39:59,336 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [5] total 5 [2022-12-13 11:39:59,336 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1462322711] [2022-12-13 11:39:59,336 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-12-13 11:39:59,337 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-12-13 11:39:59,337 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-12-13 11:39:59,337 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-12-13 11:39:59,337 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-12-13 11:39:59,338 INFO L87 Difference]: Start difference. First operand 818 states and 986 transitions. Second operand has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) [2022-12-13 11:39:59,365 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-12-13 11:39:59,365 INFO L93 Difference]: Finished difference Result 993 states and 1205 transitions. [2022-12-13 11:39:59,365 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-12-13 11:39:59,366 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) Word has length 158 [2022-12-13 11:39:59,366 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-12-13 11:39:59,366 INFO L225 Difference]: With dead ends: 993 [2022-12-13 11:39:59,367 INFO L226 Difference]: Without dead ends: 0 [2022-12-13 11:39:59,368 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 182 GetRequests, 179 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-12-13 11:39:59,369 INFO L413 NwaCegarLoop]: 123 mSDtfsCounter, 36 mSDsluCounter, 82 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 36 SdHoareTripleChecker+Valid, 205 SdHoareTripleChecker+Invalid, 3 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-12-13 11:39:59,369 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [36 Valid, 205 Invalid, 3 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-12-13 11:39:59,369 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-12-13 11:39:59,370 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-12-13 11:39:59,370 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-12-13 11:39:59,370 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-12-13 11:39:59,370 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 158 [2022-12-13 11:39:59,370 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-12-13 11:39:59,370 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-12-13 11:39:59,370 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 28.0) internal successors, (84), 3 states have internal predecessors, (84), 3 states have call successors, (7), 3 states have call predecessors, (7), 3 states have return successors, (6), 3 states have call predecessors, (6), 3 states have call successors, (6) [2022-12-13 11:39:59,370 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-12-13 11:39:59,371 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-12-13 11:39:59,373 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-12-13 11:39:59,379 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-12-13 11:39:59,573 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-12-13 11:39:59,575 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-12-13 11:40:02,278 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 629 635) no Hoare annotation was computed. [2022-12-13 11:40:02,278 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 629 635) the Hoare annotation is: true [2022-12-13 11:40:02,278 INFO L899 garLoopResultBuilder]: For program point L818-1(lines 814 825) no Hoare annotation was computed. [2022-12-13 11:40:02,278 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 814 825) the Hoare annotation is: true [2022-12-13 11:40:02,278 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 814 825) no Hoare annotation was computed. [2022-12-13 11:40:02,278 INFO L899 garLoopResultBuilder]: For program point L609(lines 609 615) no Hoare annotation was computed. [2022-12-13 11:40:02,278 INFO L899 garLoopResultBuilder]: For program point L609-2(lines 605 627) no Hoare annotation was computed. [2022-12-13 11:40:02,278 INFO L899 garLoopResultBuilder]: For program point L915(lines 915 921) no Hoare annotation was computed. [2022-12-13 11:40:02,279 INFO L895 garLoopResultBuilder]: At program point L651(line 651) the Hoare annotation is: (let ((.cse5 (= 1 ~systemActive~0))) (let ((.cse3 (= ~pumpRunning~0 0)) (.cse4 (= |timeShift_processEnvironment_~tmp~5#1| 0)) (.cse0 (not .cse5)) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0 (and .cse3 .cse4 .cse5 (= ~waterLevel~0 1))) (or .cse2 (and .cse3 .cse4 .cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse6 .cse7) (or .cse2 (not (= 0 ~systemActive~0)))))) [2022-12-13 11:40:02,279 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 602 628) no Hoare annotation was computed. [2022-12-13 11:40:02,279 INFO L895 garLoopResultBuilder]: At program point isHighWaterSensorDry_returnLabel#1(lines 867 880) the Hoare annotation is: (let ((.cse2 (= ~pumpRunning~0 0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 (not (= |timeShift_isHighWaterSensorDry_#res#1| 0)) (= ~waterLevel~0 1))) (or .cse1 .cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (and .cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1 .cse4 .cse5) (or .cse1 .cse3 .cse4 .cse5) (or .cse0 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,279 INFO L895 garLoopResultBuilder]: At program point getWaterLevel_returnLabel#1(lines 858 866) the Hoare annotation is: (let ((.cse8 (= 1 ~systemActive~0))) (let ((.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse7 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse9 (not (= 0 ~systemActive~0))) (.cse1 (not .cse8)) (.cse11 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (<= 1 ~pumpRunning~0)) (.cse10 (= ~waterLevel~0 1)) (.cse12 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6 (and .cse7 .cse4 .cse8 .cse5)) (or .cse0 (and .cse7 .cse5) .cse9) (or .cse0 (and .cse7 .cse8 .cse10) (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse0 .cse4 .cse2 .cse6 .cse9) (or .cse1 .cse11 (and .cse3 .cse12) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse11 .cse2 .cse6 (and .cse3 .cse10 .cse12))))) [2022-12-13 11:40:02,279 INFO L895 garLoopResultBuilder]: At program point L656(line 656) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse1 .cse4 .cse2 .cse3 (and .cse5 (= ~waterLevel~0 1) .cse6)) (or .cse0 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,280 INFO L895 garLoopResultBuilder]: At program point L912(line 912) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= 0 ~systemActive~0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (<= 1 ~pumpRunning~0)) (.cse6 (= ~waterLevel~0 1)) (.cse9 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 (and .cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse5) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse4 .cse6)) (or .cse0 .cse2 .cse3 .cse5) (or .cse1 .cse7 (and .cse8 .cse9) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse1 .cse7 .cse2 .cse3 (and .cse8 .cse6 .cse9)))) [2022-12-13 11:40:02,280 INFO L895 garLoopResultBuilder]: At program point L656-1(lines 637 661) the Hoare annotation is: (let ((.cse1 (= 1 ~systemActive~0))) (let ((.cse0 (= ~pumpRunning~0 0)) (.cse4 (not .cse1)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse6 (<= 1 ~pumpRunning~0)) (.cse8 (= ~waterLevel~0 1)) (.cse10 (<= 1 ~switchedOnBeforeTS~0)) (.cse3 (not (= |old(~pumpRunning~0)| 0)))) (and (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0))) (or (and .cse0 .cse1 .cse2) .cse3 .cse4 .cse5 (and .cse6 .cse2) .cse7)) (or .cse3 (and .cse0 .cse1 .cse8) (not (= |old(~waterLevel~0)| 1)) .cse4) (or .cse4 .cse9 (and .cse6 .cse10) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse4 .cse9 .cse5 .cse7 (and .cse6 .cse8 .cse10)) (or .cse3 (not (= 0 ~systemActive~0)))))) [2022-12-13 11:40:02,280 INFO L899 garLoopResultBuilder]: For program point L912-1(line 912) no Hoare annotation was computed. [2022-12-13 11:40:02,280 INFO L899 garLoopResultBuilder]: For program point L871(lines 871 877) no Hoare annotation was computed. [2022-12-13 11:40:02,280 INFO L895 garLoopResultBuilder]: At program point activatePump__wrappee__highWaterSensor_returnLabel#1(lines 662 669) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse0 .cse3 (and (<= 1 ~pumpRunning~0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,280 INFO L899 garLoopResultBuilder]: For program point L971(line 971) no Hoare annotation was computed. [2022-12-13 11:40:02,280 INFO L895 garLoopResultBuilder]: At program point __automaton_fail_returnLabel#1(lines 967 974) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,280 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 602 628) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse4 (and .cse0 .cse1 .cse9)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse9))) (and (or (and .cse0 .cse1 (= ~waterLevel~0 1)) .cse2 (not (= |old(~waterLevel~0)| 1)) .cse3) (or .cse4 .cse2 .cse3 .cse5 .cse6) (or .cse4 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse7 .cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse7 .cse5 .cse6 .cse8)))) [2022-12-13 11:40:02,280 INFO L899 garLoopResultBuilder]: For program point L616-1(lines 616 622) no Hoare annotation was computed. [2022-12-13 11:40:02,280 INFO L899 garLoopResultBuilder]: For program point L678(lines 678 684) no Hoare annotation was computed. [2022-12-13 11:40:02,281 INFO L899 garLoopResultBuilder]: For program point L645(lines 645 653) no Hoare annotation was computed. [2022-12-13 11:40:02,281 INFO L895 garLoopResultBuilder]: At program point L678-2(lines 671 687) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 .cse1 .cse2 .cse3) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0) (let ((.cse5 (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse4 (and (= ~pumpRunning~0 0) .cse5) .cse0 .cse2 (and (<= 1 ~pumpRunning~0) .cse5) .cse3)) (or .cse4 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,281 INFO L895 garLoopResultBuilder]: At program point L897(line 897) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse4 (and .cse0 .cse1 .cse9)) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (= 1 ~systemActive~0))) (.cse7 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 .cse9))) (and (or (and .cse0 .cse1 (= ~waterLevel~0 1)) .cse2 (not (= |old(~waterLevel~0)| 1)) .cse3) (or .cse4 .cse2 .cse3 .cse5 .cse6) (or .cse4 .cse2 (not (= 0 ~systemActive~0))) (or .cse3 .cse7 .cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse3 .cse7 .cse5 .cse6 .cse8)))) [2022-12-13 11:40:02,281 INFO L899 garLoopResultBuilder]: For program point L641(lines 641 658) no Hoare annotation was computed. [2022-12-13 11:40:02,281 INFO L899 garLoopResultBuilder]: For program point L897-1(line 897) no Hoare annotation was computed. [2022-12-13 11:40:02,281 INFO L895 garLoopResultBuilder]: At program point isHighWaterLevel_returnLabel#1(lines 752 770) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (= ~pumpRunning~0 0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and .cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse4 .cse5) (or .cse0 .cse1 .cse4 .cse5) (or .cse2 (and .cse3 (not (= |timeShift_isHighWaterLevel_~tmp~7#1| 0)) (= |timeShift_isHighWaterLevel_#res#1| 0) (= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0) (= ~waterLevel~0 1)) (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,281 INFO L899 garLoopResultBuilder]: For program point L794(lines 794 798) no Hoare annotation was computed. [2022-12-13 11:40:02,281 INFO L899 garLoopResultBuilder]: For program point L761(lines 761 765) no Hoare annotation was computed. [2022-12-13 11:40:02,281 INFO L895 garLoopResultBuilder]: At program point L794-2(lines 790 801) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse2 (not (< 1 |old(~waterLevel~0)|))) (.cse3 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (<= 1 ~pumpRunning~0)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 (and .cse5 .cse6) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1) (or .cse1 .cse4 .cse2 .cse3 (and .cse5 (= ~waterLevel~0 1) .cse6)) (or .cse0 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,282 INFO L899 garLoopResultBuilder]: For program point L761-2(lines 761 765) no Hoare annotation was computed. [2022-12-13 11:40:02,282 INFO L899 garLoopResultBuilder]: For program point L914(lines 914 924) no Hoare annotation was computed. [2022-12-13 11:40:02,282 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__2_returnLabel#1(lines 892 901) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 0)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (and .cse3 .cse8)) (.cse5 (not (< 1 |old(~waterLevel~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (and (<= 1 ~pumpRunning~0) .cse8 (<= 1 ~switchedOnBeforeTS~0)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 (and .cse3 (= ~waterLevel~0 1))) (or .cse2 .cse4 .cse5 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse5 .cse7) (or .cse2 .cse4 .cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))))) [2022-12-13 11:40:02,282 INFO L899 garLoopResultBuilder]: For program point L910(lines 910 927) no Hoare annotation was computed. [2022-12-13 11:40:02,282 INFO L895 garLoopResultBuilder]: At program point isMethaneLevelCritical_returnLabel#1(lines 826 834) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,282 INFO L895 garLoopResultBuilder]: At program point L910-1(lines 902 930) the Hoare annotation is: (let ((.cse3 (= 1 ~systemActive~0))) (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~8#1| 2)) (.cse2 (= 2 |timeShift_getWaterLevel_#res#1|)) (.cse10 (not (= 0 ~systemActive~0))) (.cse6 (not .cse3)) (.cse12 (not (<= 1 |old(~pumpRunning~0)|))) (.cse8 (not (< 1 |old(~waterLevel~0)|))) (.cse9 (not (<= |old(~waterLevel~0)| 2))) (.cse7 (<= 1 ~pumpRunning~0)) (.cse11 (= ~waterLevel~0 1)) (.cse13 (<= 1 ~switchedOnBeforeTS~0))) (and (or (and .cse0 .cse1 .cse2 .cse3 .cse4) .cse5 .cse6 (and .cse7 .cse1 .cse2 .cse4) .cse8 .cse9) (or .cse5 (and .cse0 .cse4) .cse10) (or .cse5 (and .cse0 .cse3 .cse11) (not (= |old(~waterLevel~0)| 1)) .cse6) (or .cse6 .cse12 (and .cse7 .cse13) (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse5 (and .cse1 .cse2) .cse8 .cse9 .cse10) (or .cse6 .cse12 .cse8 .cse9 (and .cse7 .cse11 .cse13))))) [2022-12-13 11:40:02,282 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 602 628) no Hoare annotation was computed. [2022-12-13 11:40:02,282 INFO L895 garLoopResultBuilder]: At program point isMethaneAlarm_returnLabel#1(lines 696 706) the Hoare annotation is: (let ((.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (< 1 |old(~waterLevel~0)|))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 .cse1 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (or .cse2 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse3 .cse4) (or .cse0 .cse1 .cse3 .cse4) (or .cse2 (not (= |old(~waterLevel~0)| 1)) .cse0) (or .cse2 (not (= 0 ~systemActive~0))))) [2022-12-13 11:40:02,282 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 971) no Hoare annotation was computed. [2022-12-13 11:40:02,282 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 418 447) no Hoare annotation was computed. [2022-12-13 11:40:02,282 INFO L902 garLoopResultBuilder]: At program point L443(lines 418 447) the Hoare annotation is: true [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L439(line 439) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L432(lines 432 436) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L902 garLoopResultBuilder]: At program point L432-1(lines 432 436) the Hoare annotation is: true [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L429(line 429) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L902 garLoopResultBuilder]: At program point L428-2(lines 428 442) the Hoare annotation is: true [2022-12-13 11:40:02,283 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 418 447) the Hoare annotation is: true [2022-12-13 11:40:02,283 INFO L902 garLoopResultBuilder]: At program point L424(line 424) the Hoare annotation is: true [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L424-1(line 424) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L543(lines 543 549) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L543-1(lines 543 549) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L535(lines 535 539) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L902 garLoopResultBuilder]: At program point runTest_returnLabel#1(lines 484 494) the Hoare annotation is: true [2022-12-13 11:40:02,283 INFO L895 garLoopResultBuilder]: At program point select_features_returnLabel#1(lines 943 949) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-12-13 11:40:02,283 INFO L902 garLoopResultBuilder]: At program point main_returnLabel#1(lines 498 520) the Hoare annotation is: true [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L775(lines 775 781) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L775-2(lines 775 781) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L895 garLoopResultBuilder]: At program point L581(lines 532 582) the Hoare annotation is: false [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-12-13 11:40:02,283 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L899 garLoopResultBuilder]: For program point L569(lines 569 575) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L895 garLoopResultBuilder]: At program point L569-2(lines 563 576) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-12-13 11:40:02,284 INFO L895 garLoopResultBuilder]: At program point setup_returnLabel#1(lines 475 481) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_main_~tmp~3#1| 1) (= ~waterLevel~0 1)) [2022-12-13 11:40:02,284 INFO L899 garLoopResultBuilder]: For program point L553(lines 553 559) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L899 garLoopResultBuilder]: For program point L553-1(lines 553 559) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L895 garLoopResultBuilder]: At program point L578(lines 533 580) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-12-13 11:40:02,284 INFO L895 garLoopResultBuilder]: At program point L545(line 545) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-12-13 11:40:02,284 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L899 garLoopResultBuilder]: For program point L508(lines 508 515) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L899 garLoopResultBuilder]: For program point L508-2(lines 508 515) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__1_returnLabel#1(lines 884 891) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_main_~tmp~3#1| 1) (= ~waterLevel~0 1)) [2022-12-13 11:40:02,284 INFO L899 garLoopResultBuilder]: For program point $Ultimate##0(line -1) no Hoare annotation was computed. [2022-12-13 11:40:02,284 INFO L895 garLoopResultBuilder]: At program point select_helpers_returnLabel#1(lines 950 956) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-12-13 11:40:02,285 INFO L895 garLoopResultBuilder]: At program point deactivatePump_returnLabel#1(lines 688 695) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 (< 1 ~waterLevel~0) .cse2 (<= ~waterLevel~0 2) .cse3) (and (not (= ~switchedOnBeforeTS~0 0)) .cse0 .cse1 .cse2 .cse3))) [2022-12-13 11:40:02,285 INFO L899 garLoopResultBuilder]: For program point L534(lines 533 580) no Hoare annotation was computed. [2022-12-13 11:40:02,285 INFO L899 garLoopResultBuilder]: For program point L563(lines 563 576) no Hoare annotation was computed. [2022-12-13 11:40:02,285 INFO L895 garLoopResultBuilder]: At program point stopSystem_returnLabel#1(lines 771 785) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= |ULTIMATE.start_main_~tmp~3#1| 1) (= 0 ~systemActive~0)) [2022-12-13 11:40:02,285 INFO L895 garLoopResultBuilder]: At program point valid_product_returnLabel#1(lines 957 965) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1)) [2022-12-13 11:40:02,285 INFO L895 garLoopResultBuilder]: At program point L555(line 555) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (< 1 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= |ULTIMATE.start_main_~tmp~3#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (<= 1 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 (= |ULTIMATE.start_valid_product_#res#1| 1) .cse3 .cse4 (= 0 ~systemActive~0)) (and .cse7 .cse5 .cse1 .cse2 .cse3 .cse6 .cse4) (and .cse7 .cse1 .cse2 .cse3 .cse4 (= ~waterLevel~0 1)))) [2022-12-13 11:40:02,285 INFO L902 garLoopResultBuilder]: At program point L584(lines 523 588) the Hoare annotation is: true [2022-12-13 11:40:02,285 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 802 813) no Hoare annotation was computed. [2022-12-13 11:40:02,285 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 802 813) the Hoare annotation is: (let ((.cse3 (not (<= 1 ~pumpRunning~0))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse4 (not (< 1 |old(~waterLevel~0)|))) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 (not (= 0 ~systemActive~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 (= ~waterLevel~0 1)) (or .cse2 .cse3 .cse1 (not (<= 1 ~switchedOnBeforeTS~0))) (or .cse2 .cse4 .cse3 .cse1 .cse5) (or .cse0 .cse2 .cse4 .cse1 .cse5))) [2022-12-13 11:40:02,285 INFO L899 garLoopResultBuilder]: For program point L806-1(lines 802 813) no Hoare annotation was computed. [2022-12-13 11:40:02,285 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 707 715) no Hoare annotation was computed. [2022-12-13 11:40:02,285 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 707 715) no Hoare annotation was computed. [2022-12-13 11:40:02,285 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 707 715) the Hoare annotation is: true [2022-12-13 11:40:02,288 INFO L445 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-12-13 11:40:02,289 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-12-13 11:40:02,311 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 13.12 11:40:02 BoogieIcfgContainer [2022-12-13 11:40:02,311 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-12-13 11:40:02,311 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-12-13 11:40:02,311 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-12-13 11:40:02,311 INFO L275 PluginConnector]: Witness Printer initialized [2022-12-13 11:40:02,312 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 13.12 11:39:55" (3/4) ... [2022-12-13 11:40:02,314 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-12-13 11:40:02,318 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-12-13 11:40:02,319 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-12-13 11:40:02,319 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-12-13 11:40:02,319 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-12-13 11:40:02,319 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-12-13 11:40:02,319 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-12-13 11:40:02,323 INFO L961 BoogieBacktranslator]: Reduced CFG by removing 23 nodes and edges [2022-12-13 11:40:02,323 INFO L961 BoogieBacktranslator]: Reduced CFG by removing 8 nodes and edges [2022-12-13 11:40:02,323 INFO L961 BoogieBacktranslator]: Reduced CFG by removing 4 nodes and edges [2022-12-13 11:40:02,324 INFO L961 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-12-13 11:40:02,324 INFO L961 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-12-13 11:40:02,341 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 [2022-12-13 11:40:02,341 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 [2022-12-13 11:40:02,342 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 [2022-12-13 11:40:02,342 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) || ((((((1 <= pumpRunning && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive)) || ((((((pumpRunning == 0 && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) [2022-12-13 11:40:02,342 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) [2022-12-13 11:40:02,342 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,342 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((pumpRunning == 0 && tmp == 2) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (tmp == 2 && 2 == \result)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-12-13 11:40:02,342 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0 && \result == 1) && 1 < waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) || ((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \result == 1) && splverifierCounter == 0) && tmp == 1) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && !(tmp == 0)) && \result == 0) && tmp___0 == 0) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,343 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) [2022-12-13 11:40:02,357 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/witness.graphml [2022-12-13 11:40:02,357 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-12-13 11:40:02,357 INFO L158 Benchmark]: Toolchain (without parser) took 7464.20ms. Allocated memory was 130.0MB in the beginning and 157.3MB in the end (delta: 27.3MB). Free memory was 95.4MB in the beginning and 96.6MB in the end (delta: -1.2MB). Peak memory consumption was 27.7MB. Max. memory is 16.1GB. [2022-12-13 11:40:02,357 INFO L158 Benchmark]: CDTParser took 0.16ms. Allocated memory is still 102.8MB. Free memory is still 50.3MB. There was no memory consumed. Max. memory is 16.1GB. [2022-12-13 11:40:02,358 INFO L158 Benchmark]: CACSL2BoogieTranslator took 284.81ms. Allocated memory is still 130.0MB. Free memory was 95.1MB in the beginning and 76.7MB in the end (delta: 18.4MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-12-13 11:40:02,358 INFO L158 Benchmark]: Boogie Procedure Inliner took 30.77ms. Allocated memory is still 130.0MB. Free memory was 76.7MB in the beginning and 74.2MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-12-13 11:40:02,358 INFO L158 Benchmark]: Boogie Preprocessor took 18.18ms. Allocated memory is still 130.0MB. Free memory was 74.2MB in the beginning and 72.8MB in the end (delta: 1.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-12-13 11:40:02,358 INFO L158 Benchmark]: RCFGBuilder took 328.49ms. Allocated memory is still 130.0MB. Free memory was 72.8MB in the beginning and 96.3MB in the end (delta: -23.5MB). Peak memory consumption was 16.7MB. Max. memory is 16.1GB. [2022-12-13 11:40:02,358 INFO L158 Benchmark]: TraceAbstraction took 6751.78ms. Allocated memory was 130.0MB in the beginning and 157.3MB in the end (delta: 27.3MB). Free memory was 95.5MB in the beginning and 101.8MB in the end (delta: -6.3MB). Peak memory consumption was 88.6MB. Max. memory is 16.1GB. [2022-12-13 11:40:02,359 INFO L158 Benchmark]: Witness Printer took 45.79ms. Allocated memory is still 157.3MB. Free memory was 101.8MB in the beginning and 96.6MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-12-13 11:40:02,360 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.16ms. Allocated memory is still 102.8MB. Free memory is still 50.3MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 284.81ms. Allocated memory is still 130.0MB. Free memory was 95.1MB in the beginning and 76.7MB in the end (delta: 18.4MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 30.77ms. Allocated memory is still 130.0MB. Free memory was 76.7MB in the beginning and 74.2MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 18.18ms. Allocated memory is still 130.0MB. Free memory was 74.2MB in the beginning and 72.8MB in the end (delta: 1.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 328.49ms. Allocated memory is still 130.0MB. Free memory was 72.8MB in the beginning and 96.3MB in the end (delta: -23.5MB). Peak memory consumption was 16.7MB. Max. memory is 16.1GB. * TraceAbstraction took 6751.78ms. Allocated memory was 130.0MB in the beginning and 157.3MB in the end (delta: 27.3MB). Free memory was 95.5MB in the beginning and 101.8MB in the end (delta: -6.3MB). Peak memory consumption was 88.6MB. Max. memory is 16.1GB. * Witness Printer took 45.79ms. Allocated memory is still 157.3MB. Free memory was 101.8MB in the beginning and 96.6MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 971]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 7 procedures, 88 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 6.7s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 1.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 2.7s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1069 SdHoareTripleChecker+Valid, 0.7s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1051 mSDsluCounter, 4366 SdHoareTripleChecker+Invalid, 0.6s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3149 mSDsCounter, 247 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1116 IncrementalHoareTripleChecker+Invalid, 1363 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 247 mSolverCounterUnsat, 1217 mSDtfsCounter, 1116 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 511 GetRequests, 421 SyntacticMatches, 5 SemanticMatches, 85 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 470 ImplicationChecksByTransitivity, 0.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=931occurred in iteration=9, InterpolantAutomatonStates: 90, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 11 MinimizatonAttempts, 312 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 41 LocationsWithAnnotation, 1625 PreInvPairs, 1733 NumberOfFragments, 2335 HoareAnnotationTreeSize, 1625 FomulaSimplifications, 956 FormulaSimplificationTreeSizeReduction, 0.3s HoareSimplificationTime, 41 FomulaSimplificationsInter, 6922 FormulaSimplificationTreeSizeReductionInter, 2.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.2s InterpolantComputationTime, 875 NumberOfCodeBlocks, 875 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 946 ConstructedInterpolants, 0 QuantifiedInterpolants, 1752 SizeOfPredicates, 3 NumberOfNonLiveVariables, 816 ConjunctsInSsa, 11 ConjunctsInUnsatCore, 14 InterpolantComputations, 10 PerfectInterpolantSequences, 441/464 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 475]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 - InvariantResult [Line: 688]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0 && \result == 1) && 1 < waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) || ((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \result == 1) && splverifierCounter == 0) && tmp == 1) - InvariantResult [Line: 943]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 826]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 696]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 418]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 428]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 533]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) || ((((((1 <= pumpRunning && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || ((((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive)) || ((((((pumpRunning == 0 && 1 < waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1)) || (((((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) - InvariantResult [Line: 752]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && !(tmp == 0)) && \result == 0) && tmp___0 == 0) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 637]: Loop Invariant Derived loop invariant: ((((((((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 484]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 884]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && tmp == 1) && waterLevel == 1 - InvariantResult [Line: 771]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == 1) && splverifierCounter == 0) && tmp == 1) && 0 == systemActive - InvariantResult [Line: 967]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 790]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 523]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 858]: Loop Invariant Derived loop invariant: (((((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && 2 == \result) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == 0 && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && ((((!(\old(pumpRunning) == 0) || 2 == \result) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 957]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 - InvariantResult [Line: 662]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 950]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 867]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) - InvariantResult [Line: 892]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS))) - InvariantResult [Line: 902]: Loop Invariant Derived loop invariant: (((((((((((((pumpRunning == 0 && tmp == 2) && 2 == \result) && 1 == systemActive) && \old(waterLevel) == waterLevel) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && tmp == 2) && 2 == \result) && \old(waterLevel) == waterLevel)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1)) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || (1 <= pumpRunning && 1 <= switchedOnBeforeTS)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((!(\old(pumpRunning) == 0) || (tmp == 2 && 2 == \result)) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || ((1 <= pumpRunning && waterLevel == 1) && 1 <= switchedOnBeforeTS)) - InvariantResult [Line: 498]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 532]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 671]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= \old(switchedOnBeforeTS))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 < \old(waterLevel))) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive))) && (((((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(1 < \old(waterLevel))) || (1 <= pumpRunning && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2))) && (!(\old(pumpRunning) == 0) || !(0 == systemActive)) RESULT: Ultimate proved your program to be correct! [2022-12-13 11:40:02,379 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_f41b2dd4-98ab-4442-8462-13a3c92d4b7b/bin/uautomizer-uyxdKDjOR8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE