./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product57.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 5e519f3a Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/config/TaipanReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product57.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/config/svcomp-Reach-32bit-Taipan_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Taipan --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash aba011a2dee79947f4cca7910fc4583b21e1f3cb9acd1affa050aa7677352666 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-5e519f3 [2022-11-03 02:07:25,587 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-03 02:07:25,590 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-03 02:07:25,620 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-03 02:07:25,621 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-03 02:07:25,622 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-03 02:07:25,624 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-03 02:07:25,626 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-03 02:07:25,628 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-03 02:07:25,629 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-03 02:07:25,630 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-03 02:07:25,631 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-03 02:07:25,632 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-03 02:07:25,633 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-03 02:07:25,635 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-03 02:07:25,636 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-03 02:07:25,637 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-03 02:07:25,639 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-03 02:07:25,641 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-03 02:07:25,643 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-03 02:07:25,646 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-03 02:07:25,647 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-03 02:07:25,649 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-03 02:07:25,650 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-03 02:07:25,654 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-03 02:07:25,654 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-03 02:07:25,655 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-03 02:07:25,656 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-03 02:07:25,656 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-03 02:07:25,657 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-03 02:07:25,658 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-03 02:07:25,667 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-03 02:07:25,668 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-03 02:07:25,669 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-03 02:07:25,670 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-03 02:07:25,671 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-03 02:07:25,672 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-03 02:07:25,672 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-03 02:07:25,672 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-03 02:07:25,674 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-03 02:07:25,675 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-03 02:07:25,681 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/config/svcomp-Reach-32bit-Taipan_Default.epf [2022-11-03 02:07:25,723 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-03 02:07:25,727 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-03 02:07:25,728 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-03 02:07:25,728 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-03 02:07:25,730 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-03 02:07:25,730 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-03 02:07:25,730 INFO L138 SettingsManager]: * User list type=DISABLED [2022-11-03 02:07:25,731 INFO L136 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2022-11-03 02:07:25,731 INFO L138 SettingsManager]: * Explicit value domain=true [2022-11-03 02:07:25,731 INFO L138 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2022-11-03 02:07:25,732 INFO L138 SettingsManager]: * Octagon Domain=false [2022-11-03 02:07:25,733 INFO L138 SettingsManager]: * Abstract domain=CompoundDomain [2022-11-03 02:07:25,733 INFO L138 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2022-11-03 02:07:25,733 INFO L138 SettingsManager]: * Use the RCFG-of-the-future interface=true [2022-11-03 02:07:25,733 INFO L138 SettingsManager]: * Interval Domain=false [2022-11-03 02:07:25,734 INFO L136 SettingsManager]: Preferences of Sifa differ from their defaults: [2022-11-03 02:07:25,734 INFO L138 SettingsManager]: * Call Summarizer=TopInputCallSummarizer [2022-11-03 02:07:25,734 INFO L138 SettingsManager]: * Simplification Technique=POLY_PAC [2022-11-03 02:07:25,735 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-03 02:07:25,736 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-03 02:07:25,736 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-03 02:07:25,736 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-03 02:07:25,736 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-03 02:07:25,738 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-03 02:07:25,738 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-03 02:07:25,739 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-03 02:07:25,739 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-03 02:07:25,739 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-03 02:07:25,739 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-03 02:07:25,740 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-03 02:07:25,741 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-03 02:07:25,741 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-03 02:07:25,741 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-03 02:07:25,742 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-03 02:07:25,742 INFO L138 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2022-11-03 02:07:25,742 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-03 02:07:25,742 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-03 02:07:25,742 INFO L138 SettingsManager]: * Trace refinement strategy=SIFA_TAIPAN [2022-11-03 02:07:25,743 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-03 02:07:25,743 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-03 02:07:25,743 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2022-11-03 02:07:25,743 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Taipan Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> aba011a2dee79947f4cca7910fc4583b21e1f3cb9acd1affa050aa7677352666 [2022-11-03 02:07:25,996 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-03 02:07:26,019 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-03 02:07:26,021 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-03 02:07:26,023 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-03 02:07:26,024 INFO L275 PluginConnector]: CDTParser initialized [2022-11-03 02:07:26,025 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/../../sv-benchmarks/c/product-lines/minepump_spec5_product57.cil.c [2022-11-03 02:07:26,107 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/data/c8ec5f105/30863b3a6d394103989f48576090942a/FLAGf28139794 [2022-11-03 02:07:26,702 INFO L306 CDTParser]: Found 1 translation units. [2022-11-03 02:07:26,702 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/sv-benchmarks/c/product-lines/minepump_spec5_product57.cil.c [2022-11-03 02:07:26,714 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/data/c8ec5f105/30863b3a6d394103989f48576090942a/FLAGf28139794 [2022-11-03 02:07:27,007 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/data/c8ec5f105/30863b3a6d394103989f48576090942a [2022-11-03 02:07:27,010 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-03 02:07:27,011 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-03 02:07:27,015 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-03 02:07:27,015 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-03 02:07:27,020 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-03 02:07:27,021 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,022 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@3d93893e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27, skipping insertion in model container [2022-11-03 02:07:27,023 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,030 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-03 02:07:27,106 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-03 02:07:27,312 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/sv-benchmarks/c/product-lines/minepump_spec5_product57.cil.c[1605,1618] [2022-11-03 02:07:27,460 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-03 02:07:27,470 INFO L203 MainTranslator]: Completed pre-run [2022-11-03 02:07:27,484 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/sv-benchmarks/c/product-lines/minepump_spec5_product57.cil.c[1605,1618] [2022-11-03 02:07:27,544 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-03 02:07:27,562 INFO L208 MainTranslator]: Completed translation [2022-11-03 02:07:27,563 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27 WrapperNode [2022-11-03 02:07:27,563 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-03 02:07:27,564 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-03 02:07:27,564 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-03 02:07:27,565 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-03 02:07:27,572 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,586 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,613 INFO L138 Inliner]: procedures = 58, calls = 159, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 285 [2022-11-03 02:07:27,614 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-03 02:07:27,620 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-03 02:07:27,620 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-03 02:07:27,620 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-03 02:07:27,629 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,630 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,632 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,633 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,638 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,642 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,644 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,645 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,648 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-03 02:07:27,649 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-03 02:07:27,649 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-03 02:07:27,649 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-03 02:07:27,650 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (1/1) ... [2022-11-03 02:07:27,658 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-03 02:07:27,670 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 02:07:27,697 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-03 02:07:27,753 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-03 02:07:27,754 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-03 02:07:27,754 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-03 02:07:27,754 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-03 02:07:27,754 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-03 02:07:27,754 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-03 02:07:27,754 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-03 02:07:27,755 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-03 02:07:27,755 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-03 02:07:27,755 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-03 02:07:27,755 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-03 02:07:27,755 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-03 02:07:27,738 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-03 02:07:27,756 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-03 02:07:27,759 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-03 02:07:27,759 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-03 02:07:27,759 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-03 02:07:27,759 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-03 02:07:27,759 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-03 02:07:27,846 INFO L235 CfgBuilder]: Building ICFG [2022-11-03 02:07:27,849 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-03 02:07:28,339 INFO L276 CfgBuilder]: Performing block encoding [2022-11-03 02:07:28,548 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-03 02:07:28,549 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-03 02:07:28,552 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 03.11 02:07:28 BoogieIcfgContainer [2022-11-03 02:07:28,552 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-03 02:07:28,556 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-03 02:07:28,557 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-03 02:07:28,561 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-03 02:07:28,561 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 03.11 02:07:27" (1/3) ... [2022-11-03 02:07:28,562 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3453fa30 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.11 02:07:28, skipping insertion in model container [2022-11-03 02:07:28,563 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 02:07:27" (2/3) ... [2022-11-03 02:07:28,563 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3453fa30 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.11 02:07:28, skipping insertion in model container [2022-11-03 02:07:28,563 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 03.11 02:07:28" (3/3) ... [2022-11-03 02:07:28,567 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product57.cil.c [2022-11-03 02:07:28,590 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-03 02:07:28,590 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-03 02:07:28,669 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-03 02:07:28,677 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@2baff070, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-03 02:07:28,677 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-03 02:07:28,692 INFO L276 IsEmpty]: Start isEmpty. Operand has 58 states, 37 states have (on average 1.4324324324324325) internal successors, (53), 45 states have internal predecessors, (53), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-11-03 02:07:28,703 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-03 02:07:28,704 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:28,705 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:28,706 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:28,715 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:28,715 INFO L85 PathProgramCache]: Analyzing trace with hash -930217378, now seen corresponding path program 1 times [2022-11-03 02:07:28,727 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:28,728 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1028887199] [2022-11-03 02:07:28,729 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:28,729 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:28,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:28,997 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 02:07:28,998 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:28,998 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1028887199] [2022-11-03 02:07:28,999 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1028887199] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 02:07:28,999 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 02:07:29,000 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-03 02:07:29,001 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2020375738] [2022-11-03 02:07:29,002 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 02:07:29,007 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-03 02:07:29,007 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:29,037 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-03 02:07:29,037 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-03 02:07:29,040 INFO L87 Difference]: Start difference. First operand has 58 states, 37 states have (on average 1.4324324324324325) internal successors, (53), 45 states have internal predecessors, (53), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 02:07:29,110 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:29,111 INFO L93 Difference]: Finished difference Result 114 states and 155 transitions. [2022-11-03 02:07:29,112 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-03 02:07:29,114 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 21 [2022-11-03 02:07:29,114 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:29,125 INFO L225 Difference]: With dead ends: 114 [2022-11-03 02:07:29,125 INFO L226 Difference]: Without dead ends: 53 [2022-11-03 02:07:29,131 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-03 02:07:29,135 INFO L413 NwaCegarLoop]: 57 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 17 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 57 SdHoareTripleChecker+Invalid, 18 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 17 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:29,136 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 57 Invalid, 18 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 17 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-03 02:07:29,159 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 53 states. [2022-11-03 02:07:29,189 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 53 to 53. [2022-11-03 02:07:29,191 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 53 states, 34 states have (on average 1.3235294117647058) internal successors, (45), 41 states have internal predecessors, (45), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-11-03 02:07:29,193 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 53 states to 53 states and 68 transitions. [2022-11-03 02:07:29,195 INFO L78 Accepts]: Start accepts. Automaton has 53 states and 68 transitions. Word has length 21 [2022-11-03 02:07:29,196 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:29,196 INFO L495 AbstractCegarLoop]: Abstraction has 53 states and 68 transitions. [2022-11-03 02:07:29,197 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 02:07:29,197 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 68 transitions. [2022-11-03 02:07:29,199 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2022-11-03 02:07:29,199 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:29,200 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:29,200 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-03 02:07:29,200 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:29,201 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:29,201 INFO L85 PathProgramCache]: Analyzing trace with hash -861027973, now seen corresponding path program 1 times [2022-11-03 02:07:29,202 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:29,202 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [166461214] [2022-11-03 02:07:29,203 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:29,203 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:29,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:29,338 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 02:07:29,339 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:29,339 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [166461214] [2022-11-03 02:07:29,339 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [166461214] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 02:07:29,340 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 02:07:29,340 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-03 02:07:29,340 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1022223242] [2022-11-03 02:07:29,340 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 02:07:29,342 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-03 02:07:29,342 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:29,343 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-03 02:07:29,343 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 02:07:29,343 INFO L87 Difference]: Start difference. First operand 53 states and 68 transitions. Second operand has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 02:07:29,393 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:29,394 INFO L93 Difference]: Finished difference Result 83 states and 107 transitions. [2022-11-03 02:07:29,394 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-03 02:07:29,395 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 22 [2022-11-03 02:07:29,395 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:29,396 INFO L225 Difference]: With dead ends: 83 [2022-11-03 02:07:29,396 INFO L226 Difference]: Without dead ends: 45 [2022-11-03 02:07:29,397 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 02:07:29,399 INFO L413 NwaCegarLoop]: 43 mSDtfsCounter, 7 mSDsluCounter, 45 mSDsCounter, 0 mSdLazyCounter, 25 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 77 SdHoareTripleChecker+Invalid, 25 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 25 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:29,400 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [10 Valid, 77 Invalid, 25 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 25 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-03 02:07:29,401 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 45 states. [2022-11-03 02:07:29,407 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 45 to 45. [2022-11-03 02:07:29,407 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 45 states, 29 states have (on average 1.3448275862068966) internal successors, (39), 36 states have internal predecessors, (39), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-11-03 02:07:29,408 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 45 states to 45 states and 57 transitions. [2022-11-03 02:07:29,408 INFO L78 Accepts]: Start accepts. Automaton has 45 states and 57 transitions. Word has length 22 [2022-11-03 02:07:29,408 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:29,409 INFO L495 AbstractCegarLoop]: Abstraction has 45 states and 57 transitions. [2022-11-03 02:07:29,409 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 02:07:29,409 INFO L276 IsEmpty]: Start isEmpty. Operand 45 states and 57 transitions. [2022-11-03 02:07:29,409 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-11-03 02:07:29,410 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:29,410 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:29,410 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-03 02:07:29,410 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:29,411 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:29,411 INFO L85 PathProgramCache]: Analyzing trace with hash 1265715326, now seen corresponding path program 1 times [2022-11-03 02:07:29,411 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:29,411 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1774295011] [2022-11-03 02:07:29,411 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:29,412 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:29,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:29,623 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 02:07:29,623 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:29,624 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1774295011] [2022-11-03 02:07:29,624 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1774295011] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 02:07:29,624 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 02:07:29,624 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-03 02:07:29,625 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [222287750] [2022-11-03 02:07:29,625 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 02:07:29,625 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-03 02:07:29,626 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:29,626 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-03 02:07:29,627 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 02:07:29,629 INFO L87 Difference]: Start difference. First operand 45 states and 57 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-03 02:07:29,698 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:29,701 INFO L93 Difference]: Finished difference Result 88 states and 113 transitions. [2022-11-03 02:07:29,701 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-03 02:07:29,702 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 24 [2022-11-03 02:07:29,703 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:29,707 INFO L225 Difference]: With dead ends: 88 [2022-11-03 02:07:29,708 INFO L226 Difference]: Without dead ends: 45 [2022-11-03 02:07:29,710 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 02:07:29,712 INFO L413 NwaCegarLoop]: 41 mSDtfsCounter, 44 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 15 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 44 SdHoareTripleChecker+Valid, 41 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 15 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:29,715 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [44 Valid, 41 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 15 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-03 02:07:29,716 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 45 states. [2022-11-03 02:07:29,724 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 45 to 45. [2022-11-03 02:07:29,730 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 45 states, 29 states have (on average 1.3103448275862069) internal successors, (38), 36 states have internal predecessors, (38), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-11-03 02:07:29,732 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 45 states to 45 states and 56 transitions. [2022-11-03 02:07:29,736 INFO L78 Accepts]: Start accepts. Automaton has 45 states and 56 transitions. Word has length 24 [2022-11-03 02:07:29,738 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:29,738 INFO L495 AbstractCegarLoop]: Abstraction has 45 states and 56 transitions. [2022-11-03 02:07:29,739 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-03 02:07:29,739 INFO L276 IsEmpty]: Start isEmpty. Operand 45 states and 56 transitions. [2022-11-03 02:07:29,740 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2022-11-03 02:07:29,742 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:29,743 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:29,743 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-03 02:07:29,743 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:29,744 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:29,744 INFO L85 PathProgramCache]: Analyzing trace with hash -715277681, now seen corresponding path program 1 times [2022-11-03 02:07:29,745 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:29,745 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1734753323] [2022-11-03 02:07:29,746 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:29,747 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:29,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:29,858 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 02:07:29,859 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:29,859 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1734753323] [2022-11-03 02:07:29,859 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1734753323] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 02:07:29,859 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 02:07:29,860 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-03 02:07:29,860 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1086359962] [2022-11-03 02:07:29,860 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 02:07:29,861 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-03 02:07:29,861 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:29,861 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-03 02:07:29,862 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 02:07:29,862 INFO L87 Difference]: Start difference. First operand 45 states and 56 transitions. Second operand has 3 states, 3 states have (on average 7.0) internal successors, (21), 3 states have internal predecessors, (21), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-03 02:07:29,929 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:29,930 INFO L93 Difference]: Finished difference Result 125 states and 159 transitions. [2022-11-03 02:07:29,930 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-03 02:07:29,931 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.0) internal successors, (21), 3 states have internal predecessors, (21), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 27 [2022-11-03 02:07:29,931 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:29,932 INFO L225 Difference]: With dead ends: 125 [2022-11-03 02:07:29,932 INFO L226 Difference]: Without dead ends: 82 [2022-11-03 02:07:29,933 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 02:07:29,935 INFO L413 NwaCegarLoop]: 60 mSDtfsCounter, 36 mSDsluCounter, 43 mSDsCounter, 0 mSdLazyCounter, 28 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 36 SdHoareTripleChecker+Valid, 97 SdHoareTripleChecker+Invalid, 32 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 28 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:29,935 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [36 Valid, 97 Invalid, 32 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 28 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-03 02:07:29,936 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2022-11-03 02:07:29,950 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 80. [2022-11-03 02:07:29,950 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 80 states, 53 states have (on average 1.2641509433962264) internal successors, (67), 60 states have internal predecessors, (67), 14 states have call successors, (14), 12 states have call predecessors, (14), 12 states have return successors, (18), 14 states have call predecessors, (18), 14 states have call successors, (18) [2022-11-03 02:07:29,952 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 80 states to 80 states and 99 transitions. [2022-11-03 02:07:29,952 INFO L78 Accepts]: Start accepts. Automaton has 80 states and 99 transitions. Word has length 27 [2022-11-03 02:07:29,952 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:29,953 INFO L495 AbstractCegarLoop]: Abstraction has 80 states and 99 transitions. [2022-11-03 02:07:29,953 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.0) internal successors, (21), 3 states have internal predecessors, (21), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-03 02:07:29,953 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 99 transitions. [2022-11-03 02:07:29,954 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-11-03 02:07:29,954 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:29,954 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:29,955 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-03 02:07:29,955 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:29,956 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:29,956 INFO L85 PathProgramCache]: Analyzing trace with hash -2083189764, now seen corresponding path program 1 times [2022-11-03 02:07:29,956 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:29,956 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1668854068] [2022-11-03 02:07:29,956 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:29,957 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:29,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:30,580 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 02:07:30,580 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:30,581 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1668854068] [2022-11-03 02:07:30,582 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1668854068] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 02:07:30,582 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 02:07:30,582 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-03 02:07:30,584 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1974432752] [2022-11-03 02:07:30,585 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 02:07:30,586 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-03 02:07:30,590 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:30,591 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-03 02:07:30,591 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-11-03 02:07:30,592 INFO L87 Difference]: Start difference. First operand 80 states and 99 transitions. Second operand has 6 states, 6 states have (on average 4.0) internal successors, (24), 6 states have internal predecessors, (24), 3 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-03 02:07:30,862 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:30,864 INFO L93 Difference]: Finished difference Result 241 states and 298 transitions. [2022-11-03 02:07:30,865 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-03 02:07:30,865 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 6 states have internal predecessors, (24), 3 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 32 [2022-11-03 02:07:30,866 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:30,877 INFO L225 Difference]: With dead ends: 241 [2022-11-03 02:07:30,877 INFO L226 Difference]: Without dead ends: 163 [2022-11-03 02:07:30,888 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=16, Invalid=26, Unknown=0, NotChecked=0, Total=42 [2022-11-03 02:07:30,890 INFO L413 NwaCegarLoop]: 75 mSDtfsCounter, 81 mSDsluCounter, 161 mSDsCounter, 0 mSdLazyCounter, 148 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 82 SdHoareTripleChecker+Valid, 214 SdHoareTripleChecker+Invalid, 158 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 148 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:30,892 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [82 Valid, 214 Invalid, 158 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 148 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-03 02:07:30,895 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 163 states. [2022-11-03 02:07:30,938 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 163 to 157. [2022-11-03 02:07:30,942 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 157 states, 102 states have (on average 1.2450980392156863) internal successors, (127), 114 states have internal predecessors, (127), 29 states have call successors, (29), 25 states have call predecessors, (29), 25 states have return successors, (38), 27 states have call predecessors, (38), 29 states have call successors, (38) [2022-11-03 02:07:30,948 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 157 states to 157 states and 194 transitions. [2022-11-03 02:07:30,948 INFO L78 Accepts]: Start accepts. Automaton has 157 states and 194 transitions. Word has length 32 [2022-11-03 02:07:30,949 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:30,949 INFO L495 AbstractCegarLoop]: Abstraction has 157 states and 194 transitions. [2022-11-03 02:07:30,949 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 6 states have internal predecessors, (24), 3 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-11-03 02:07:30,950 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 194 transitions. [2022-11-03 02:07:30,957 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-11-03 02:07:30,957 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:30,957 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:30,958 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-03 02:07:30,959 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:30,960 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:30,960 INFO L85 PathProgramCache]: Analyzing trace with hash -600228651, now seen corresponding path program 1 times [2022-11-03 02:07:30,961 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:30,961 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1625284311] [2022-11-03 02:07:30,961 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:30,961 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:30,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:31,470 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 02:07:31,470 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:31,470 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1625284311] [2022-11-03 02:07:31,471 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1625284311] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 02:07:31,471 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 02:07:31,471 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-03 02:07:31,471 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [955127893] [2022-11-03 02:07:31,471 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 02:07:31,472 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-03 02:07:31,473 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:31,474 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-03 02:07:31,474 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=39, Unknown=0, NotChecked=0, Total=56 [2022-11-03 02:07:31,475 INFO L87 Difference]: Start difference. First operand 157 states and 194 transitions. Second operand has 8 states, 7 states have (on average 3.5714285714285716) internal successors, (25), 7 states have internal predecessors, (25), 4 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-03 02:07:32,157 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:32,157 INFO L93 Difference]: Finished difference Result 372 states and 470 transitions. [2022-11-03 02:07:32,158 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-11-03 02:07:32,160 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 3.5714285714285716) internal successors, (25), 7 states have internal predecessors, (25), 4 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) Word has length 35 [2022-11-03 02:07:32,160 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:32,169 INFO L225 Difference]: With dead ends: 372 [2022-11-03 02:07:32,170 INFO L226 Difference]: Without dead ends: 266 [2022-11-03 02:07:32,171 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 29 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=67, Invalid=143, Unknown=0, NotChecked=0, Total=210 [2022-11-03 02:07:32,172 INFO L413 NwaCegarLoop]: 77 mSDtfsCounter, 160 mSDsluCounter, 203 mSDsCounter, 0 mSdLazyCounter, 304 mSolverCounterSat, 70 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 165 SdHoareTripleChecker+Valid, 244 SdHoareTripleChecker+Invalid, 374 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 70 IncrementalHoareTripleChecker+Valid, 304 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:32,172 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [165 Valid, 244 Invalid, 374 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [70 Valid, 304 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-03 02:07:32,173 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 266 states. [2022-11-03 02:07:32,206 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 266 to 234. [2022-11-03 02:07:32,207 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 234 states, 157 states have (on average 1.2547770700636942) internal successors, (197), 174 states have internal predecessors, (197), 40 states have call successors, (40), 31 states have call predecessors, (40), 36 states have return successors, (55), 42 states have call predecessors, (55), 40 states have call successors, (55) [2022-11-03 02:07:32,209 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 234 states to 234 states and 292 transitions. [2022-11-03 02:07:32,209 INFO L78 Accepts]: Start accepts. Automaton has 234 states and 292 transitions. Word has length 35 [2022-11-03 02:07:32,210 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:32,210 INFO L495 AbstractCegarLoop]: Abstraction has 234 states and 292 transitions. [2022-11-03 02:07:32,210 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 3.5714285714285716) internal successors, (25), 7 states have internal predecessors, (25), 4 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-03 02:07:32,210 INFO L276 IsEmpty]: Start isEmpty. Operand 234 states and 292 transitions. [2022-11-03 02:07:32,211 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-11-03 02:07:32,211 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:32,211 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:32,212 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-03 02:07:32,212 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:32,212 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:32,212 INFO L85 PathProgramCache]: Analyzing trace with hash -175161021, now seen corresponding path program 1 times [2022-11-03 02:07:32,213 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:32,213 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1355586309] [2022-11-03 02:07:32,213 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:32,213 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:32,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:32,321 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-03 02:07:32,321 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:32,321 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1355586309] [2022-11-03 02:07:32,322 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1355586309] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 02:07:32,322 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 02:07:32,322 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-11-03 02:07:32,322 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1454592054] [2022-11-03 02:07:32,322 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 02:07:32,323 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-11-03 02:07:32,323 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:32,323 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-11-03 02:07:32,324 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-11-03 02:07:32,324 INFO L87 Difference]: Start difference. First operand 234 states and 292 transitions. Second operand has 7 states, 6 states have (on average 4.333333333333333) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-03 02:07:32,600 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:32,601 INFO L93 Difference]: Finished difference Result 499 states and 629 transitions. [2022-11-03 02:07:32,601 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-03 02:07:32,601 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 6 states have (on average 4.333333333333333) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 35 [2022-11-03 02:07:32,602 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:32,603 INFO L225 Difference]: With dead ends: 499 [2022-11-03 02:07:32,604 INFO L226 Difference]: Without dead ends: 267 [2022-11-03 02:07:32,605 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 22 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2022-11-03 02:07:32,605 INFO L413 NwaCegarLoop]: 50 mSDtfsCounter, 57 mSDsluCounter, 218 mSDsCounter, 0 mSdLazyCounter, 236 mSolverCounterSat, 31 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 63 SdHoareTripleChecker+Valid, 225 SdHoareTripleChecker+Invalid, 267 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 236 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:32,606 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [63 Valid, 225 Invalid, 267 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 236 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-03 02:07:32,607 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 267 states. [2022-11-03 02:07:32,648 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 267 to 239. [2022-11-03 02:07:32,649 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 239 states, 160 states have (on average 1.21875) internal successors, (195), 177 states have internal predecessors, (195), 41 states have call successors, (41), 31 states have call predecessors, (41), 37 states have return successors, (58), 43 states have call predecessors, (58), 41 states have call successors, (58) [2022-11-03 02:07:32,651 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 239 states to 239 states and 294 transitions. [2022-11-03 02:07:32,652 INFO L78 Accepts]: Start accepts. Automaton has 239 states and 294 transitions. Word has length 35 [2022-11-03 02:07:32,652 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:32,652 INFO L495 AbstractCegarLoop]: Abstraction has 239 states and 294 transitions. [2022-11-03 02:07:32,653 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 6 states have (on average 4.333333333333333) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-03 02:07:32,653 INFO L276 IsEmpty]: Start isEmpty. Operand 239 states and 294 transitions. [2022-11-03 02:07:32,658 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 61 [2022-11-03 02:07:32,658 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:32,658 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:32,659 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-03 02:07:32,659 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:32,659 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:32,659 INFO L85 PathProgramCache]: Analyzing trace with hash -1855284806, now seen corresponding path program 1 times [2022-11-03 02:07:32,660 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:32,660 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1750381224] [2022-11-03 02:07:32,660 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:32,660 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:32,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:33,170 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 0 proven. 16 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-11-03 02:07:33,171 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:33,171 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1750381224] [2022-11-03 02:07:33,172 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1750381224] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 02:07:33,174 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [252902173] [2022-11-03 02:07:33,174 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:33,174 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 02:07:33,175 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 02:07:33,179 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 02:07:33,203 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-03 02:07:33,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:33,337 INFO L263 TraceCheckSpWp]: Trace formula consists of 466 conjuncts, 22 conjunts are in the unsatisfiable core [2022-11-03 02:07:33,344 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 02:07:33,598 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 26 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-03 02:07:33,598 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 02:07:33,779 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 15 proven. 1 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-11-03 02:07:33,780 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [252902173] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 02:07:33,780 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1080669393] [2022-11-03 02:07:33,800 INFO L159 IcfgInterpreter]: Started Sifa with 36 locations of interest [2022-11-03 02:07:33,800 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 02:07:33,804 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 02:07:33,810 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 02:07:33,811 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 02:07:42,257 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 52 for LOIs [2022-11-03 02:07:42,269 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 51 for LOIs [2022-11-03 02:07:42,634 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 44 for LOIs [2022-11-03 02:07:42,642 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 26 for LOIs [2022-11-03 02:07:42,675 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 02:07:48,105 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '4184#(and (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| 2)) (= |timeShift_getWaterLevel_~retValue_acc~4#1| |timeShift_getWaterLevel_#res#1|) (= |timeShift_getWaterLevel_~retValue_acc~4#1| ~waterLevel~0) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= ~methaneLevelCritical~0 0) (= ~head~0.offset 0) (= 1 ~systemActive~0) (= |old(~pumpRunning~0)| 0) (= |old(~waterLevel~0)| ~waterLevel~0) (<= |timeShift_getWaterLevel_#res#1| 2147483647) (= ~head~0.base 0) (= |#NULL.offset| 0) (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| |timeShift_getWaterLevel_#res#1|) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= 2 |timeShift_getWaterLevel_~retValue_acc~4#1|) (= ~pumpRunning~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (= |old(~switchedOnBeforeTS~0)| 0))' at error location [2022-11-03 02:07:48,106 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 02:07:48,106 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 02:07:48,106 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 14 [2022-11-03 02:07:48,106 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1477237923] [2022-11-03 02:07:48,106 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 02:07:48,107 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-11-03 02:07:48,107 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:07:48,107 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-11-03 02:07:48,108 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=191, Invalid=1291, Unknown=0, NotChecked=0, Total=1482 [2022-11-03 02:07:48,108 INFO L87 Difference]: Start difference. First operand 239 states and 294 transitions. Second operand has 14 states, 13 states have (on average 5.153846153846154) internal successors, (67), 13 states have internal predecessors, (67), 7 states have call successors, (15), 5 states have call predecessors, (15), 5 states have return successors, (14), 6 states have call predecessors, (14), 7 states have call successors, (14) [2022-11-03 02:07:49,949 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:07:49,949 INFO L93 Difference]: Finished difference Result 680 states and 863 transitions. [2022-11-03 02:07:49,949 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-11-03 02:07:49,950 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 13 states have (on average 5.153846153846154) internal successors, (67), 13 states have internal predecessors, (67), 7 states have call successors, (15), 5 states have call predecessors, (15), 5 states have return successors, (14), 6 states have call predecessors, (14), 7 states have call successors, (14) Word has length 60 [2022-11-03 02:07:49,950 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:07:49,953 INFO L225 Difference]: With dead ends: 680 [2022-11-03 02:07:49,953 INFO L226 Difference]: Without dead ends: 443 [2022-11-03 02:07:49,956 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 227 GetRequests, 162 SyntacticMatches, 4 SemanticMatches, 61 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1322 ImplicationChecksByTransitivity, 6.4s TimeCoverageRelationStatistics Valid=551, Invalid=3355, Unknown=0, NotChecked=0, Total=3906 [2022-11-03 02:07:49,957 INFO L413 NwaCegarLoop]: 64 mSDtfsCounter, 371 mSDsluCounter, 358 mSDsCounter, 0 mSdLazyCounter, 815 mSolverCounterSat, 232 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 377 SdHoareTripleChecker+Valid, 350 SdHoareTripleChecker+Invalid, 1047 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 232 IncrementalHoareTripleChecker+Valid, 815 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-03 02:07:49,957 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [377 Valid, 350 Invalid, 1047 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [232 Valid, 815 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-11-03 02:07:49,958 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 443 states. [2022-11-03 02:07:50,014 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 443 to 393. [2022-11-03 02:07:50,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 393 states, 262 states have (on average 1.183206106870229) internal successors, (310), 294 states have internal predecessors, (310), 63 states have call successors, (63), 50 states have call predecessors, (63), 67 states have return successors, (108), 67 states have call predecessors, (108), 63 states have call successors, (108) [2022-11-03 02:07:50,020 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 393 states to 393 states and 481 transitions. [2022-11-03 02:07:50,021 INFO L78 Accepts]: Start accepts. Automaton has 393 states and 481 transitions. Word has length 60 [2022-11-03 02:07:50,021 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:07:50,021 INFO L495 AbstractCegarLoop]: Abstraction has 393 states and 481 transitions. [2022-11-03 02:07:50,022 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 13 states have (on average 5.153846153846154) internal successors, (67), 13 states have internal predecessors, (67), 7 states have call successors, (15), 5 states have call predecessors, (15), 5 states have return successors, (14), 6 states have call predecessors, (14), 7 states have call successors, (14) [2022-11-03 02:07:50,022 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 481 transitions. [2022-11-03 02:07:50,023 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2022-11-03 02:07:50,023 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:07:50,024 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:07:50,065 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-03 02:07:50,239 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable7 [2022-11-03 02:07:50,239 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:07:50,240 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:07:50,240 INFO L85 PathProgramCache]: Analyzing trace with hash -1919116790, now seen corresponding path program 1 times [2022-11-03 02:07:50,240 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:07:50,240 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1363942558] [2022-11-03 02:07:50,240 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:50,240 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:07:50,262 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:50,561 INFO L134 CoverageAnalysis]: Checked inductivity of 25 backedges. 1 proven. 20 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-03 02:07:50,561 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:07:50,561 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1363942558] [2022-11-03 02:07:50,562 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1363942558] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 02:07:50,562 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1308320843] [2022-11-03 02:07:50,562 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:07:50,562 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 02:07:50,562 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 02:07:50,564 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 02:07:50,599 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-03 02:07:50,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:07:50,694 INFO L263 TraceCheckSpWp]: Trace formula consists of 458 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-03 02:07:50,697 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 02:07:50,755 INFO L134 CoverageAnalysis]: Checked inductivity of 25 backedges. 14 proven. 1 refuted. 0 times theorem prover too weak. 10 trivial. 0 not checked. [2022-11-03 02:07:50,755 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 02:07:50,838 INFO L134 CoverageAnalysis]: Checked inductivity of 25 backedges. 7 proven. 1 refuted. 0 times theorem prover too weak. 17 trivial. 0 not checked. [2022-11-03 02:07:50,838 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1308320843] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 02:07:50,838 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1269056185] [2022-11-03 02:07:50,844 INFO L159 IcfgInterpreter]: Started Sifa with 41 locations of interest [2022-11-03 02:07:50,845 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 02:07:50,845 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 02:07:50,846 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 02:07:50,846 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 02:07:56,705 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 32 for LOIs [2022-11-03 02:07:56,709 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 48 for LOIs [2022-11-03 02:07:57,480 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 20 for LOIs [2022-11-03 02:07:57,482 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 72 for LOIs [2022-11-03 02:07:57,866 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__base with input of size 55 for LOIs [2022-11-03 02:07:57,881 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 02:08:04,298 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '6318#(and (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| 2)) (= |timeShift_getWaterLevel_~retValue_acc~4#1| |timeShift_getWaterLevel_#res#1|) (= |timeShift_getWaterLevel_~retValue_acc~4#1| ~waterLevel~0) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (<= 0 (+ 2147483648 |old(~pumpRunning~0)|)) (= ~head~0.offset 0) (<= |old(~pumpRunning~0)| 2147483647) (= 1 ~systemActive~0) (<= ~methaneLevelCritical~0 0) (<= 0 ~head~0.base) (<= 0 ~methaneLevelCritical~0) (<= 0 (+ |timeShift_getWaterLevel_~retValue_acc~4#1| 2147483648)) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 2147483648)) (<= |timeShift_getWaterLevel_#res#1| 2147483647) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 2147483647) (<= ~head~0.base 0) (= |#NULL.offset| 0) (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| |timeShift_getWaterLevel_#res#1|) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0))' at error location [2022-11-03 02:08:04,299 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 02:08:04,299 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 02:08:04,299 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 14 [2022-11-03 02:08:04,299 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1236728515] [2022-11-03 02:08:04,299 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 02:08:04,300 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-11-03 02:08:04,300 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:08:04,300 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-11-03 02:08:04,301 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=257, Invalid=1723, Unknown=0, NotChecked=0, Total=1980 [2022-11-03 02:08:04,301 INFO L87 Difference]: Start difference. First operand 393 states and 481 transitions. Second operand has 14 states, 12 states have (on average 5.5) internal successors, (66), 12 states have internal predecessors, (66), 5 states have call successors, (14), 3 states have call predecessors, (14), 6 states have return successors, (17), 7 states have call predecessors, (17), 5 states have call successors, (17) [2022-11-03 02:08:05,376 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:08:05,376 INFO L93 Difference]: Finished difference Result 762 states and 954 transitions. [2022-11-03 02:08:05,376 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 31 states. [2022-11-03 02:08:05,377 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 12 states have (on average 5.5) internal successors, (66), 12 states have internal predecessors, (66), 5 states have call successors, (14), 3 states have call predecessors, (14), 6 states have return successors, (17), 7 states have call predecessors, (17), 5 states have call successors, (17) Word has length 63 [2022-11-03 02:08:05,379 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:08:05,382 INFO L225 Difference]: With dead ends: 762 [2022-11-03 02:08:05,382 INFO L226 Difference]: Without dead ends: 464 [2022-11-03 02:08:05,384 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 239 GetRequests, 171 SyntacticMatches, 0 SemanticMatches, 68 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1530 ImplicationChecksByTransitivity, 7.0s TimeCoverageRelationStatistics Valid=594, Invalid=4236, Unknown=0, NotChecked=0, Total=4830 [2022-11-03 02:08:05,387 INFO L413 NwaCegarLoop]: 84 mSDtfsCounter, 341 mSDsluCounter, 349 mSDsCounter, 0 mSdLazyCounter, 535 mSolverCounterSat, 221 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 346 SdHoareTripleChecker+Valid, 355 SdHoareTripleChecker+Invalid, 756 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 221 IncrementalHoareTripleChecker+Valid, 535 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-03 02:08:05,387 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [346 Valid, 355 Invalid, 756 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [221 Valid, 535 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-11-03 02:08:05,389 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 464 states. [2022-11-03 02:08:05,445 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 464 to 433. [2022-11-03 02:08:05,446 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 433 states, 285 states have (on average 1.1578947368421053) internal successors, (330), 320 states have internal predecessors, (330), 71 states have call successors, (71), 62 states have call predecessors, (71), 76 states have return successors, (116), 74 states have call predecessors, (116), 71 states have call successors, (116) [2022-11-03 02:08:05,449 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 433 states to 433 states and 517 transitions. [2022-11-03 02:08:05,450 INFO L78 Accepts]: Start accepts. Automaton has 433 states and 517 transitions. Word has length 63 [2022-11-03 02:08:05,451 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:08:05,451 INFO L495 AbstractCegarLoop]: Abstraction has 433 states and 517 transitions. [2022-11-03 02:08:05,451 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 12 states have (on average 5.5) internal successors, (66), 12 states have internal predecessors, (66), 5 states have call successors, (14), 3 states have call predecessors, (14), 6 states have return successors, (17), 7 states have call predecessors, (17), 5 states have call successors, (17) [2022-11-03 02:08:05,451 INFO L276 IsEmpty]: Start isEmpty. Operand 433 states and 517 transitions. [2022-11-03 02:08:05,454 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-11-03 02:08:05,454 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 02:08:05,454 INFO L195 NwaCegarLoop]: trace histogram [5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:08:05,494 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-03 02:08:05,675 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable8 [2022-11-03 02:08:05,675 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 02:08:05,676 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 02:08:05,676 INFO L85 PathProgramCache]: Analyzing trace with hash -658251347, now seen corresponding path program 1 times [2022-11-03 02:08:05,676 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 02:08:05,676 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [887231497] [2022-11-03 02:08:05,676 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:08:05,676 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 02:08:05,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:08:06,670 INFO L134 CoverageAnalysis]: Checked inductivity of 76 backedges. 12 proven. 42 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-11-03 02:08:06,670 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 02:08:06,670 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [887231497] [2022-11-03 02:08:06,671 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [887231497] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 02:08:06,671 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [706515962] [2022-11-03 02:08:06,671 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 02:08:06,671 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 02:08:06,671 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 02:08:06,672 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 02:08:06,691 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-03 02:08:06,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 02:08:06,813 INFO L263 TraceCheckSpWp]: Trace formula consists of 562 conjuncts, 30 conjunts are in the unsatisfiable core [2022-11-03 02:08:06,816 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 02:08:07,156 INFO L134 CoverageAnalysis]: Checked inductivity of 76 backedges. 55 proven. 15 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-11-03 02:08:07,156 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 02:08:07,637 INFO L134 CoverageAnalysis]: Checked inductivity of 76 backedges. 49 proven. 5 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-11-03 02:08:07,638 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [706515962] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 02:08:07,638 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [730285684] [2022-11-03 02:08:07,640 INFO L159 IcfgInterpreter]: Started Sifa with 37 locations of interest [2022-11-03 02:08:07,641 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 02:08:07,641 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 02:08:07,641 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 02:08:07,641 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 02:08:12,941 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 53 for LOIs [2022-11-03 02:08:12,950 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 30 for LOIs [2022-11-03 02:08:13,340 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 42 for LOIs [2022-11-03 02:08:13,350 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 29 for LOIs [2022-11-03 02:08:13,379 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 02:08:19,153 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '8796#(and (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| 2)) (= |timeShift_getWaterLevel_~retValue_acc~4#1| |timeShift_getWaterLevel_#res#1|) (<= 0 |#NULL.base|) (= |timeShift_getWaterLevel_~retValue_acc~4#1| ~waterLevel~0) (<= 0 |old(~pumpRunning~0)|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= ~head~0.offset 0) (<= 1 ~systemActive~0) (<= |old(~pumpRunning~0)| 2147483647) (<= |#NULL.offset| 0) (<= ~methaneLevelCritical~0 0) (<= 0 ~head~0.base) (<= |#NULL.base| 0) (<= 0 ~methaneLevelCritical~0) (<= 0 (+ |timeShift_getWaterLevel_~retValue_acc~4#1| 2147483648)) (<= |timeShift_getWaterLevel_#res#1| 2147483647) (<= 0 ~pumpRunning~0) (<= ~head~0.base 0) (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| |timeShift_getWaterLevel_#res#1|) (<= 0 |#NULL.offset|) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= ~systemActive~0 1) (= ~cleanupTimeShifts~0 4))' at error location [2022-11-03 02:08:19,153 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 02:08:19,153 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 02:08:19,153 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [18, 11, 11] total 30 [2022-11-03 02:08:19,153 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [25486062] [2022-11-03 02:08:19,154 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 02:08:19,154 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 30 states [2022-11-03 02:08:19,155 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 02:08:19,155 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 30 interpolants. [2022-11-03 02:08:19,156 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=342, Invalid=2964, Unknown=0, NotChecked=0, Total=3306 [2022-11-03 02:08:19,156 INFO L87 Difference]: Start difference. First operand 433 states and 517 transitions. Second operand has 30 states, 29 states have (on average 4.517241379310345) internal successors, (131), 29 states have internal predecessors, (131), 16 states have call successors, (25), 8 states have call predecessors, (25), 11 states have return successors, (24), 15 states have call predecessors, (24), 15 states have call successors, (24) [2022-11-03 02:08:23,502 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 02:08:23,502 INFO L93 Difference]: Finished difference Result 1013 states and 1271 transitions. [2022-11-03 02:08:23,503 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 67 states. [2022-11-03 02:08:23,503 INFO L78 Accepts]: Start accepts. Automaton has has 30 states, 29 states have (on average 4.517241379310345) internal successors, (131), 29 states have internal predecessors, (131), 16 states have call successors, (25), 8 states have call predecessors, (25), 11 states have return successors, (24), 15 states have call predecessors, (24), 15 states have call successors, (24) Word has length 85 [2022-11-03 02:08:23,503 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 02:08:23,504 INFO L225 Difference]: With dead ends: 1013 [2022-11-03 02:08:23,504 INFO L226 Difference]: Without dead ends: 0 [2022-11-03 02:08:23,511 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 359 GetRequests, 242 SyntacticMatches, 4 SemanticMatches, 113 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4874 ImplicationChecksByTransitivity, 8.7s TimeCoverageRelationStatistics Valid=1670, Invalid=11440, Unknown=0, NotChecked=0, Total=13110 [2022-11-03 02:08:23,512 INFO L413 NwaCegarLoop]: 102 mSDtfsCounter, 984 mSDsluCounter, 826 mSDsCounter, 0 mSdLazyCounter, 2118 mSolverCounterSat, 720 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 992 SdHoareTripleChecker+Valid, 719 SdHoareTripleChecker+Invalid, 2838 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 720 IncrementalHoareTripleChecker+Valid, 2118 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-11-03 02:08:23,513 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [992 Valid, 719 Invalid, 2838 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [720 Valid, 2118 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-11-03 02:08:23,513 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-03 02:08:23,513 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-03 02:08:23,513 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-03 02:08:23,514 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-03 02:08:23,514 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 85 [2022-11-03 02:08:23,514 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 02:08:23,514 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-03 02:08:23,515 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 30 states, 29 states have (on average 4.517241379310345) internal successors, (131), 29 states have internal predecessors, (131), 16 states have call successors, (25), 8 states have call predecessors, (25), 11 states have return successors, (24), 15 states have call predecessors, (24), 15 states have call successors, (24) [2022-11-03 02:08:23,515 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-03 02:08:23,515 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-03 02:08:23,517 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-03 02:08:23,545 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-11-03 02:08:23,731 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-03 02:08:23,733 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-03 02:08:30,343 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 822 828) no Hoare annotation was computed. [2022-11-03 02:08:30,343 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 822 828) the Hoare annotation is: true [2022-11-03 02:08:30,343 INFO L902 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 232 243) the Hoare annotation is: true [2022-11-03 02:08:30,343 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 232 243) no Hoare annotation was computed. [2022-11-03 02:08:30,345 INFO L895 garLoopResultBuilder]: At program point L870(line 870) the Hoare annotation is: (let ((.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse8 (not (= |old(~pumpRunning~0)| 0)))) (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse6 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse7 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse9 (and (or .cse1 .cse8) (not (<= |old(~waterLevel~0)| 0)))) (.cse2 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (or .cse4 .cse5) (<= ~waterLevel~0 0) .cse6) .cse7) (or (and .cse3 .cse8 .cse4 .cse6) .cse2 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse9 .cse2 .cse5 .cse7) (or .cse8 .cse9 .cse2)))) [2022-11-03 02:08:30,346 INFO L895 garLoopResultBuilder]: At program point L705(line 705) the Hoare annotation is: (let ((.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse9 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 0))) (.cse2 (= ~pumpRunning~0 0)) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| ~waterLevel~0)) (.cse10 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse7 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse3 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)))) (and (let ((.cse5 (or .cse8 (<= |old(~waterLevel~0)| ~waterLevel~0)))) (or .cse0 (and .cse1 .cse2 .cse3 .cse4 .cse5) (and .cse6 .cse3 .cse4 .cse7 .cse5) (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|)))) (or .cse9 .cse8 .cse0 (and .cse2 .cse4 .cse10 .cse7)) (let ((.cse11 (< 0 |old(~waterLevel~0)|))) (let ((.cse12 (and .cse3 .cse11))) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) .cse9 .cse0 (and .cse1 .cse2 .cse4 (or (and (not .cse11) .cse10) .cse12)) (and .cse6 .cse4 (<= ~waterLevel~0 0) (or .cse12 .cse10) .cse7) (= |old(~switchedOnBeforeTS~0)| 0)))))) [2022-11-03 02:08:30,346 INFO L899 garLoopResultBuilder]: For program point L705-1(line 705) no Hoare annotation was computed. [2022-11-03 02:08:30,346 INFO L895 garLoopResultBuilder]: At program point L875(line 875) the Hoare annotation is: (let ((.cse1 (= ~pumpRunning~0 0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse2) (or .cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1) .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) .cse0 .cse2 (= |old(~switchedOnBeforeTS~0)| 0)))) [2022-11-03 02:08:30,346 INFO L895 garLoopResultBuilder]: At program point L875-1(lines 856 880) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse6 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (not (<= 2 |old(~waterLevel~0)|))) (.cse12 (= |old(~switchedOnBeforeTS~0)| 0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 .cse2 .cse3) (and (<= 2 ~waterLevel~0) .cse2) .cse4) (or (and .cse5 .cse1 .cse6) (and .cse7 .cse6 .cse3) .cse0 (and .cse2 (or .cse7 (= ~pumpRunning~0 1))) .cse4 .cse8) (let ((.cse11 (< 0 |old(~waterLevel~0)|))) (let ((.cse10 (and .cse6 .cse11))) (or .cse9 (not (<= |old(~waterLevel~0)| 1)) (and .cse7 (<= ~waterLevel~0 0) (or .cse10 .cse2) .cse3) .cse0 (and .cse5 .cse1 (or (and (not .cse11) .cse2) .cse10)) .cse12))) (or .cse9 .cse6 .cse0 .cse4 .cse8 .cse12))) [2022-11-03 02:08:30,347 INFO L895 garLoopResultBuilder]: At program point L809-1(lines 809 815) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 0))) (.cse1 (= ~pumpRunning~0 0)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse6 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (not (<= 2 |old(~waterLevel~0)|))) (.cse12 (= |old(~switchedOnBeforeTS~0)| 0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and .cse1 .cse2 .cse3) (and (<= 2 ~waterLevel~0) .cse2) .cse4) (or (and .cse5 .cse1 .cse6) (and .cse7 .cse6 .cse3) .cse0 (and .cse2 (or .cse7 (= ~pumpRunning~0 1))) .cse4 .cse8) (let ((.cse11 (< 0 |old(~waterLevel~0)|))) (let ((.cse10 (and .cse6 .cse11))) (or .cse9 (not (<= |old(~waterLevel~0)| 1)) (and .cse7 (<= ~waterLevel~0 0) (or .cse10 .cse2) .cse3) .cse0 (and .cse5 .cse1 (or (and (not .cse11) .cse2) .cse10)) .cse12))) (or .cse9 .cse6 .cse0 .cse4 .cse8 .cse12))) [2022-11-03 02:08:30,347 INFO L895 garLoopResultBuilder]: At program point L54(line 54) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= |old(~waterLevel~0)| 2)))) (and (or (not (<= |old(~waterLevel~0)| 1)) (not (= |old(~pumpRunning~0)| 0)) .cse0) (or .cse0 .cse1 (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) .cse0 .cse1))) [2022-11-03 02:08:30,348 INFO L895 garLoopResultBuilder]: At program point L690(line 690) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse4)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse1 .cse3 (and (not (= ~switchedOnBeforeTS~0 0)) (= ~pumpRunning~0 0) .cse4) (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse0 .cse1 .cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))))) [2022-11-03 02:08:30,351 INFO L895 garLoopResultBuilder]: At program point L690-1(line 690) the Hoare annotation is: (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__2_#t~ret34#1|)) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse7 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 .cse2) (or .cse0 .cse1 (and .cse3 .cse4 .cse5 .cse2) .cse6 (= |old(~switchedOnBeforeTS~0)| 0)) (or (not (<= |old(~waterLevel~0)| 1)) (not (= |old(~pumpRunning~0)| 0)) .cse1 (and (= ~pumpRunning~0 0) .cse4 .cse5)) (or .cse0 .cse1 .cse6 .cse2 .cse7) (or .cse1 .cse6 (and .cse3 .cse4 .cse5) .cse7))) [2022-11-03 02:08:30,351 INFO L899 garLoopResultBuilder]: For program point L707(lines 707 717) no Hoare annotation was computed. [2022-11-03 02:08:30,351 INFO L899 garLoopResultBuilder]: For program point L802-2(lines 798 820) no Hoare annotation was computed. [2022-11-03 02:08:30,352 INFO L895 garLoopResultBuilder]: At program point L864(lines 864 872) the Hoare annotation is: (let ((.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse8 (not (= |old(~pumpRunning~0)| 0)))) (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse6 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse7 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse9 (and (or .cse1 .cse8) (not (<= |old(~waterLevel~0)| 0)))) (.cse2 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (and .cse3 (or .cse4 .cse5) (<= ~waterLevel~0 0) .cse6) .cse7) (or (and .cse3 .cse8 .cse4 .cse6) .cse2 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse9 .cse2 .cse5 .cse7) (or .cse8 .cse9 .cse2)))) [2022-11-03 02:08:30,352 INFO L899 garLoopResultBuilder]: For program point L703(lines 703 720) no Hoare annotation was computed. [2022-11-03 02:08:30,352 INFO L895 garLoopResultBuilder]: At program point L703-1(lines 695 723) the Hoare annotation is: (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 0))) (.cse2 (= ~pumpRunning~0 0)) (.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1| ~waterLevel~0)) (.cse6 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse10 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse3 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)))) (and (or .cse0 (and .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse4 (= ~waterLevel~0 1) .cse6) (and .cse4 .cse7 (or .cse5 (= ~pumpRunning~0 1))) .cse8 (not (<= 2 |old(~waterLevel~0)|))) (or .cse9 .cse0 .cse7 (not (<= |old(~waterLevel~0)| 0)) .cse10) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (< 1 |timeShift___utac_acc__Specification5_spec__3_~tmp~4#1|) .cse4 .cse7) (and .cse2 .cse4 .cse7 .cse6) .cse8) (let ((.cse11 (or .cse3 (not (< 0 |old(~waterLevel~0)|))))) (or .cse9 .cse0 (and .cse1 .cse11 .cse2 .cse4) .cse8 (and .cse5 .cse11 .cse4 .cse6) .cse10)))) [2022-11-03 02:08:30,352 INFO L895 garLoopResultBuilder]: At program point L860(lines 860 877) the Hoare annotation is: (let ((.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~pumpRunning~0 0)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (and (or .cse0 (not (= |old(~pumpRunning~0)| 0)) .cse1 (and .cse2 .cse3 .cse4)) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) .cse0 .cse1 (and .cse5 (or (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) (< 0 |old(~waterLevel~0)|)) .cse3) (or .cse2 (<= ~waterLevel~0 0)) .cse4)) (or .cse1 (not (<= |old(~waterLevel~0)| 2)) (and .cse5 (or (and (not .cse2) (<= ~waterLevel~0 1) (<= 1 ~waterLevel~0)) (and .cse2 (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2))) .cse4) (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-03 02:08:30,353 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 795 821) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse4)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse1 .cse3 (and (not (= ~switchedOnBeforeTS~0 0)) (= ~pumpRunning~0 0) .cse4) (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse0 .cse1 .cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))))) [2022-11-03 02:08:30,353 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 795 821) no Hoare annotation was computed. [2022-11-03 02:08:30,353 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-11-03 02:08:30,354 INFO L899 garLoopResultBuilder]: For program point L708(lines 708 714) no Hoare annotation was computed. [2022-11-03 02:08:30,355 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 99 128) no Hoare annotation was computed. [2022-11-03 02:08:30,355 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 99 128) the Hoare annotation is: true [2022-11-03 02:08:30,356 INFO L902 garLoopResultBuilder]: At program point L124(lines 99 128) the Hoare annotation is: true [2022-11-03 02:08:30,356 INFO L899 garLoopResultBuilder]: For program point L120(line 120) no Hoare annotation was computed. [2022-11-03 02:08:30,356 INFO L899 garLoopResultBuilder]: For program point L113(lines 113 117) no Hoare annotation was computed. [2022-11-03 02:08:30,356 INFO L902 garLoopResultBuilder]: At program point L113-1(lines 113 117) the Hoare annotation is: true [2022-11-03 02:08:30,356 INFO L902 garLoopResultBuilder]: At program point L109-2(lines 109 123) the Hoare annotation is: true [2022-11-03 02:08:30,356 INFO L902 garLoopResultBuilder]: At program point L105(line 105) the Hoare annotation is: true [2022-11-03 02:08:30,356 INFO L899 garLoopResultBuilder]: For program point L105-1(line 105) no Hoare annotation was computed. [2022-11-03 02:08:30,357 INFO L895 garLoopResultBuilder]: At program point L771-2(lines 765 776) the Hoare annotation is: (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and (<= 2 ~waterLevel~0) .cse0 .cse1 .cse2) (and (<= ~waterLevel~0 1) .cse0 .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2))) [2022-11-03 02:08:30,357 INFO L902 garLoopResultBuilder]: At program point ULTIMATE.startENTRY(line -1) the Hoare annotation is: true [2022-11-03 02:08:30,357 INFO L899 garLoopResultBuilder]: For program point L755(lines 755 761) no Hoare annotation was computed. [2022-11-03 02:08:30,357 INFO L899 garLoopResultBuilder]: For program point L755-1(lines 755 761) no Hoare annotation was computed. [2022-11-03 02:08:30,357 INFO L902 garLoopResultBuilder]: At program point L784(lines 725 788) the Hoare annotation is: true [2022-11-03 02:08:30,357 INFO L895 garLoopResultBuilder]: At program point L747(line 747) the Hoare annotation is: (let ((.cse2 (<= ~waterLevel~0 1)) (.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (<= 2 ~waterLevel~0) .cse0 .cse1 (<= ~waterLevel~0 2)) (and .cse2 .cse0 .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse2 .cse0 .cse1))) [2022-11-03 02:08:30,358 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-03 02:08:30,358 INFO L895 garLoopResultBuilder]: At program point L186(lines 186 193) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) [2022-11-03 02:08:30,358 INFO L902 garLoopResultBuilder]: At program point L186-2(lines 186 193) the Hoare annotation is: true [2022-11-03 02:08:30,358 INFO L895 garLoopResultBuilder]: At program point L781(lines 734 782) the Hoare annotation is: false [2022-11-03 02:08:30,358 INFO L899 garLoopResultBuilder]: For program point L736(lines 735 780) no Hoare annotation was computed. [2022-11-03 02:08:30,358 INFO L895 garLoopResultBuilder]: At program point L757(line 757) the Hoare annotation is: (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and (<= 2 ~waterLevel~0) .cse0 .cse1 .cse2) (and (<= ~waterLevel~0 1) .cse0 .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2))) [2022-11-03 02:08:30,359 INFO L895 garLoopResultBuilder]: At program point L778(lines 735 780) the Hoare annotation is: (let ((.cse2 (<= ~waterLevel~0 1)) (.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (<= 2 ~waterLevel~0) .cse0 .cse1 (<= ~waterLevel~0 2)) (and .cse2 .cse0 .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse2 .cse0 .cse1))) [2022-11-03 02:08:30,359 INFO L899 garLoopResultBuilder]: For program point L745(lines 745 751) no Hoare annotation was computed. [2022-11-03 02:08:30,359 INFO L899 garLoopResultBuilder]: For program point L745-1(lines 745 751) no Hoare annotation was computed. [2022-11-03 02:08:30,359 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 830 854) the Hoare annotation is: (or (not (= 1 ~systemActive~0)) (not (<= ~waterLevel~0 2)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|))) [2022-11-03 02:08:30,359 INFO L895 garLoopResultBuilder]: At program point L849(line 849) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse2) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 .cse2))) [2022-11-03 02:08:30,361 INFO L899 garLoopResultBuilder]: For program point L849-1(lines 830 854) no Hoare annotation was computed. [2022-11-03 02:08:30,361 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 830 854) no Hoare annotation was computed. [2022-11-03 02:08:30,361 INFO L895 garLoopResultBuilder]: At program point L844(line 844) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 (= |processEnvironment__wrappee__highWaterSensor_~tmp~6#1| 0) (not (<= ~waterLevel~0 1)) .cse1) (or .cse0 .cse2 (= ~switchedOnBeforeTS~0 0) .cse1) (or .cse0 .cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse1))) [2022-11-03 02:08:30,361 INFO L895 garLoopResultBuilder]: At program point L838(lines 838 846) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 (= |processEnvironment__wrappee__highWaterSensor_~tmp~6#1| 0) (not (<= ~waterLevel~0 1)) .cse1) (or .cse0 .cse2 (= ~switchedOnBeforeTS~0 0) .cse1) (or .cse0 .cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse1))) [2022-11-03 02:08:30,362 INFO L895 garLoopResultBuilder]: At program point L834(lines 834 851) the Hoare annotation is: (or (not (= 1 ~systemActive~0)) (not (<= ~waterLevel~0 2)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|))) [2022-11-03 02:08:30,362 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 220 231) no Hoare annotation was computed. [2022-11-03 02:08:30,362 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 220 231) the Hoare annotation is: (let ((.cse2 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse2 .cse0 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse1) (or .cse2 (not (= ~pumpRunning~0 0)) .cse0 .cse1))) [2022-11-03 02:08:30,363 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 926 934) no Hoare annotation was computed. [2022-11-03 02:08:30,363 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 926 934) the Hoare annotation is: true [2022-11-03 02:08:30,367 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 02:08:30,369 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-03 02:08:30,417 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 03.11 02:08:30 BoogieIcfgContainer [2022-11-03 02:08:30,425 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-03 02:08:30,426 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-03 02:08:30,426 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-03 02:08:30,426 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-03 02:08:30,428 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 03.11 02:07:28" (3/4) ... [2022-11-03 02:08:30,431 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-03 02:08:30,436 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-03 02:08:30,437 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-03 02:08:30,437 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-03 02:08:30,437 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-03 02:08:30,437 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-03 02:08:30,437 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-03 02:08:30,438 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-03 02:08:30,456 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 82 nodes and edges [2022-11-03 02:08:30,457 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 27 nodes and edges [2022-11-03 02:08:30,458 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 13 nodes and edges [2022-11-03 02:08:30,459 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-03 02:08:30,459 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-03 02:08:30,460 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-03 02:08:30,460 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-03 02:08:30,488 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || pumpRunning == switchedOnBeforeTS) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || (((pumpRunning == \old(pumpRunning) && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || pumpRunning == switchedOnBeforeTS) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) [2022-11-03 02:08:30,490 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || (2 <= waterLevel && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \old(waterLevel) == waterLevel + 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || (\old(waterLevel) == waterLevel && (pumpRunning == \old(pumpRunning) || pumpRunning == 1))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || ((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || \old(waterLevel) == waterLevel + 1) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0) [2022-11-03 02:08:30,490 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || (((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \old(waterLevel) == waterLevel + 1) && tmp == waterLevel)) || (((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || ((tmp == waterLevel && \old(waterLevel) == waterLevel) && (pumpRunning == \old(pumpRunning) || pumpRunning == 1))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || \old(waterLevel) == waterLevel) || !(\old(waterLevel) <= 0)) || \old(switchedOnBeforeTS) == 0)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((1 < tmp && tmp == waterLevel) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || (((!(switchedOnBeforeTS == 0) && (\old(waterLevel) == waterLevel + 1 || !(0 < \old(waterLevel)))) && pumpRunning == 0) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && (\old(waterLevel) == waterLevel + 1 || !(0 < \old(waterLevel)))) && tmp == waterLevel) && pumpRunning == switchedOnBeforeTS)) || \old(switchedOnBeforeTS) == 0) [2022-11-03 02:08:30,490 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (((pumpRunning == \old(pumpRunning) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && (pumpRunning == 0 || waterLevel <= 0)) && pumpRunning == switchedOnBeforeTS))) && (((!(1 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && (((!(pumpRunning == 0) && waterLevel <= 1) && 1 <= waterLevel) || ((pumpRunning == 0 && 2 <= waterLevel) && waterLevel <= 2))) && pumpRunning == switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) [2022-11-03 02:08:30,491 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) && ((!(1 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-11-03 02:08:30,491 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || (2 <= waterLevel && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \old(waterLevel) == waterLevel + 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || (\old(waterLevel) == waterLevel && (pumpRunning == \old(pumpRunning) || pumpRunning == 1))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || ((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || \old(waterLevel) == waterLevel + 1) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0) [2022-11-03 02:08:30,491 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(1 == systemActive) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning)) [2022-11-03 02:08:30,492 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (((pumpRunning == \old(pumpRunning) && (\old(waterLevel) == waterLevel + 1 || \old(waterLevel) == waterLevel)) && waterLevel <= 0) && pumpRunning == switchedOnBeforeTS)) || \old(switchedOnBeforeTS) == 0) && ((((((pumpRunning == \old(pumpRunning) && !(\old(pumpRunning) == 0)) && \old(waterLevel) == waterLevel + 1) && pumpRunning == switchedOnBeforeTS) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) || \old(waterLevel) == waterLevel) || \old(switchedOnBeforeTS) == 0)) && ((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) [2022-11-03 02:08:30,494 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(1 == systemActive) || tmp == 0) || !(waterLevel <= 1)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((!(1 == systemActive) || !(waterLevel <= 2)) || switchedOnBeforeTS == 0) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((!(1 == systemActive) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-03 02:08:30,531 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/witness.graphml [2022-11-03 02:08:30,532 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-03 02:08:30,532 INFO L158 Benchmark]: Toolchain (without parser) took 63520.83ms. Allocated memory was 119.5MB in the beginning and 589.3MB in the end (delta: 469.8MB). Free memory was 82.6MB in the beginning and 390.4MB in the end (delta: -307.8MB). Peak memory consumption was 161.5MB. Max. memory is 16.1GB. [2022-11-03 02:08:30,532 INFO L158 Benchmark]: CDTParser took 0.29ms. Allocated memory is still 119.5MB. Free memory is still 100.5MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-03 02:08:30,533 INFO L158 Benchmark]: CACSL2BoogieTranslator took 548.70ms. Allocated memory is still 119.5MB. Free memory was 82.5MB in the beginning and 88.3MB in the end (delta: -5.8MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-11-03 02:08:30,533 INFO L158 Benchmark]: Boogie Procedure Inliner took 49.69ms. Allocated memory is still 119.5MB. Free memory was 87.8MB in the beginning and 85.7MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-03 02:08:30,533 INFO L158 Benchmark]: Boogie Preprocessor took 28.45ms. Allocated memory is still 119.5MB. Free memory was 85.5MB in the beginning and 83.5MB in the end (delta: 2.0MB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-03 02:08:30,534 INFO L158 Benchmark]: RCFGBuilder took 903.37ms. Allocated memory is still 119.5MB. Free memory was 83.5MB in the beginning and 94.2MB in the end (delta: -10.7MB). Peak memory consumption was 36.9MB. Max. memory is 16.1GB. [2022-11-03 02:08:30,534 INFO L158 Benchmark]: TraceAbstraction took 61868.76ms. Allocated memory was 119.5MB in the beginning and 589.3MB in the end (delta: 469.8MB). Free memory was 93.5MB in the beginning and 396.7MB in the end (delta: -303.2MB). Peak memory consumption was 357.7MB. Max. memory is 16.1GB. [2022-11-03 02:08:30,534 INFO L158 Benchmark]: Witness Printer took 105.92ms. Allocated memory is still 589.3MB. Free memory was 396.7MB in the beginning and 390.4MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-03 02:08:30,536 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.29ms. Allocated memory is still 119.5MB. Free memory is still 100.5MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 548.70ms. Allocated memory is still 119.5MB. Free memory was 82.5MB in the beginning and 88.3MB in the end (delta: -5.8MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 49.69ms. Allocated memory is still 119.5MB. Free memory was 87.8MB in the beginning and 85.7MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 28.45ms. Allocated memory is still 119.5MB. Free memory was 85.5MB in the beginning and 83.5MB in the end (delta: 2.0MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 903.37ms. Allocated memory is still 119.5MB. Free memory was 83.5MB in the beginning and 94.2MB in the end (delta: -10.7MB). Peak memory consumption was 36.9MB. Max. memory is 16.1GB. * TraceAbstraction took 61868.76ms. Allocated memory was 119.5MB in the beginning and 589.3MB in the end (delta: 469.8MB). Free memory was 93.5MB in the beginning and 396.7MB in the end (delta: -303.2MB). Peak memory consumption was 357.7MB. Max. memory is 16.1GB. * Witness Printer took 105.92ms. Allocated memory is still 589.3MB. Free memory was 396.7MB in the beginning and 390.4MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 58 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 61.7s, OverallIterations: 10, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 8.9s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 6.6s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2115 SdHoareTripleChecker+Valid, 3.9s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2081 mSDsluCounter, 2379 SdHoareTripleChecker+Invalid, 3.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2203 mSDsCounter, 1289 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 4241 IncrementalHoareTripleChecker+Invalid, 5530 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1289 mSolverCounterUnsat, 653 mSDtfsCounter, 4241 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 883 GetRequests, 599 SyntacticMatches, 8 SemanticMatches, 276 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7779 ImplicationChecksByTransitivity, 22.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=433occurred in iteration=9, InterpolantAutomatonStates: 177, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 10 MinimizatonAttempts, 149 StatesRemovedByMinimization, 6 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 35 LocationsWithAnnotation, 1349 PreInvPairs, 1626 NumberOfFragments, 1785 HoareAnnotationTreeSize, 1349 FomulaSimplifications, 5810 FormulaSimplificationTreeSizeReduction, 0.7s HoareSimplificationTime, 35 FomulaSimplificationsInter, 29485 FormulaSimplificationTreeSizeReductionInter, 5.8s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 4.8s InterpolantComputationTime, 612 NumberOfCodeBlocks, 612 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 804 ConstructedInterpolants, 0 QuantifiedInterpolants, 3039 SizeOfPredicates, 27 NumberOfNonLiveVariables, 1486 ConjunctsInSsa, 65 ConjunctsInUnsatCore, 16 InterpolantComputations, 7 PerfectInterpolantSequences, 296/398 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: -1]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 54]: Loop Invariant Derived loop invariant: (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) && ((!(1 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 834]: Loop Invariant Derived loop invariant: ((!(1 == systemActive) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning)) - InvariantResult [Line: 856]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || (2 <= waterLevel && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \old(waterLevel) == waterLevel + 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || (\old(waterLevel) == waterLevel && (pumpRunning == \old(pumpRunning) || pumpRunning == 1))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || ((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || \old(waterLevel) == waterLevel + 1) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0) - InvariantResult [Line: 109]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 809]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || (2 <= waterLevel && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) && (((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \old(waterLevel) == waterLevel + 1) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || (\old(waterLevel) == waterLevel && (pumpRunning == \old(pumpRunning) || pumpRunning == 1))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || ((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || \old(waterLevel) == waterLevel + 1) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0) - InvariantResult [Line: 690]: Loop Invariant Derived loop invariant: ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || pumpRunning == switchedOnBeforeTS) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || (((pumpRunning == \old(pumpRunning) && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || pumpRunning == switchedOnBeforeTS) || !(2 <= \old(waterLevel)))) && (((!(1 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 186]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 860]: Loop Invariant Derived loop invariant: ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (((pumpRunning == \old(pumpRunning) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && (pumpRunning == 0 || waterLevel <= 0)) && pumpRunning == switchedOnBeforeTS))) && (((!(1 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && (((!(pumpRunning == 0) && waterLevel <= 1) && 1 <= waterLevel) || ((pumpRunning == 0 && 2 <= waterLevel) && waterLevel <= 2))) && pumpRunning == switchedOnBeforeTS)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 838]: Loop Invariant Derived loop invariant: ((((!(1 == systemActive) || tmp == 0) || !(waterLevel <= 1)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((!(1 == systemActive) || !(waterLevel <= 2)) || switchedOnBeforeTS == 0) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((!(1 == systemActive) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 734]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 695]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || (((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && \old(waterLevel) == waterLevel + 1) && tmp == waterLevel)) || (((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || ((tmp == waterLevel && \old(waterLevel) == waterLevel) && (pumpRunning == \old(pumpRunning) || pumpRunning == 1))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || \old(waterLevel) == waterLevel) || !(\old(waterLevel) <= 0)) || \old(switchedOnBeforeTS) == 0)) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((1 < tmp && tmp == waterLevel) && \old(waterLevel) == waterLevel)) || (((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || (((!(switchedOnBeforeTS == 0) && (\old(waterLevel) == waterLevel + 1 || !(0 < \old(waterLevel)))) && pumpRunning == 0) && tmp == waterLevel)) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && (\old(waterLevel) == waterLevel + 1 || !(0 < \old(waterLevel)))) && tmp == waterLevel) && pumpRunning == switchedOnBeforeTS)) || \old(switchedOnBeforeTS) == 0) - InvariantResult [Line: 735]: Loop Invariant Derived loop invariant: ((((2 <= waterLevel && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) || (((waterLevel <= 1 && 1 == systemActive) && splverifierCounter == 0) && pumpRunning == switchedOnBeforeTS)) || (((pumpRunning == 0 && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 99]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 186]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && 1 == systemActive) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS - InvariantResult [Line: 725]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 864]: Loop Invariant Derived loop invariant: ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (((pumpRunning == \old(pumpRunning) && (\old(waterLevel) == waterLevel + 1 || \old(waterLevel) == waterLevel)) && waterLevel <= 0) && pumpRunning == switchedOnBeforeTS)) || \old(switchedOnBeforeTS) == 0) && ((((((pumpRunning == \old(pumpRunning) && !(\old(pumpRunning) == 0)) && \old(waterLevel) == waterLevel + 1) && pumpRunning == switchedOnBeforeTS) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) || \old(waterLevel) == waterLevel) || \old(switchedOnBeforeTS) == 0)) && ((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) RESULT: Ultimate proved your program to be correct! [2022-11-03 02:08:30,603 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c461151-63e4-490a-951d-3af6759abc87/bin/utaipan-7li7fVZpFI/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE