./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 5e519f3a Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/config/TaipanReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/config/svcomp-Reach-32bit-Taipan_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Taipan --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 323b2112d56f35ec9fc5a7837411d8e54d2d46e3d8981d77e080eaf0dd99497b --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-5e519f3 [2022-11-03 03:59:47,440 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-03 03:59:47,443 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-03 03:59:47,476 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-03 03:59:47,477 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-03 03:59:47,478 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-03 03:59:47,480 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-03 03:59:47,482 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-03 03:59:47,484 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-03 03:59:47,485 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-03 03:59:47,486 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-03 03:59:47,487 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-03 03:59:47,488 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-03 03:59:47,489 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-03 03:59:47,490 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-03 03:59:47,492 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-03 03:59:47,493 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-03 03:59:47,494 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-03 03:59:47,496 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-03 03:59:47,498 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-03 03:59:47,500 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-03 03:59:47,501 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-03 03:59:47,503 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-03 03:59:47,504 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-03 03:59:47,508 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-03 03:59:47,508 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-03 03:59:47,508 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-03 03:59:47,510 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-03 03:59:47,510 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-03 03:59:47,512 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-03 03:59:47,512 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-03 03:59:47,513 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-03 03:59:47,514 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-03 03:59:47,515 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-03 03:59:47,516 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-03 03:59:47,516 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-03 03:59:47,517 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-03 03:59:47,517 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-03 03:59:47,518 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-03 03:59:47,519 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-03 03:59:47,520 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-03 03:59:47,528 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/config/svcomp-Reach-32bit-Taipan_Default.epf [2022-11-03 03:59:47,568 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-03 03:59:47,569 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-03 03:59:47,570 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-03 03:59:47,570 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-03 03:59:47,571 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-03 03:59:47,572 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-03 03:59:47,572 INFO L138 SettingsManager]: * User list type=DISABLED [2022-11-03 03:59:47,572 INFO L136 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2022-11-03 03:59:47,572 INFO L138 SettingsManager]: * Explicit value domain=true [2022-11-03 03:59:47,573 INFO L138 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2022-11-03 03:59:47,574 INFO L138 SettingsManager]: * Octagon Domain=false [2022-11-03 03:59:47,574 INFO L138 SettingsManager]: * Abstract domain=CompoundDomain [2022-11-03 03:59:47,574 INFO L138 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2022-11-03 03:59:47,574 INFO L138 SettingsManager]: * Use the RCFG-of-the-future interface=true [2022-11-03 03:59:47,575 INFO L138 SettingsManager]: * Interval Domain=false [2022-11-03 03:59:47,575 INFO L136 SettingsManager]: Preferences of Sifa differ from their defaults: [2022-11-03 03:59:47,575 INFO L138 SettingsManager]: * Call Summarizer=TopInputCallSummarizer [2022-11-03 03:59:47,575 INFO L138 SettingsManager]: * Simplification Technique=POLY_PAC [2022-11-03 03:59:47,576 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-03 03:59:47,576 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-03 03:59:47,577 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-03 03:59:47,577 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-03 03:59:47,577 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-03 03:59:47,579 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-03 03:59:47,579 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-03 03:59:47,579 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-03 03:59:47,579 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-03 03:59:47,580 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-03 03:59:47,580 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-03 03:59:47,580 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-03 03:59:47,580 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-03 03:59:47,581 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-03 03:59:47,581 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-03 03:59:47,581 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-03 03:59:47,582 INFO L138 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2022-11-03 03:59:47,582 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-03 03:59:47,582 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-03 03:59:47,582 INFO L138 SettingsManager]: * Trace refinement strategy=SIFA_TAIPAN [2022-11-03 03:59:47,582 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-03 03:59:47,583 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-03 03:59:47,583 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2022-11-03 03:59:47,584 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Taipan Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 323b2112d56f35ec9fc5a7837411d8e54d2d46e3d8981d77e080eaf0dd99497b [2022-11-03 03:59:47,965 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-03 03:59:47,991 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-03 03:59:47,995 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-03 03:59:47,996 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-03 03:59:47,997 INFO L275 PluginConnector]: CDTParser initialized [2022-11-03 03:59:47,999 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/../../sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c [2022-11-03 03:59:48,078 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/data/052eb0bcc/2c0f2107506a40ceae3b74d6afe00982/FLAGc90d21cd5 [2022-11-03 03:59:48,688 INFO L306 CDTParser]: Found 1 translation units. [2022-11-03 03:59:48,689 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c [2022-11-03 03:59:48,703 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/data/052eb0bcc/2c0f2107506a40ceae3b74d6afe00982/FLAGc90d21cd5 [2022-11-03 03:59:48,900 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/data/052eb0bcc/2c0f2107506a40ceae3b74d6afe00982 [2022-11-03 03:59:48,904 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-03 03:59:48,908 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-03 03:59:48,915 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-03 03:59:48,915 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-03 03:59:48,919 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-03 03:59:48,921 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.11 03:59:48" (1/1) ... [2022-11-03 03:59:48,922 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@49dd8371 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:48, skipping insertion in model container [2022-11-03 03:59:48,923 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.11 03:59:48" (1/1) ... [2022-11-03 03:59:48,934 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-03 03:59:49,013 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-03 03:59:49,439 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c[9626,9639] [2022-11-03 03:59:49,537 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-03 03:59:49,549 INFO L203 MainTranslator]: Completed pre-run [2022-11-03 03:59:49,613 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/sv-benchmarks/c/product-lines/minepump_spec5_product64.cil.c[9626,9639] [2022-11-03 03:59:49,675 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-03 03:59:49,698 INFO L208 MainTranslator]: Completed translation [2022-11-03 03:59:49,699 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49 WrapperNode [2022-11-03 03:59:49,699 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-03 03:59:49,700 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-03 03:59:49,701 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-03 03:59:49,701 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-03 03:59:49,709 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,735 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,783 INFO L138 Inliner]: procedures = 61, calls = 166, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 302 [2022-11-03 03:59:49,785 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-03 03:59:49,786 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-03 03:59:49,786 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-03 03:59:49,787 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-03 03:59:49,796 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,796 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,810 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,819 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,825 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,835 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,837 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,839 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,847 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-03 03:59:49,848 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-03 03:59:49,848 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-03 03:59:49,848 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-03 03:59:49,850 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (1/1) ... [2022-11-03 03:59:49,857 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-03 03:59:49,869 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 03:59:49,888 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-03 03:59:49,904 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-03 03:59:49,947 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-03 03:59:49,947 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-03 03:59:49,948 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-03 03:59:49,948 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-03 03:59:49,948 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-03 03:59:49,948 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-03 03:59:49,948 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-03 03:59:49,948 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-03 03:59:49,949 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-03 03:59:49,949 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-03 03:59:49,949 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-03 03:59:49,949 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__methaneQuery [2022-11-03 03:59:49,949 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__methaneQuery [2022-11-03 03:59:49,949 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-03 03:59:49,949 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-03 03:59:49,950 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2022-11-03 03:59:49,950 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2022-11-03 03:59:49,950 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-03 03:59:49,950 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-03 03:59:49,950 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-03 03:59:49,950 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-03 03:59:49,951 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-03 03:59:49,951 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-03 03:59:49,951 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-03 03:59:50,081 INFO L235 CfgBuilder]: Building ICFG [2022-11-03 03:59:50,083 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-03 03:59:50,594 INFO L276 CfgBuilder]: Performing block encoding [2022-11-03 03:59:50,699 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-03 03:59:50,699 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-03 03:59:50,702 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 03.11 03:59:50 BoogieIcfgContainer [2022-11-03 03:59:50,702 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-03 03:59:50,704 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-03 03:59:50,705 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-03 03:59:50,709 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-03 03:59:50,709 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 03.11 03:59:48" (1/3) ... [2022-11-03 03:59:50,710 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@66b68831 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.11 03:59:50, skipping insertion in model container [2022-11-03 03:59:50,710 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.11 03:59:49" (2/3) ... [2022-11-03 03:59:50,710 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@66b68831 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.11 03:59:50, skipping insertion in model container [2022-11-03 03:59:50,711 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 03.11 03:59:50" (3/3) ... [2022-11-03 03:59:50,712 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product64.cil.c [2022-11-03 03:59:50,733 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-03 03:59:50,733 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-03 03:59:50,788 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-03 03:59:50,795 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@6d272687, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-03 03:59:50,795 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-03 03:59:50,800 INFO L276 IsEmpty]: Start isEmpty. Operand has 80 states, 49 states have (on average 1.4285714285714286) internal successors, (70), 60 states have internal predecessors, (70), 19 states have call successors, (19), 10 states have call predecessors, (19), 10 states have return successors, (19), 14 states have call predecessors, (19), 19 states have call successors, (19) [2022-11-03 03:59:50,816 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-03 03:59:50,817 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:50,818 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:50,819 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:50,828 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:50,829 INFO L85 PathProgramCache]: Analyzing trace with hash 997885803, now seen corresponding path program 1 times [2022-11-03 03:59:50,840 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:50,841 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [179259734] [2022-11-03 03:59:50,842 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:50,842 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:51,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:51,180 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 03:59:51,181 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:51,181 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [179259734] [2022-11-03 03:59:51,182 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [179259734] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:51,182 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:51,182 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-03 03:59:51,184 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [676367171] [2022-11-03 03:59:51,185 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:51,190 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-03 03:59:51,192 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:51,235 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-03 03:59:51,236 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-03 03:59:51,240 INFO L87 Difference]: Start difference. First operand has 80 states, 49 states have (on average 1.4285714285714286) internal successors, (70), 60 states have internal predecessors, (70), 19 states have call successors, (19), 10 states have call predecessors, (19), 10 states have return successors, (19), 14 states have call predecessors, (19), 19 states have call successors, (19) Second operand has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 03:59:51,375 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:51,375 INFO L93 Difference]: Finished difference Result 158 states and 217 transitions. [2022-11-03 03:59:51,377 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-03 03:59:51,378 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 21 [2022-11-03 03:59:51,379 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:51,390 INFO L225 Difference]: With dead ends: 158 [2022-11-03 03:59:51,391 INFO L226 Difference]: Without dead ends: 75 [2022-11-03 03:59:51,396 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-03 03:59:51,400 INFO L413 NwaCegarLoop]: 86 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 19 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 86 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 19 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:51,401 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 86 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 19 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-03 03:59:51,420 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2022-11-03 03:59:51,456 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 75. [2022-11-03 03:59:51,459 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 75 states, 46 states have (on average 1.3478260869565217) internal successors, (62), 56 states have internal predecessors, (62), 19 states have call successors, (19), 10 states have call predecessors, (19), 9 states have return successors, (18), 13 states have call predecessors, (18), 18 states have call successors, (18) [2022-11-03 03:59:51,468 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 75 states to 75 states and 99 transitions. [2022-11-03 03:59:51,470 INFO L78 Accepts]: Start accepts. Automaton has 75 states and 99 transitions. Word has length 21 [2022-11-03 03:59:51,472 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:51,472 INFO L495 AbstractCegarLoop]: Abstraction has 75 states and 99 transitions. [2022-11-03 03:59:51,473 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 03:59:51,474 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 99 transitions. [2022-11-03 03:59:51,480 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2022-11-03 03:59:51,480 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:51,480 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:51,480 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-03 03:59:51,481 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:51,482 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:51,482 INFO L85 PathProgramCache]: Analyzing trace with hash -20530876, now seen corresponding path program 1 times [2022-11-03 03:59:51,482 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:51,483 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [662048672] [2022-11-03 03:59:51,483 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:51,483 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:51,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:51,664 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 03:59:51,665 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:51,665 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [662048672] [2022-11-03 03:59:51,667 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [662048672] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:51,668 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:51,668 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-03 03:59:51,669 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [83565812] [2022-11-03 03:59:51,670 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:51,671 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-03 03:59:51,672 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:51,673 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-03 03:59:51,673 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 03:59:51,673 INFO L87 Difference]: Start difference. First operand 75 states and 99 transitions. Second operand has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 03:59:51,773 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:51,774 INFO L93 Difference]: Finished difference Result 122 states and 160 transitions. [2022-11-03 03:59:51,775 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-03 03:59:51,775 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 22 [2022-11-03 03:59:51,776 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:51,777 INFO L225 Difference]: With dead ends: 122 [2022-11-03 03:59:51,777 INFO L226 Difference]: Without dead ends: 67 [2022-11-03 03:59:51,778 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 03:59:51,779 INFO L413 NwaCegarLoop]: 72 mSDtfsCounter, 14 mSDsluCounter, 68 mSDsCounter, 0 mSdLazyCounter, 28 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 128 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 28 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:51,780 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [18 Valid, 128 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 28 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-03 03:59:51,781 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2022-11-03 03:59:51,797 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2022-11-03 03:59:51,798 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 67 states, 41 states have (on average 1.3658536585365855) internal successors, (56), 51 states have internal predecessors, (56), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-03 03:59:51,800 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 88 transitions. [2022-11-03 03:59:51,800 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 88 transitions. Word has length 22 [2022-11-03 03:59:51,801 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:51,802 INFO L495 AbstractCegarLoop]: Abstraction has 67 states and 88 transitions. [2022-11-03 03:59:51,802 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 03:59:51,802 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 88 transitions. [2022-11-03 03:59:51,809 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-11-03 03:59:51,809 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:51,809 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:51,809 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-03 03:59:51,810 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:51,810 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:51,810 INFO L85 PathProgramCache]: Analyzing trace with hash 1030296859, now seen corresponding path program 1 times [2022-11-03 03:59:51,810 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:51,811 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [476774133] [2022-11-03 03:59:51,811 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:51,811 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:51,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:51,971 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 03:59:51,972 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:51,972 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [476774133] [2022-11-03 03:59:51,972 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [476774133] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:51,972 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:51,972 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-03 03:59:51,972 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1611265025] [2022-11-03 03:59:51,973 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:51,973 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-03 03:59:51,973 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:51,974 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-03 03:59:51,974 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-03 03:59:51,974 INFO L87 Difference]: Start difference. First operand 67 states and 88 transitions. Second operand has 4 states, 4 states have (on average 4.75) internal successors, (19), 4 states have internal predecessors, (19), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-03 03:59:52,143 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:52,143 INFO L93 Difference]: Finished difference Result 168 states and 221 transitions. [2022-11-03 03:59:52,144 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-03 03:59:52,144 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 4.75) internal successors, (19), 4 states have internal predecessors, (19), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 25 [2022-11-03 03:59:52,145 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:52,153 INFO L225 Difference]: With dead ends: 168 [2022-11-03 03:59:52,153 INFO L226 Difference]: Without dead ends: 103 [2022-11-03 03:59:52,155 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-11-03 03:59:52,162 INFO L413 NwaCegarLoop]: 83 mSDtfsCounter, 109 mSDsluCounter, 120 mSDsCounter, 0 mSdLazyCounter, 47 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 113 SdHoareTripleChecker+Valid, 182 SdHoareTripleChecker+Invalid, 56 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 47 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:52,163 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [113 Valid, 182 Invalid, 56 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 47 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-03 03:59:52,164 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 103 states. [2022-11-03 03:59:52,187 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 103 to 100. [2022-11-03 03:59:52,188 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 100 states, 63 states have (on average 1.3650793650793651) internal successors, (86), 76 states have internal predecessors, (86), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (23), 16 states have call predecessors, (23), 22 states have call successors, (23) [2022-11-03 03:59:52,189 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 100 states to 100 states and 131 transitions. [2022-11-03 03:59:52,189 INFO L78 Accepts]: Start accepts. Automaton has 100 states and 131 transitions. Word has length 25 [2022-11-03 03:59:52,189 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:52,190 INFO L495 AbstractCegarLoop]: Abstraction has 100 states and 131 transitions. [2022-11-03 03:59:52,190 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 4.75) internal successors, (19), 4 states have internal predecessors, (19), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-03 03:59:52,190 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 131 transitions. [2022-11-03 03:59:52,191 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-11-03 03:59:52,192 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:52,192 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:52,192 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-03 03:59:52,192 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:52,193 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:52,193 INFO L85 PathProgramCache]: Analyzing trace with hash 1909510217, now seen corresponding path program 1 times [2022-11-03 03:59:52,193 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:52,194 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [991187019] [2022-11-03 03:59:52,194 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:52,194 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:52,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:52,396 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-03 03:59:52,396 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:52,397 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [991187019] [2022-11-03 03:59:52,397 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [991187019] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:52,397 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:52,397 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-03 03:59:52,398 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1854757116] [2022-11-03 03:59:52,398 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:52,399 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-03 03:59:52,399 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:52,400 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-03 03:59:52,400 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-03 03:59:52,400 INFO L87 Difference]: Start difference. First operand 100 states and 131 transitions. Second operand has 6 states, 5 states have (on average 4.6) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 03:59:52,630 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:52,630 INFO L93 Difference]: Finished difference Result 243 states and 329 transitions. [2022-11-03 03:59:52,631 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-03 03:59:52,631 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 4.6) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 28 [2022-11-03 03:59:52,632 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:52,633 INFO L225 Difference]: With dead ends: 243 [2022-11-03 03:59:52,633 INFO L226 Difference]: Without dead ends: 145 [2022-11-03 03:59:52,635 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-03 03:59:52,636 INFO L413 NwaCegarLoop]: 80 mSDtfsCounter, 45 mSDsluCounter, 301 mSDsCounter, 0 mSdLazyCounter, 139 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 46 SdHoareTripleChecker+Valid, 338 SdHoareTripleChecker+Invalid, 150 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 139 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:52,636 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [46 Valid, 338 Invalid, 150 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 139 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-03 03:59:52,637 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 145 states. [2022-11-03 03:59:52,668 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 145 to 138. [2022-11-03 03:59:52,668 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 138 states, 90 states have (on average 1.2777777777777777) internal successors, (115), 101 states have internal predecessors, (115), 26 states have call successors, (26), 21 states have call predecessors, (26), 21 states have return successors, (34), 24 states have call predecessors, (34), 26 states have call successors, (34) [2022-11-03 03:59:52,671 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 138 states to 138 states and 175 transitions. [2022-11-03 03:59:52,671 INFO L78 Accepts]: Start accepts. Automaton has 138 states and 175 transitions. Word has length 28 [2022-11-03 03:59:52,672 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:52,672 INFO L495 AbstractCegarLoop]: Abstraction has 138 states and 175 transitions. [2022-11-03 03:59:52,672 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 4.6) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-03 03:59:52,673 INFO L276 IsEmpty]: Start isEmpty. Operand 138 states and 175 transitions. [2022-11-03 03:59:52,675 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 46 [2022-11-03 03:59:52,675 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:52,676 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:52,676 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-03 03:59:52,677 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:52,677 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:52,677 INFO L85 PathProgramCache]: Analyzing trace with hash 793299814, now seen corresponding path program 1 times [2022-11-03 03:59:52,678 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:52,678 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [978148204] [2022-11-03 03:59:52,678 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:52,678 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:52,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:52,759 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 03:59:52,759 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:52,760 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [978148204] [2022-11-03 03:59:52,763 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [978148204] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:52,764 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:52,764 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-03 03:59:52,764 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [629946152] [2022-11-03 03:59:52,766 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:52,767 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-03 03:59:52,768 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:52,769 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-03 03:59:52,769 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 03:59:52,771 INFO L87 Difference]: Start difference. First operand 138 states and 175 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 3 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-03 03:59:52,855 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:52,855 INFO L93 Difference]: Finished difference Result 276 states and 350 transitions. [2022-11-03 03:59:52,855 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-03 03:59:52,856 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 3 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) Word has length 45 [2022-11-03 03:59:52,856 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:52,857 INFO L225 Difference]: With dead ends: 276 [2022-11-03 03:59:52,857 INFO L226 Difference]: Without dead ends: 140 [2022-11-03 03:59:52,858 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-03 03:59:52,859 INFO L413 NwaCegarLoop]: 94 mSDtfsCounter, 30 mSDsluCounter, 83 mSDsCounter, 0 mSdLazyCounter, 41 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 30 SdHoareTripleChecker+Valid, 164 SdHoareTripleChecker+Invalid, 41 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 41 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:52,860 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [30 Valid, 164 Invalid, 41 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 41 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-03 03:59:52,861 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 140 states. [2022-11-03 03:59:52,881 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 140 to 138. [2022-11-03 03:59:52,884 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 138 states, 90 states have (on average 1.2666666666666666) internal successors, (114), 101 states have internal predecessors, (114), 26 states have call successors, (26), 21 states have call predecessors, (26), 21 states have return successors, (32), 24 states have call predecessors, (32), 26 states have call successors, (32) [2022-11-03 03:59:52,885 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 138 states to 138 states and 172 transitions. [2022-11-03 03:59:52,886 INFO L78 Accepts]: Start accepts. Automaton has 138 states and 172 transitions. Word has length 45 [2022-11-03 03:59:52,886 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:52,886 INFO L495 AbstractCegarLoop]: Abstraction has 138 states and 172 transitions. [2022-11-03 03:59:52,886 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 3 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-03 03:59:52,887 INFO L276 IsEmpty]: Start isEmpty. Operand 138 states and 172 transitions. [2022-11-03 03:59:52,888 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-11-03 03:59:52,888 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:52,888 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:52,888 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-03 03:59:52,889 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:52,889 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:52,889 INFO L85 PathProgramCache]: Analyzing trace with hash 107775188, now seen corresponding path program 1 times [2022-11-03 03:59:52,889 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:52,890 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [898370608] [2022-11-03 03:59:52,909 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:52,909 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:52,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:53,301 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 03:59:53,302 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:53,302 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [898370608] [2022-11-03 03:59:53,302 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [898370608] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:53,302 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:53,302 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-03 03:59:53,303 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [78669755] [2022-11-03 03:59:53,303 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:53,303 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-03 03:59:53,304 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:53,304 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-03 03:59:53,304 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-11-03 03:59:53,305 INFO L87 Difference]: Start difference. First operand 138 states and 172 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 5 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-03 03:59:53,541 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:53,542 INFO L93 Difference]: Finished difference Result 417 states and 521 transitions. [2022-11-03 03:59:53,542 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-03 03:59:53,543 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 5 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 5 states have call successors, (5) Word has length 42 [2022-11-03 03:59:53,543 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:53,548 INFO L225 Difference]: With dead ends: 417 [2022-11-03 03:59:53,549 INFO L226 Difference]: Without dead ends: 281 [2022-11-03 03:59:53,549 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=26, Unknown=0, NotChecked=0, Total=42 [2022-11-03 03:59:53,553 INFO L413 NwaCegarLoop]: 113 mSDtfsCounter, 159 mSDsluCounter, 149 mSDsCounter, 0 mSdLazyCounter, 114 mSolverCounterSat, 45 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 160 SdHoareTripleChecker+Valid, 243 SdHoareTripleChecker+Invalid, 159 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 45 IncrementalHoareTripleChecker+Valid, 114 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:53,556 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [160 Valid, 243 Invalid, 159 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [45 Valid, 114 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-03 03:59:53,558 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 281 states. [2022-11-03 03:59:53,610 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 281 to 276. [2022-11-03 03:59:53,611 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 276 states, 181 states have (on average 1.2651933701657458) internal successors, (229), 201 states have internal predecessors, (229), 51 states have call successors, (51), 43 states have call predecessors, (51), 43 states have return successors, (63), 46 states have call predecessors, (63), 51 states have call successors, (63) [2022-11-03 03:59:53,614 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 276 states to 276 states and 343 transitions. [2022-11-03 03:59:53,615 INFO L78 Accepts]: Start accepts. Automaton has 276 states and 343 transitions. Word has length 42 [2022-11-03 03:59:53,616 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:53,617 INFO L495 AbstractCegarLoop]: Abstraction has 276 states and 343 transitions. [2022-11-03 03:59:53,617 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 5 states have call successors, (6), 2 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-03 03:59:53,617 INFO L276 IsEmpty]: Start isEmpty. Operand 276 states and 343 transitions. [2022-11-03 03:59:53,620 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 46 [2022-11-03 03:59:53,620 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:53,620 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:53,621 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-03 03:59:53,621 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:53,621 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:53,622 INFO L85 PathProgramCache]: Analyzing trace with hash -1390280611, now seen corresponding path program 1 times [2022-11-03 03:59:53,622 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:53,622 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1128438079] [2022-11-03 03:59:53,622 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:53,622 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:53,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:54,071 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-03 03:59:54,071 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:54,072 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1128438079] [2022-11-03 03:59:54,072 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1128438079] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:54,072 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:54,072 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-03 03:59:54,073 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [298455157] [2022-11-03 03:59:54,073 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:54,073 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-03 03:59:54,073 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:54,074 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-03 03:59:54,075 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=39, Unknown=0, NotChecked=0, Total=56 [2022-11-03 03:59:54,076 INFO L87 Difference]: Start difference. First operand 276 states and 343 transitions. Second operand has 8 states, 7 states have (on average 4.428571428571429) internal successors, (31), 7 states have internal predecessors, (31), 5 states have call successors, (7), 3 states have call predecessors, (7), 2 states have return successors, (6), 4 states have call predecessors, (6), 5 states have call successors, (6) [2022-11-03 03:59:54,733 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:54,733 INFO L93 Difference]: Finished difference Result 619 states and 781 transitions. [2022-11-03 03:59:54,734 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-11-03 03:59:54,734 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 4.428571428571429) internal successors, (31), 7 states have internal predecessors, (31), 5 states have call successors, (7), 3 states have call predecessors, (7), 2 states have return successors, (6), 4 states have call predecessors, (6), 5 states have call successors, (6) Word has length 45 [2022-11-03 03:59:54,735 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:54,738 INFO L225 Difference]: With dead ends: 619 [2022-11-03 03:59:54,739 INFO L226 Difference]: Without dead ends: 441 [2022-11-03 03:59:54,740 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=67, Invalid=143, Unknown=0, NotChecked=0, Total=210 [2022-11-03 03:59:54,744 INFO L413 NwaCegarLoop]: 100 mSDtfsCounter, 270 mSDsluCounter, 229 mSDsCounter, 0 mSdLazyCounter, 388 mSolverCounterSat, 125 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 280 SdHoareTripleChecker+Valid, 298 SdHoareTripleChecker+Invalid, 513 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 125 IncrementalHoareTripleChecker+Valid, 388 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:54,745 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [280 Valid, 298 Invalid, 513 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [125 Valid, 388 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-03 03:59:54,747 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 441 states. [2022-11-03 03:59:54,851 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 441 to 387. [2022-11-03 03:59:54,853 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 387 states, 257 states have (on average 1.2529182879377432) internal successors, (322), 284 states have internal predecessors, (322), 69 states have call successors, (69), 54 states have call predecessors, (69), 60 states have return successors, (88), 68 states have call predecessors, (88), 69 states have call successors, (88) [2022-11-03 03:59:54,858 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 387 states to 387 states and 479 transitions. [2022-11-03 03:59:54,859 INFO L78 Accepts]: Start accepts. Automaton has 387 states and 479 transitions. Word has length 45 [2022-11-03 03:59:54,859 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:54,859 INFO L495 AbstractCegarLoop]: Abstraction has 387 states and 479 transitions. [2022-11-03 03:59:54,860 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 4.428571428571429) internal successors, (31), 7 states have internal predecessors, (31), 5 states have call successors, (7), 3 states have call predecessors, (7), 2 states have return successors, (6), 4 states have call predecessors, (6), 5 states have call successors, (6) [2022-11-03 03:59:54,860 INFO L276 IsEmpty]: Start isEmpty. Operand 387 states and 479 transitions. [2022-11-03 03:59:54,863 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-11-03 03:59:54,864 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:54,864 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:54,864 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-03 03:59:54,865 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:54,865 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:54,866 INFO L85 PathProgramCache]: Analyzing trace with hash 1092415673, now seen corresponding path program 1 times [2022-11-03 03:59:54,866 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:54,866 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1034590161] [2022-11-03 03:59:54,867 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:54,872 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:54,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:55,022 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 8 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-11-03 03:59:55,023 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:55,023 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1034590161] [2022-11-03 03:59:55,023 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1034590161] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-03 03:59:55,023 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-03 03:59:55,024 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-03 03:59:55,024 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [379509482] [2022-11-03 03:59:55,024 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-03 03:59:55,025 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-03 03:59:55,025 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 03:59:55,026 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-03 03:59:55,026 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-03 03:59:55,026 INFO L87 Difference]: Start difference. First operand 387 states and 479 transitions. Second operand has 5 states, 5 states have (on average 8.4) internal successors, (42), 5 states have internal predecessors, (42), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-03 03:59:55,311 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 03:59:55,311 INFO L93 Difference]: Finished difference Result 609 states and 760 transitions. [2022-11-03 03:59:55,312 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-03 03:59:55,312 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 5 states have internal predecessors, (42), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) Word has length 85 [2022-11-03 03:59:55,313 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 03:59:55,315 INFO L225 Difference]: With dead ends: 609 [2022-11-03 03:59:55,316 INFO L226 Difference]: Without dead ends: 414 [2022-11-03 03:59:55,317 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-03 03:59:55,317 INFO L413 NwaCegarLoop]: 96 mSDtfsCounter, 118 mSDsluCounter, 157 mSDsCounter, 0 mSdLazyCounter, 183 mSolverCounterSat, 59 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 123 SdHoareTripleChecker+Valid, 225 SdHoareTripleChecker+Invalid, 242 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 59 IncrementalHoareTripleChecker+Valid, 183 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-03 03:59:55,318 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [123 Valid, 225 Invalid, 242 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [59 Valid, 183 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-03 03:59:55,319 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 414 states. [2022-11-03 03:59:55,365 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 414 to 408. [2022-11-03 03:59:55,366 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 408 states, 272 states have (on average 1.2352941176470589) internal successors, (336), 298 states have internal predecessors, (336), 71 states have call successors, (71), 56 states have call predecessors, (71), 64 states have return successors, (86), 73 states have call predecessors, (86), 71 states have call successors, (86) [2022-11-03 03:59:55,368 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 408 states to 408 states and 493 transitions. [2022-11-03 03:59:55,369 INFO L78 Accepts]: Start accepts. Automaton has 408 states and 493 transitions. Word has length 85 [2022-11-03 03:59:55,369 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 03:59:55,370 INFO L495 AbstractCegarLoop]: Abstraction has 408 states and 493 transitions. [2022-11-03 03:59:55,370 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.4) internal successors, (42), 5 states have internal predecessors, (42), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-03 03:59:55,370 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 493 transitions. [2022-11-03 03:59:55,371 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 81 [2022-11-03 03:59:55,372 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 03:59:55,372 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 03:59:55,372 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-11-03 03:59:55,372 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 03:59:55,373 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 03:59:55,373 INFO L85 PathProgramCache]: Analyzing trace with hash 1599532940, now seen corresponding path program 1 times [2022-11-03 03:59:55,373 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 03:59:55,373 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1729373017] [2022-11-03 03:59:55,374 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:55,374 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 03:59:55,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:55,937 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 24 proven. 7 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-11-03 03:59:55,937 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 03:59:55,937 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1729373017] [2022-11-03 03:59:55,937 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1729373017] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 03:59:55,938 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [208118942] [2022-11-03 03:59:55,938 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 03:59:55,938 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 03:59:55,938 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 03:59:55,940 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 03:59:55,967 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-03 03:59:56,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 03:59:56,100 INFO L263 TraceCheckSpWp]: Trace formula consists of 500 conjuncts, 22 conjunts are in the unsatisfiable core [2022-11-03 03:59:56,108 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 03:59:56,342 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 36 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-03 03:59:56,342 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 03:59:56,570 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 16 proven. 1 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2022-11-03 03:59:56,570 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [208118942] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 03:59:56,570 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1991997022] [2022-11-03 03:59:56,594 INFO L159 IcfgInterpreter]: Started Sifa with 46 locations of interest [2022-11-03 03:59:56,594 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 03:59:56,599 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 03:59:56,605 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 03:59:56,605 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 04:00:03,790 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 53 for LOIs [2022-11-03 04:00:03,814 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 49 for LOIs [2022-11-03 04:00:04,507 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 24 for LOIs [2022-11-03 04:00:04,509 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 29 for LOIs [2022-11-03 04:00:04,595 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 26 for LOIs [2022-11-03 04:00:04,743 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 28 for LOIs [2022-11-03 04:00:04,746 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 04:00:13,769 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '7053#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= ~methaneLevelCritical~0 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| |timeShift_getWaterLevel_#res#1|) (= ~head~0.offset 0) (= 1 ~systemActive~0) (= |old(~pumpRunning~0)| 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| ~waterLevel~0) (= |old(~waterLevel~0)| ~waterLevel~0) (= ~head~0.base 0) (= |#NULL.offset| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (<= |timeShift_getWaterLevel_~retValue_acc~5#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~pumpRunning~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 2 |timeShift_getWaterLevel_~retValue_acc~5#1|) (= |old(~switchedOnBeforeTS~0)| 0))' at error location [2022-11-03 04:00:13,769 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 04:00:13,769 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 04:00:13,770 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 6, 6] total 21 [2022-11-03 04:00:13,770 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [510430638] [2022-11-03 04:00:13,770 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 04:00:13,771 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 21 states [2022-11-03 04:00:13,771 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 04:00:13,771 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 21 interpolants. [2022-11-03 04:00:13,773 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=281, Invalid=2475, Unknown=0, NotChecked=0, Total=2756 [2022-11-03 04:00:13,773 INFO L87 Difference]: Start difference. First operand 408 states and 493 transitions. Second operand has 21 states, 18 states have (on average 5.388888888888889) internal successors, (97), 18 states have internal predecessors, (97), 7 states have call successors, (21), 5 states have call predecessors, (21), 7 states have return successors, (23), 10 states have call predecessors, (23), 7 states have call successors, (23) [2022-11-03 04:00:19,740 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 04:00:19,740 INFO L93 Difference]: Finished difference Result 2099 states and 2854 transitions. [2022-11-03 04:00:19,740 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 95 states. [2022-11-03 04:00:19,741 INFO L78 Accepts]: Start accepts. Automaton has has 21 states, 18 states have (on average 5.388888888888889) internal successors, (97), 18 states have internal predecessors, (97), 7 states have call successors, (21), 5 states have call predecessors, (21), 7 states have return successors, (23), 10 states have call predecessors, (23), 7 states have call successors, (23) Word has length 80 [2022-11-03 04:00:19,741 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 04:00:19,751 INFO L225 Difference]: With dead ends: 2099 [2022-11-03 04:00:19,752 INFO L226 Difference]: Without dead ends: 1637 [2022-11-03 04:00:19,762 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 383 GetRequests, 231 SyntacticMatches, 11 SemanticMatches, 141 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7734 ImplicationChecksByTransitivity, 11.5s TimeCoverageRelationStatistics Valid=1595, Invalid=18711, Unknown=0, NotChecked=0, Total=20306 [2022-11-03 04:00:19,762 INFO L413 NwaCegarLoop]: 181 mSDtfsCounter, 1084 mSDsluCounter, 2122 mSDsCounter, 0 mSdLazyCounter, 4320 mSolverCounterSat, 963 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1095 SdHoareTripleChecker+Valid, 2004 SdHoareTripleChecker+Invalid, 5283 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.1s SdHoareTripleChecker+Time, 963 IncrementalHoareTripleChecker+Valid, 4320 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.3s IncrementalHoareTripleChecker+Time [2022-11-03 04:00:19,763 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1095 Valid, 2004 Invalid, 5283 Unknown, 0 Unchecked, 0.1s Time], IncrementalHoareTripleChecker [963 Valid, 4320 Invalid, 0 Unknown, 0 Unchecked, 3.3s Time] [2022-11-03 04:00:19,765 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1637 states. [2022-11-03 04:00:19,916 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1637 to 1111. [2022-11-03 04:00:19,918 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1111 states, 754 states have (on average 1.2307692307692308) internal successors, (928), 808 states have internal predecessors, (928), 183 states have call successors, (183), 161 states have call predecessors, (183), 173 states have return successors, (266), 179 states have call predecessors, (266), 183 states have call successors, (266) [2022-11-03 04:00:19,924 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1111 states to 1111 states and 1377 transitions. [2022-11-03 04:00:19,925 INFO L78 Accepts]: Start accepts. Automaton has 1111 states and 1377 transitions. Word has length 80 [2022-11-03 04:00:19,925 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 04:00:19,926 INFO L495 AbstractCegarLoop]: Abstraction has 1111 states and 1377 transitions. [2022-11-03 04:00:19,926 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 21 states, 18 states have (on average 5.388888888888889) internal successors, (97), 18 states have internal predecessors, (97), 7 states have call successors, (21), 5 states have call predecessors, (21), 7 states have return successors, (23), 10 states have call predecessors, (23), 7 states have call successors, (23) [2022-11-03 04:00:19,926 INFO L276 IsEmpty]: Start isEmpty. Operand 1111 states and 1377 transitions. [2022-11-03 04:00:19,928 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 85 [2022-11-03 04:00:19,929 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 04:00:19,929 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 04:00:19,959 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-03 04:00:20,143 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:00:20,143 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 04:00:20,144 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 04:00:20,144 INFO L85 PathProgramCache]: Analyzing trace with hash -1503358146, now seen corresponding path program 1 times [2022-11-03 04:00:20,144 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 04:00:20,144 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1175102047] [2022-11-03 04:00:20,144 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 04:00:20,144 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 04:00:20,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 04:00:20,262 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 7 proven. 1 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-11-03 04:00:20,263 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 04:00:20,263 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1175102047] [2022-11-03 04:00:20,263 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1175102047] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 04:00:20,263 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1877057450] [2022-11-03 04:00:20,264 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 04:00:20,264 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:00:20,264 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 04:00:20,265 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 04:00:20,291 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-03 04:00:20,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 04:00:20,397 INFO L263 TraceCheckSpWp]: Trace formula consists of 507 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-03 04:00:20,400 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 04:00:20,457 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 20 proven. 1 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-11-03 04:00:20,458 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 04:00:20,589 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 7 proven. 1 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-11-03 04:00:20,589 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1877057450] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 04:00:20,589 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1258042809] [2022-11-03 04:00:20,597 INFO L159 IcfgInterpreter]: Started Sifa with 55 locations of interest [2022-11-03 04:00:20,597 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 04:00:20,598 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 04:00:20,599 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 04:00:20,599 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 04:00:26,122 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 32 for LOIs [2022-11-03 04:00:26,126 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 29 for LOIs [2022-11-03 04:00:26,313 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 53 for LOIs [2022-11-03 04:00:26,324 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 63 for LOIs [2022-11-03 04:00:26,868 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 34 for LOIs [2022-11-03 04:00:27,020 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 60 for LOIs [2022-11-03 04:00:27,034 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__base with input of size 32 for LOIs [2022-11-03 04:00:27,036 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 04:00:33,650 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '12659#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (<= ~pumpRunning~0 2147483647) (= ~methaneLevelCritical~0 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| |timeShift_getWaterLevel_#res#1|) (<= 0 (+ 2147483648 |old(~pumpRunning~0)|)) (= ~head~0.offset 0) (<= |old(~pumpRunning~0)| 2147483647) (= 1 ~systemActive~0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| ~waterLevel~0) (= ~head~0.base 0) (<= 0 (+ ~pumpRunning~0 2147483648)) (= |#NULL.offset| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (<= |timeShift_getWaterLevel_~retValue_acc~5#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-03 04:00:33,651 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 04:00:33,651 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 04:00:33,651 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6, 6] total 9 [2022-11-03 04:00:33,651 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [689556781] [2022-11-03 04:00:33,651 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 04:00:33,652 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-11-03 04:00:33,652 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 04:00:33,653 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-11-03 04:00:33,654 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=259, Invalid=2093, Unknown=0, NotChecked=0, Total=2352 [2022-11-03 04:00:33,654 INFO L87 Difference]: Start difference. First operand 1111 states and 1377 transitions. Second operand has 9 states, 7 states have (on average 8.571428571428571) internal successors, (60), 7 states have internal predecessors, (60), 2 states have call successors, (16), 2 states have call predecessors, (16), 4 states have return successors, (18), 4 states have call predecessors, (18), 2 states have call successors, (18) [2022-11-03 04:00:34,593 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 04:00:34,593 INFO L93 Difference]: Finished difference Result 1363 states and 1730 transitions. [2022-11-03 04:00:34,593 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-03 04:00:34,594 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 7 states have (on average 8.571428571428571) internal successors, (60), 7 states have internal predecessors, (60), 2 states have call successors, (16), 2 states have call predecessors, (16), 4 states have return successors, (18), 4 states have call predecessors, (18), 2 states have call successors, (18) Word has length 84 [2022-11-03 04:00:34,596 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 04:00:34,606 INFO L225 Difference]: With dead ends: 1363 [2022-11-03 04:00:34,606 INFO L226 Difference]: Without dead ends: 1361 [2022-11-03 04:00:34,609 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 274 GetRequests, 208 SyntacticMatches, 5 SemanticMatches, 61 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1411 ImplicationChecksByTransitivity, 6.9s TimeCoverageRelationStatistics Valid=375, Invalid=3531, Unknown=0, NotChecked=0, Total=3906 [2022-11-03 04:00:34,610 INFO L413 NwaCegarLoop]: 165 mSDtfsCounter, 168 mSDsluCounter, 534 mSDsCounter, 0 mSdLazyCounter, 559 mSolverCounterSat, 82 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 173 SdHoareTripleChecker+Valid, 575 SdHoareTripleChecker+Invalid, 641 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 82 IncrementalHoareTripleChecker+Valid, 559 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-03 04:00:34,611 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [173 Valid, 575 Invalid, 641 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [82 Valid, 559 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-03 04:00:34,614 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1361 states. [2022-11-03 04:00:34,744 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1361 to 1161. [2022-11-03 04:00:34,746 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1161 states, 789 states have (on average 1.2281368821292775) internal successors, (969), 847 states have internal predecessors, (969), 191 states have call successors, (191), 169 states have call predecessors, (191), 180 states have return successors, (284), 184 states have call predecessors, (284), 191 states have call successors, (284) [2022-11-03 04:00:34,753 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1161 states to 1161 states and 1444 transitions. [2022-11-03 04:00:34,754 INFO L78 Accepts]: Start accepts. Automaton has 1161 states and 1444 transitions. Word has length 84 [2022-11-03 04:00:34,754 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 04:00:34,755 INFO L495 AbstractCegarLoop]: Abstraction has 1161 states and 1444 transitions. [2022-11-03 04:00:34,755 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 7 states have (on average 8.571428571428571) internal successors, (60), 7 states have internal predecessors, (60), 2 states have call successors, (16), 2 states have call predecessors, (16), 4 states have return successors, (18), 4 states have call predecessors, (18), 2 states have call successors, (18) [2022-11-03 04:00:34,755 INFO L276 IsEmpty]: Start isEmpty. Operand 1161 states and 1444 transitions. [2022-11-03 04:00:34,759 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-11-03 04:00:34,759 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 04:00:34,760 INFO L195 NwaCegarLoop]: trace histogram [5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 04:00:34,802 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-03 04:00:34,975 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-03 04:00:34,975 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 04:00:34,975 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 04:00:34,975 INFO L85 PathProgramCache]: Analyzing trace with hash -996438933, now seen corresponding path program 1 times [2022-11-03 04:00:34,976 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 04:00:34,976 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1586585386] [2022-11-03 04:00:34,976 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 04:00:34,976 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 04:00:35,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 04:00:35,614 INFO L134 CoverageAnalysis]: Checked inductivity of 92 backedges. 53 proven. 6 refuted. 0 times theorem prover too weak. 33 trivial. 0 not checked. [2022-11-03 04:00:35,614 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 04:00:35,614 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1586585386] [2022-11-03 04:00:35,614 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1586585386] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 04:00:35,615 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [231917867] [2022-11-03 04:00:35,615 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 04:00:35,615 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:00:35,615 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 04:00:35,616 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 04:00:35,634 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-03 04:00:35,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 04:00:35,760 INFO L263 TraceCheckSpWp]: Trace formula consists of 612 conjuncts, 37 conjunts are in the unsatisfiable core [2022-11-03 04:00:35,764 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 04:00:35,936 INFO L134 CoverageAnalysis]: Checked inductivity of 92 backedges. 64 proven. 10 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-11-03 04:00:35,937 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 04:00:36,565 INFO L134 CoverageAnalysis]: Checked inductivity of 92 backedges. 48 proven. 7 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-11-03 04:00:36,565 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [231917867] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 04:00:36,565 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [280995824] [2022-11-03 04:00:36,568 INFO L159 IcfgInterpreter]: Started Sifa with 55 locations of interest [2022-11-03 04:00:36,568 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 04:00:36,569 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 04:00:36,569 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 04:00:36,569 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 04:00:41,680 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 36 for LOIs [2022-11-03 04:00:41,683 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 46 for LOIs [2022-11-03 04:00:42,402 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 38 for LOIs [2022-11-03 04:00:42,407 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 45 for LOIs [2022-11-03 04:00:42,494 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 45 for LOIs [2022-11-03 04:00:42,644 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 44 for LOIs [2022-11-03 04:00:42,649 INFO L197 IcfgInterpreter]: Interpreting procedure changeMethaneLevel with input of size 43 for LOIs [2022-11-03 04:00:42,654 INFO L197 IcfgInterpreter]: Interpreting procedure deactivatePump with input of size 46 for LOIs [2022-11-03 04:00:42,669 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 04:00:51,904 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '17293#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~5#1| |timeShift_getWaterLevel_#res#1|) (= ~head~0.offset 0) (= 1 ~systemActive~0) (= |old(~pumpRunning~0)| 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| ~waterLevel~0) (<= 0 ~methaneLevelCritical~0) (<= 0 ~pumpRunning~0) (= ~head~0.base 0) (= |#NULL.offset| 0) (<= ~methaneLevelCritical~0 2147483647) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (<= |timeShift_getWaterLevel_~retValue_acc~5#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-03 04:00:51,904 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 04:00:51,904 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 04:00:51,904 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [16, 13, 13] total 26 [2022-11-03 04:00:51,905 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [388789285] [2022-11-03 04:00:51,905 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 04:00:51,906 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-11-03 04:00:51,906 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 04:00:51,906 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-11-03 04:00:51,908 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=346, Invalid=4076, Unknown=0, NotChecked=0, Total=4422 [2022-11-03 04:00:51,909 INFO L87 Difference]: Start difference. First operand 1161 states and 1444 transitions. Second operand has 26 states, 18 states have (on average 6.222222222222222) internal successors, (112), 20 states have internal predecessors, (112), 6 states have call successors, (28), 5 states have call predecessors, (28), 14 states have return successors, (33), 12 states have call predecessors, (33), 6 states have call successors, (33) [2022-11-03 04:00:56,120 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 04:00:56,121 INFO L93 Difference]: Finished difference Result 3440 states and 4903 transitions. [2022-11-03 04:00:56,121 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 61 states. [2022-11-03 04:00:56,122 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 18 states have (on average 6.222222222222222) internal successors, (112), 20 states have internal predecessors, (112), 6 states have call successors, (28), 5 states have call predecessors, (28), 14 states have return successors, (33), 12 states have call predecessors, (33), 6 states have call successors, (33) Word has length 116 [2022-11-03 04:00:56,123 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 04:00:56,140 INFO L225 Difference]: With dead ends: 3440 [2022-11-03 04:00:56,140 INFO L226 Difference]: Without dead ends: 2712 [2022-11-03 04:00:56,150 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 459 GetRequests, 330 SyntacticMatches, 5 SemanticMatches, 124 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5630 ImplicationChecksByTransitivity, 11.6s TimeCoverageRelationStatistics Valid=1255, Invalid=14495, Unknown=0, NotChecked=0, Total=15750 [2022-11-03 04:00:56,151 INFO L413 NwaCegarLoop]: 90 mSDtfsCounter, 952 mSDsluCounter, 1109 mSDsCounter, 0 mSdLazyCounter, 2083 mSolverCounterSat, 718 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 952 SdHoareTripleChecker+Valid, 957 SdHoareTripleChecker+Invalid, 2801 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 718 IncrementalHoareTripleChecker+Valid, 2083 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-11-03 04:00:56,151 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [952 Valid, 957 Invalid, 2801 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [718 Valid, 2083 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-11-03 04:00:56,154 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2712 states. [2022-11-03 04:00:56,399 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2712 to 1607. [2022-11-03 04:00:56,403 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1607 states, 1094 states have (on average 1.2212065813528337) internal successors, (1336), 1173 states have internal predecessors, (1336), 260 states have call successors, (260), 230 states have call predecessors, (260), 252 states have return successors, (408), 254 states have call predecessors, (408), 260 states have call successors, (408) [2022-11-03 04:00:56,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1607 states to 1607 states and 2004 transitions. [2022-11-03 04:00:56,411 INFO L78 Accepts]: Start accepts. Automaton has 1607 states and 2004 transitions. Word has length 116 [2022-11-03 04:00:56,412 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 04:00:56,412 INFO L495 AbstractCegarLoop]: Abstraction has 1607 states and 2004 transitions. [2022-11-03 04:00:56,412 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 18 states have (on average 6.222222222222222) internal successors, (112), 20 states have internal predecessors, (112), 6 states have call successors, (28), 5 states have call predecessors, (28), 14 states have return successors, (33), 12 states have call predecessors, (33), 6 states have call successors, (33) [2022-11-03 04:00:56,412 INFO L276 IsEmpty]: Start isEmpty. Operand 1607 states and 2004 transitions. [2022-11-03 04:00:56,417 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-11-03 04:00:56,417 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 04:00:56,417 INFO L195 NwaCegarLoop]: trace histogram [5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 04:00:56,462 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-11-03 04:00:56,639 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:00:56,639 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 04:00:56,639 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 04:00:56,639 INFO L85 PathProgramCache]: Analyzing trace with hash -809174963, now seen corresponding path program 2 times [2022-11-03 04:00:56,640 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 04:00:56,640 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1406206163] [2022-11-03 04:00:56,640 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 04:00:56,640 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 04:00:56,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 04:00:57,195 INFO L134 CoverageAnalysis]: Checked inductivity of 92 backedges. 36 proven. 27 refuted. 0 times theorem prover too weak. 29 trivial. 0 not checked. [2022-11-03 04:00:57,195 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 04:00:57,195 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1406206163] [2022-11-03 04:00:57,196 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1406206163] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 04:00:57,196 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [977310632] [2022-11-03 04:00:57,196 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-03 04:00:57,196 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:00:57,196 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 04:00:57,197 INFO L229 MonitoredProcess]: Starting monitored process 5 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 04:00:57,214 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-11-03 04:00:57,316 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 2 check-sat command(s) [2022-11-03 04:00:57,316 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-03 04:00:57,319 INFO L263 TraceCheckSpWp]: Trace formula consists of 432 conjuncts, 31 conjunts are in the unsatisfiable core [2022-11-03 04:00:57,323 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 04:00:57,702 INFO L134 CoverageAnalysis]: Checked inductivity of 92 backedges. 0 proven. 56 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-11-03 04:00:57,702 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 04:00:58,240 INFO L134 CoverageAnalysis]: Checked inductivity of 92 backedges. 33 proven. 6 refuted. 0 times theorem prover too weak. 53 trivial. 0 not checked. [2022-11-03 04:00:58,241 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [977310632] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 04:00:58,241 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1896960355] [2022-11-03 04:00:58,244 INFO L159 IcfgInterpreter]: Started Sifa with 55 locations of interest [2022-11-03 04:00:58,244 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 04:00:58,244 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 04:00:58,245 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 04:00:58,245 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 04:01:03,301 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 36 for LOIs [2022-11-03 04:01:03,305 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 46 for LOIs [2022-11-03 04:01:03,983 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 38 for LOIs [2022-11-03 04:01:03,986 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 45 for LOIs [2022-11-03 04:01:04,068 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 45 for LOIs [2022-11-03 04:01:04,207 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 44 for LOIs [2022-11-03 04:01:04,212 INFO L197 IcfgInterpreter]: Interpreting procedure changeMethaneLevel with input of size 43 for LOIs [2022-11-03 04:01:04,217 INFO L197 IcfgInterpreter]: Interpreting procedure deactivatePump with input of size 46 for LOIs [2022-11-03 04:01:04,224 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 04:01:13,588 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '25745#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~5#1| |timeShift_getWaterLevel_#res#1|) (= ~head~0.offset 0) (= 1 ~systemActive~0) (= |old(~pumpRunning~0)| 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| ~waterLevel~0) (<= 0 ~methaneLevelCritical~0) (<= 0 ~pumpRunning~0) (= ~head~0.base 0) (= |#NULL.offset| 0) (<= ~methaneLevelCritical~0 2147483647) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (<= |timeShift_getWaterLevel_~retValue_acc~5#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-03 04:01:13,589 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 04:01:13,589 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 04:01:13,589 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 12, 13] total 28 [2022-11-03 04:01:13,589 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1018732619] [2022-11-03 04:01:13,589 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 04:01:13,590 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 28 states [2022-11-03 04:01:13,590 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 04:01:13,591 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2022-11-03 04:01:13,592 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=348, Invalid=4344, Unknown=0, NotChecked=0, Total=4692 [2022-11-03 04:01:13,593 INFO L87 Difference]: Start difference. First operand 1607 states and 2004 transitions. Second operand has 28 states, 20 states have (on average 8.05) internal successors, (161), 21 states have internal predecessors, (161), 11 states have call successors, (46), 10 states have call predecessors, (46), 14 states have return successors, (44), 16 states have call predecessors, (44), 11 states have call successors, (44) [2022-11-03 04:01:16,691 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 04:01:16,691 INFO L93 Difference]: Finished difference Result 3829 states and 4779 transitions. [2022-11-03 04:01:16,692 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 50 states. [2022-11-03 04:01:16,692 INFO L78 Accepts]: Start accepts. Automaton has has 28 states, 20 states have (on average 8.05) internal successors, (161), 21 states have internal predecessors, (161), 11 states have call successors, (46), 10 states have call predecessors, (46), 14 states have return successors, (44), 16 states have call predecessors, (44), 11 states have call successors, (44) Word has length 116 [2022-11-03 04:01:16,694 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 04:01:16,708 INFO L225 Difference]: With dead ends: 3829 [2022-11-03 04:01:16,709 INFO L226 Difference]: Without dead ends: 2374 [2022-11-03 04:01:16,718 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 418 GetRequests, 301 SyntacticMatches, 5 SemanticMatches, 112 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4497 ImplicationChecksByTransitivity, 10.9s TimeCoverageRelationStatistics Valid=1020, Invalid=11862, Unknown=0, NotChecked=0, Total=12882 [2022-11-03 04:01:16,719 INFO L413 NwaCegarLoop]: 120 mSDtfsCounter, 818 mSDsluCounter, 594 mSDsCounter, 0 mSdLazyCounter, 2351 mSolverCounterSat, 593 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 819 SdHoareTripleChecker+Valid, 586 SdHoareTripleChecker+Invalid, 2944 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 593 IncrementalHoareTripleChecker+Valid, 2351 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.5s IncrementalHoareTripleChecker+Time [2022-11-03 04:01:16,719 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [819 Valid, 586 Invalid, 2944 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [593 Valid, 2351 Invalid, 0 Unknown, 0 Unchecked, 1.5s Time] [2022-11-03 04:01:16,723 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2374 states. [2022-11-03 04:01:17,008 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2374 to 2115. [2022-11-03 04:01:17,013 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2115 states, 1437 states have (on average 1.2073764787752261) internal successors, (1735), 1541 states have internal predecessors, (1735), 339 states have call successors, (339), 312 states have call predecessors, (339), 338 states have return successors, (463), 336 states have call predecessors, (463), 339 states have call successors, (463) [2022-11-03 04:01:17,020 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2115 states to 2115 states and 2537 transitions. [2022-11-03 04:01:17,021 INFO L78 Accepts]: Start accepts. Automaton has 2115 states and 2537 transitions. Word has length 116 [2022-11-03 04:01:17,022 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 04:01:17,022 INFO L495 AbstractCegarLoop]: Abstraction has 2115 states and 2537 transitions. [2022-11-03 04:01:17,022 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 28 states, 20 states have (on average 8.05) internal successors, (161), 21 states have internal predecessors, (161), 11 states have call successors, (46), 10 states have call predecessors, (46), 14 states have return successors, (44), 16 states have call predecessors, (44), 11 states have call successors, (44) [2022-11-03 04:01:17,023 INFO L276 IsEmpty]: Start isEmpty. Operand 2115 states and 2537 transitions. [2022-11-03 04:01:17,028 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 120 [2022-11-03 04:01:17,028 INFO L187 NwaCegarLoop]: Found error trace [2022-11-03 04:01:17,028 INFO L195 NwaCegarLoop]: trace histogram [5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 04:01:17,070 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-11-03 04:01:17,255 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11,5 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:01:17,255 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-03 04:01:17,255 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-03 04:01:17,255 INFO L85 PathProgramCache]: Analyzing trace with hash -820997447, now seen corresponding path program 3 times [2022-11-03 04:01:17,255 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-03 04:01:17,255 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [78650904] [2022-11-03 04:01:17,256 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-03 04:01:17,256 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-03 04:01:17,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-03 04:01:18,097 INFO L134 CoverageAnalysis]: Checked inductivity of 95 backedges. 47 proven. 15 refuted. 0 times theorem prover too weak. 33 trivial. 0 not checked. [2022-11-03 04:01:18,097 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-03 04:01:18,097 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [78650904] [2022-11-03 04:01:18,097 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [78650904] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-03 04:01:18,097 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [410605323] [2022-11-03 04:01:18,098 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-03 04:01:18,098 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:01:18,098 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 [2022-11-03 04:01:18,099 INFO L229 MonitoredProcess]: Starting monitored process 6 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-03 04:01:18,128 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-11-03 04:01:18,245 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-03 04:01:18,245 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-03 04:01:18,248 INFO L263 TraceCheckSpWp]: Trace formula consists of 618 conjuncts, 30 conjunts are in the unsatisfiable core [2022-11-03 04:01:18,252 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-03 04:01:18,647 INFO L134 CoverageAnalysis]: Checked inductivity of 95 backedges. 68 proven. 19 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2022-11-03 04:01:18,647 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-03 04:01:19,380 INFO L134 CoverageAnalysis]: Checked inductivity of 95 backedges. 57 proven. 5 refuted. 0 times theorem prover too weak. 33 trivial. 0 not checked. [2022-11-03 04:01:19,381 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [410605323] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-03 04:01:19,381 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1010101808] [2022-11-03 04:01:19,384 INFO L159 IcfgInterpreter]: Started Sifa with 55 locations of interest [2022-11-03 04:01:19,384 INFO L166 IcfgInterpreter]: Building call graph [2022-11-03 04:01:19,385 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-03 04:01:19,385 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-03 04:01:19,386 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-03 04:01:24,279 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 36 for LOIs [2022-11-03 04:01:24,284 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 46 for LOIs [2022-11-03 04:01:24,840 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 38 for LOIs [2022-11-03 04:01:24,844 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 45 for LOIs [2022-11-03 04:01:24,937 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 45 for LOIs [2022-11-03 04:01:25,113 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 44 for LOIs [2022-11-03 04:01:25,119 INFO L197 IcfgInterpreter]: Interpreting procedure changeMethaneLevel with input of size 43 for LOIs [2022-11-03 04:01:25,127 INFO L197 IcfgInterpreter]: Interpreting procedure deactivatePump with input of size 30 for LOIs [2022-11-03 04:01:25,129 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-03 04:01:33,270 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '35598#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (<= 0 |old(~pumpRunning~0)|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~5#1| |timeShift_getWaterLevel_#res#1|) (= ~head~0.offset 0) (<= |old(~pumpRunning~0)| 2147483647) (= 1 ~systemActive~0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| ~waterLevel~0) (<= 0 ~methaneLevelCritical~0) (<= 0 ~pumpRunning~0) (= ~head~0.base 0) (= |#NULL.offset| 0) (<= ~methaneLevelCritical~0 2147483647) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (<= |timeShift_getWaterLevel_~retValue_acc~5#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-03 04:01:33,270 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-03 04:01:33,271 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-03 04:01:33,271 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 11, 11] total 25 [2022-11-03 04:01:33,271 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1668651437] [2022-11-03 04:01:33,271 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-03 04:01:33,272 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 25 states [2022-11-03 04:01:33,272 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-03 04:01:33,272 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 25 interpolants. [2022-11-03 04:01:33,273 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=406, Invalid=3884, Unknown=0, NotChecked=0, Total=4290 [2022-11-03 04:01:33,274 INFO L87 Difference]: Start difference. First operand 2115 states and 2537 transitions. Second operand has 25 states, 24 states have (on average 5.875) internal successors, (141), 25 states have internal predecessors, (141), 15 states have call successors, (40), 9 states have call predecessors, (40), 11 states have return successors, (39), 15 states have call predecessors, (39), 15 states have call successors, (39) [2022-11-03 04:01:37,536 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-03 04:01:37,536 INFO L93 Difference]: Finished difference Result 4942 states and 6176 transitions. [2022-11-03 04:01:37,537 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 65 states. [2022-11-03 04:01:37,537 INFO L78 Accepts]: Start accepts. Automaton has has 25 states, 24 states have (on average 5.875) internal successors, (141), 25 states have internal predecessors, (141), 15 states have call successors, (40), 9 states have call predecessors, (40), 11 states have return successors, (39), 15 states have call predecessors, (39), 15 states have call successors, (39) Word has length 119 [2022-11-03 04:01:37,538 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-03 04:01:37,539 INFO L225 Difference]: With dead ends: 4942 [2022-11-03 04:01:37,540 INFO L226 Difference]: Without dead ends: 0 [2022-11-03 04:01:37,554 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 453 GetRequests, 320 SyntacticMatches, 12 SemanticMatches, 121 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6303 ImplicationChecksByTransitivity, 10.3s TimeCoverageRelationStatistics Valid=1666, Invalid=13340, Unknown=0, NotChecked=0, Total=15006 [2022-11-03 04:01:37,554 INFO L413 NwaCegarLoop]: 129 mSDtfsCounter, 1570 mSDsluCounter, 666 mSDsCounter, 0 mSdLazyCounter, 1684 mSolverCounterSat, 1313 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1573 SdHoareTripleChecker+Valid, 671 SdHoareTripleChecker+Invalid, 2997 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1313 IncrementalHoareTripleChecker+Valid, 1684 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-11-03 04:01:37,555 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1573 Valid, 671 Invalid, 2997 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1313 Valid, 1684 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-11-03 04:01:37,555 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-03 04:01:37,556 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-03 04:01:37,556 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-03 04:01:37,556 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-03 04:01:37,557 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 119 [2022-11-03 04:01:37,557 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-03 04:01:37,557 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-03 04:01:37,558 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 25 states, 24 states have (on average 5.875) internal successors, (141), 25 states have internal predecessors, (141), 15 states have call successors, (40), 9 states have call predecessors, (40), 11 states have return successors, (39), 15 states have call predecessors, (39), 15 states have call successors, (39) [2022-11-03 04:01:37,558 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-03 04:01:37,558 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-03 04:01:37,561 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-03 04:01:37,610 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-11-03 04:01:37,787 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,6 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-03 04:01:37,788 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-03 04:01:48,818 WARN L234 SmtUtils]: Spent 6.46s on a formula simplification. DAG size of input: 480 DAG size of output: 438 (called from [L 182] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.or) [2022-11-03 04:01:59,445 WARN L234 SmtUtils]: Spent 5.80s on a formula simplification. DAG size of input: 302 DAG size of output: 282 (called from [L 182] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.or) [2022-11-03 04:02:48,343 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 325 332) the Hoare annotation is: (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (<= ~waterLevel~0 2)) (let ((.cse0 (and (not (= ~methaneLevelCritical~0 0)) (not (= ~methaneLevelCritical~0 1)))) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 (= ~switchedOnBeforeTS~0 0) (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|))) (or .cse0 (not (<= 2 ~waterLevel~0)) (= |old(~pumpRunning~0)| 0) .cse1)))) [2022-11-03 04:02:48,343 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 325 332) no Hoare annotation was computed. [2022-11-03 04:02:48,343 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 215 221) no Hoare annotation was computed. [2022-11-03 04:02:48,343 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 215 221) the Hoare annotation is: true [2022-11-03 04:02:48,346 INFO L895 garLoopResultBuilder]: At program point L263(line 263) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse4 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse4 (= ~pumpRunning~0 1)))) [2022-11-03 04:02:48,348 INFO L895 garLoopResultBuilder]: At program point L259(line 259) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse4 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse4))) [2022-11-03 04:02:48,348 INFO L899 garLoopResultBuilder]: For program point L257(lines 257 265) no Hoare annotation was computed. [2022-11-03 04:02:48,349 INFO L895 garLoopResultBuilder]: At program point L253(lines 253 270) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4 .cse5) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse5 (= ~pumpRunning~0 1)))) [2022-11-03 04:02:48,349 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__methaneQueryENTRY(lines 249 273) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4 .cse5) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse5 (= ~pumpRunning~0 1)))) [2022-11-03 04:02:48,349 INFO L895 garLoopResultBuilder]: At program point L268(line 268) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4 .cse5) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse5))) [2022-11-03 04:02:48,350 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__methaneQueryEXIT(lines 249 273) no Hoare annotation was computed. [2022-11-03 04:02:48,350 INFO L899 garLoopResultBuilder]: For program point L268-1(lines 249 273) no Hoare annotation was computed. [2022-11-03 04:02:48,351 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 344 352) no Hoare annotation was computed. [2022-11-03 04:02:48,351 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 344 352) the Hoare annotation is: true [2022-11-03 04:02:48,352 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 477 488) the Hoare annotation is: (let ((.cse8 (= ~switchedOnBeforeTS~0 0)) (.cse1 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse4 (= 0 ~systemActive~0)) (.cse0 (not (= |old(~methaneLevelCritical~0)| 0))) (.cse7 (not (= |old(~methaneLevelCritical~0)| 1))) (.cse11 (= ~pumpRunning~0 0))) (let ((.cse3 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse9 (not (= 2 ~waterLevel~0))) (.cse5 (not .cse11)) (.cse6 (and .cse0 .cse7)) (.cse10 (and (not .cse8) .cse11 (= ~methaneLevelCritical~0 0) .cse1 (not .cse4)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 .cse1 .cse2 .cse3) (or .cse5 .cse6 (= ~methaneLevelCritical~0 1) .cse2 .cse7 .cse4 .cse8) (or .cse0 .cse9 .cse1 (not (= ~pumpRunning~0 1)) .cse4) (or .cse0 .cse5 .cse6 .cse9 .cse4 .cse10 .cse8) (or .cse0 .cse5 .cse6 (not (<= ~waterLevel~0 1)) .cse4 .cse10 .cse8)))) [2022-11-03 04:02:48,352 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 477 488) no Hoare annotation was computed. [2022-11-03 04:02:48,353 INFO L899 garLoopResultBuilder]: For program point L576(line 576) no Hoare annotation was computed. [2022-11-03 04:02:48,353 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 555 584) no Hoare annotation was computed. [2022-11-03 04:02:48,353 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 555 584) the Hoare annotation is: true [2022-11-03 04:02:48,353 INFO L899 garLoopResultBuilder]: For program point L569(lines 569 573) no Hoare annotation was computed. [2022-11-03 04:02:48,354 INFO L902 garLoopResultBuilder]: At program point L569-1(lines 569 573) the Hoare annotation is: true [2022-11-03 04:02:48,354 INFO L902 garLoopResultBuilder]: At program point L565-2(lines 565 579) the Hoare annotation is: true [2022-11-03 04:02:48,354 INFO L902 garLoopResultBuilder]: At program point L561(line 561) the Hoare annotation is: true [2022-11-03 04:02:48,355 INFO L899 garLoopResultBuilder]: For program point L561-1(line 561) no Hoare annotation was computed. [2022-11-03 04:02:48,355 INFO L902 garLoopResultBuilder]: At program point L580(lines 555 584) the Hoare annotation is: true [2022-11-03 04:02:48,355 INFO L899 garLoopResultBuilder]: For program point L283(lines 283 291) no Hoare annotation was computed. [2022-11-03 04:02:48,355 INFO L899 garLoopResultBuilder]: For program point L279(lines 279 296) no Hoare annotation was computed. [2022-11-03 04:02:48,355 INFO L899 garLoopResultBuilder]: For program point L85(lines 85 91) no Hoare annotation was computed. [2022-11-03 04:02:48,356 INFO L895 garLoopResultBuilder]: At program point L82(line 82) the Hoare annotation is: (let ((.cse17 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (= |old(~pumpRunning~0)| 0)) (.cse18 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse19 (= ~methaneLevelCritical~0 0)) (.cse4 (= 0 ~systemActive~0)) (.cse22 (not (= ~switchedOnBeforeTS~0 0))) (.cse15 (= ~pumpRunning~0 0)) (.cse16 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse20 (let ((.cse23 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse23) .cse17) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse23)))) (.cse21 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse5 (and .cse22 .cse15 .cse16 .cse20 .cse21)) (.cse7 (not (<= 2 |old(~waterLevel~0)|))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse10 (and .cse22 .cse15 .cse16 .cse19 (<= ~waterLevel~0 1) .cse20 (not .cse4) .cse21)) (.cse11 (and .cse16 .cse20 .cse18 .cse21 (= ~pumpRunning~0 1))) (.cse9 (not .cse19)) (.cse12 (not (= |old(~pumpRunning~0)| 1))) (.cse14 (not (= |old(~waterLevel~0)| 2))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse8 (not .cse2)) (.cse3 (not (= ~methaneLevelCritical~0 1))) (.cse13 (and .cse15 .cse16 .cse17 .cse18))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse3 .cse4 .cse6 .cse5 .cse7) (or .cse8 .cse9 .cse6 .cse7) (or .cse10 .cse0 .cse11 .cse9 .cse12 .cse4 .cse6) (or .cse8 .cse9 .cse6 .cse13) (or .cse8 .cse3 .cse14) (or .cse10 .cse11 .cse9 .cse12 .cse14 .cse4) (or .cse1 .cse8 .cse3 .cse13))))) [2022-11-03 04:02:48,356 INFO L899 garLoopResultBuilder]: For program point L82-1(line 82) no Hoare annotation was computed. [2022-11-03 04:02:48,357 INFO L895 garLoopResultBuilder]: At program point L202-1(lines 202 208) the Hoare annotation is: (let ((.cse11 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (= 0 ~systemActive~0)) (.cse2 (= |old(~pumpRunning~0)| 0))) (let ((.cse6 (not .cse2)) (.cse8 (not .cse4)) (.cse12 (= ~pumpRunning~0 1)) (.cse19 (= ~methaneLevelCritical~0 0)) (.cse22 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse18 (not (= ~switchedOnBeforeTS~0 0))) (.cse13 (= ~pumpRunning~0 0)) (.cse20 (let ((.cse23 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse23) .cse11) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse23)))) (.cse21 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse0 (and .cse18 .cse13 .cse20 .cse21)) (.cse1 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse17 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (= ~methaneLevelCritical~0 1))) (.cse7 (and .cse13 .cse11 .cse22)) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse9 (not .cse19)) (.cse14 (not (= |old(~pumpRunning~0)| 1))) (.cse15 (and .cse20 .cse22 .cse21 .cse12)) (.cse10 (not (= |old(~waterLevel~0)| 2))) (.cse16 (and .cse18 .cse6 .cse13 .cse19 (<= ~waterLevel~0 2) .cse20 .cse8 .cse21))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse6 .cse7 .cse3 .cse5 .cse8) (or .cse0 .cse2 .cse3 .cse4 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse6 .cse7 .cse9 .cse10 (and .cse11 .cse12)) (or .cse6 (and .cse13 (= 2 ~waterLevel~0)) .cse3 .cse10) (or .cse1 .cse9 .cse14 .cse15 .cse4 .cse5 .cse16) (or .cse17 .cse6 .cse7 .cse9) (or .cse17 .cse6 .cse7 .cse3) (or .cse6 .cse7 .cse9 .cse5 .cse8) (or .cse9 .cse14 .cse15 .cse10 .cse4 .cse16))))) [2022-11-03 04:02:48,357 INFO L895 garLoopResultBuilder]: At program point L289(line 289) the Hoare annotation is: (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse6 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse7 (< 0 |old(~waterLevel~0)|)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse9 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0)) (.cse10 (= ~pumpRunning~0 1)) (.cse11 (not (= |old(~pumpRunning~0)| 1))) (.cse3 (= 0 ~systemActive~0)) (.cse2 (not (= ~methaneLevelCritical~0 1))) (.cse12 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= ~methaneLevelCritical~0 0))) (.cse13 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 .cse5) (or .cse0 .cse1 (and (<= ~waterLevel~0 0) (or (and .cse6 .cse7) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse8 .cse9 .cse10) .cse5 .cse11 .cse3) (or .cse2 .cse3 .cse12 (not (<= 2 |old(~waterLevel~0)|))) (or (and .cse6 .cse7 .cse8 .cse9 .cse10) .cse5 .cse11 .cse13 .cse3) (or .cse4 .cse2 .cse12) (or .cse4 .cse5 .cse13))) [2022-11-03 04:02:48,358 INFO L895 garLoopResultBuilder]: At program point L285(line 285) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0))) (let ((.cse1 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (not (= ~pumpRunning~0 0)) (<= ~waterLevel~0 2) (let ((.cse10 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse10) (= |old(~waterLevel~0)| ~waterLevel~0)) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse10))) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not .cse3) (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse6 (not (<= |old(~waterLevel~0)| 1))) (.cse9 (not (= |old(~pumpRunning~0)| 1))) (.cse2 (not (= ~methaneLevelCritical~0 1))) (.cse4 (not (<= |old(~waterLevel~0)| 2))) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (not (= ~methaneLevelCritical~0 0))) (.cse5 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse1 .cse2 .cse5 .cse3) (or .cse6 .cse7 .cse8) (or .cse8 .cse9 .cse3 .cse4 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse6 .cse8 .cse9 .cse3) (or .cse7 .cse2 .cse4) (or .cse7 .cse8 .cse5)))) [2022-11-03 04:02:48,358 INFO L895 garLoopResultBuilder]: At program point L281(line 281) the Hoare annotation is: (let ((.cse15 (< 0 |old(~waterLevel~0)|))) (let ((.cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse6 (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse15))) (let ((.cse11 (or (and (not .cse15) .cse7) .cse6)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse4 (not (= |old(~pumpRunning~0)| 1))) (.cse9 (= ~pumpRunning~0 1)) (.cse3 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse12 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse11 .cse8)) (.cse5 (= 0 ~systemActive~0)) (.cse14 (not (<= |old(~waterLevel~0)| 2))) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse13 (not (= ~methaneLevelCritical~0 1))) (.cse10 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse0 .cse2 .cse4 .cse5 (and (<= ~waterLevel~0 0) (or .cse6 .cse7) .cse8 .cse9)) (or .cse2 .cse4 .cse10 .cse5 (and .cse11 .cse8 .cse9)) (or .cse3 .cse12 .cse13 .cse5 .cse14) (or .cse0 .cse1 .cse13) (or .cse12 .cse13 .cse5 .cse14 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 (and .cse2 .cse13) .cse10)))))) [2022-11-03 04:02:48,359 INFO L899 garLoopResultBuilder]: For program point L281-1(line 281) no Hoare annotation was computed. [2022-11-03 04:02:48,359 INFO L895 garLoopResultBuilder]: At program point L294(line 294) the Hoare annotation is: (let ((.cse2 (= 0 ~systemActive~0)) (.cse5 (= |old(~pumpRunning~0)| 0))) (let ((.cse9 (not .cse5)) (.cse10 (not .cse2)) (.cse4 (not (<= 2 |old(~waterLevel~0)|)))) (let ((.cse1 (not (= |old(~pumpRunning~0)| 1))) (.cse7 (and (or .cse9 .cse10 (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse9 .cse10 .cse4))) (.cse11 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse8 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= ~methaneLevelCritical~0 0))) (.cse6 (not (= ~methaneLevelCritical~0 1))) (.cse3 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 .cse2 .cse3 .cse4) (or .cse7 .cse0 .cse3) (or .cse8 .cse9 .cse0 .cse10) (or .cse11 .cse8 .cse0 .cse1 .cse2) (or .cse7 .cse6 .cse3) (or .cse11 .cse8 .cse5 .cse6 .cse2) (or .cse8 .cse9 .cse6 .cse10) (or .cse9 (and .cse0 .cse6) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse3))))) [2022-11-03 04:02:48,360 INFO L895 garLoopResultBuilder]: At program point L294-1(lines 275 299) the Hoare annotation is: (let ((.cse11 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (= 0 ~systemActive~0)) (.cse2 (= |old(~pumpRunning~0)| 0))) (let ((.cse21 (= ~methaneLevelCritical~0 0)) (.cse12 (= ~pumpRunning~0 1)) (.cse19 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse7 (not .cse2)) (.cse20 (not .cse4)) (.cse6 (not (<= 2 |old(~waterLevel~0)|))) (.cse22 (not (= ~switchedOnBeforeTS~0 0))) (.cse13 (= ~pumpRunning~0 0)) (.cse23 (let ((.cse25 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse25) .cse11) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse25)))) (.cse24 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse0 (and .cse22 .cse13 .cse23 .cse24)) (.cse1 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse14 (and (or .cse7 .cse20 (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse7 .cse20 .cse6))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (and .cse13 .cse11 .cse19)) (.cse15 (not (= |old(~pumpRunning~0)| 1))) (.cse16 (and .cse23 .cse19 .cse24 .cse12)) (.cse10 (not (= |old(~waterLevel~0)| 2))) (.cse17 (and .cse22 .cse7 .cse13 .cse21 (<= ~waterLevel~0 2) .cse23 .cse20 .cse24)) (.cse9 (not .cse21)) (.cse18 (not (<= |old(~waterLevel~0)| 1))) (.cse3 (not (= ~methaneLevelCritical~0 1)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 .cse8 .cse9 .cse10 (and .cse11 .cse12)) (or .cse7 (and .cse13 (= 2 ~waterLevel~0)) .cse3 .cse10) (or .cse14 .cse9 .cse5) (or .cse1 .cse9 .cse15 .cse16 .cse4 .cse5 .cse17) (or .cse14 .cse3 .cse5) (or .cse18 .cse7 .cse8 .cse3) (or .cse9 .cse15 .cse16 .cse10 .cse4 .cse17) (or .cse18 .cse7 .cse9 (and .cse13 .cse11 .cse19 .cse20)) (or .cse18 .cse7 .cse3 .cse20))))) [2022-11-03 04:02:48,360 INFO L895 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: (let ((.cse6 (= 0 ~systemActive~0)) (.cse1 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse9 (not .cse1)) (.cse15 (<= 2 ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (not .cse6)) (.cse18 (= ~pumpRunning~0 0)) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse17 (not (= |old(~pumpRunning~0)| 1))) (.cse14 (not (= |old(~waterLevel~0)| 2))) (.cse16 (= ~pumpRunning~0 1)) (.cse12 (and .cse18 .cse3 .cse4)) (.cse10 (not (= ~methaneLevelCritical~0 0))) (.cse19 (and (or (and .cse2 .cse18 .cse15 .cse13) (and .cse2 .cse18 .cse4 .cse13)) .cse3)) (.cse20 (and (or .cse0 .cse9 .cse6) (or .cse9 .cse6 (not (<= 2 |old(~waterLevel~0)|))))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (= ~methaneLevelCritical~0 1))) (.cse8 (not (= ~switchedOnBeforeTS~0 0))) (.cse11 (= |old(~switchedOnBeforeTS~0)| 0))) (and (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 .cse7) (or .cse8 .cse9 .cse10 .cse6 .cse7 .cse11) (or .cse0 .cse9 .cse12 .cse10 .cse7 .cse13) (or .cse8 .cse9 .cse5 .cse14 .cse6 .cse11) (or .cse9 (and .cse3 (or (and .cse2 .cse15) (and .cse8 .cse2))) .cse10 .cse7 .cse11) (or (and .cse2 .cse3) .cse5 .cse14 .cse6) (or .cse0 (and .cse3 .cse4 .cse16) .cse10 .cse17 .cse6 .cse7) (or .cse9 (and .cse18 .cse3) .cse5 .cse14) (or .cse10 .cse17 .cse14 .cse6 (and .cse3 .cse16)) (or .cse0 .cse9 .cse12 .cse5 .cse7 .cse13) (or .cse10 .cse19 .cse20 .cse7) (or .cse19 .cse5 .cse20 .cse7) (or (not (<= |old(~waterLevel~0)| 1)) .cse9 .cse5 (and .cse8 .cse18 .cse3) .cse11))))) [2022-11-03 04:02:48,361 INFO L895 garLoopResultBuilder]: At program point L67-1(line 67) the Hoare annotation is: (let ((.cse6 (= 0 ~systemActive~0))) (let ((.cse13 (not .cse6)) (.cse18 (= |old(~pumpRunning~0)| 0)) (.cse7 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse19 (= ~pumpRunning~0 0)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1| ~pumpRunning~0))) (let ((.cse3 (= ~pumpRunning~0 1)) (.cse4 (not (= |old(~pumpRunning~0)| 1))) (.cse0 (not (= ~methaneLevelCritical~0 0))) (.cse9 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse16 (and .cse19 .cse1 .cse6 .cse2)) (.cse12 (and .cse7 .cse19 .cse1 .cse6 .cse2)) (.cse11 (not .cse18)) (.cse17 (and .cse7 .cse1 .cse2 .cse13)) (.cse14 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse10 (not (<= |old(~waterLevel~0)| 1))) (.cse15 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse8 (not (= ~methaneLevelCritical~0 1)))) (and (or .cse0 (and .cse1 .cse2 .cse3) .cse4 .cse5 .cse6) (or (and .cse7 .cse1 .cse2) .cse8 .cse6 .cse9 (not (<= 2 |old(~waterLevel~0)|))) (or .cse10 .cse11 .cse12 .cse0 .cse13) (or .cse14 .cse8 .cse5 .cse6 .cse15 (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse14 (and .cse1 .cse15 .cse2 .cse3) .cse0 .cse4 .cse6 .cse9) (or .cse11 .cse0 .cse5 .cse16 .cse13) (or .cse11 .cse17 .cse0 .cse6 .cse9) (or .cse11 .cse8 .cse5 .cse16 .cse13) (or .cse10 .cse11 .cse12 .cse8 .cse13) (or .cse10 .cse11 .cse17 .cse8 .cse6) (or .cse14 .cse10 (and .cse7 .cse1 .cse15 .cse2) .cse18 .cse8 .cse6))))) [2022-11-03 04:02:48,361 INFO L899 garLoopResultBuilder]: For program point L195-2(lines 191 213) no Hoare annotation was computed. [2022-11-03 04:02:48,361 INFO L899 garLoopResultBuilder]: For program point L84(lines 84 94) no Hoare annotation was computed. [2022-11-03 04:02:48,362 INFO L895 garLoopResultBuilder]: At program point L658(line 658) the Hoare annotation is: (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse6 (not (= |old(~pumpRunning~0)| 1))) (.cse3 (= 0 ~systemActive~0)) (.cse8 (not (<= 2 |old(~waterLevel~0)|))) (.cse2 (not (= ~methaneLevelCritical~0 1))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse4 .cse5) (or .cse5 .cse6 .cse3 .cse7 .cse8) (or .cse0 .cse1 .cse5 .cse6 .cse3) (or .cse2 .cse3 .cse7 .cse8) (or .cse4 .cse2 .cse7) (or .cse4 .cse5 (not (= |old(~waterLevel~0)| 2))))) [2022-11-03 04:02:48,362 INFO L899 garLoopResultBuilder]: For program point L80(lines 80 97) no Hoare annotation was computed. [2022-11-03 04:02:48,363 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 188 214) the Hoare annotation is: (let ((.cse6 (= 0 ~systemActive~0)) (.cse1 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse9 (not .cse1)) (.cse15 (<= 2 ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (not .cse6)) (.cse18 (= ~pumpRunning~0 0)) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse17 (not (= |old(~pumpRunning~0)| 1))) (.cse14 (not (= |old(~waterLevel~0)| 2))) (.cse16 (= ~pumpRunning~0 1)) (.cse12 (and .cse18 .cse3 .cse4)) (.cse10 (not (= ~methaneLevelCritical~0 0))) (.cse19 (and (or (and .cse2 .cse18 .cse15 .cse13) (and .cse2 .cse18 .cse4 .cse13)) .cse3)) (.cse20 (and (or .cse0 .cse9 .cse6) (or .cse9 .cse6 (not (<= 2 |old(~waterLevel~0)|))))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (not (= ~methaneLevelCritical~0 1))) (.cse8 (not (= ~switchedOnBeforeTS~0 0))) (.cse11 (= |old(~switchedOnBeforeTS~0)| 0))) (and (or .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5 .cse6 .cse7) (or .cse8 .cse9 .cse10 .cse6 .cse7 .cse11) (or .cse0 .cse9 .cse12 .cse10 .cse7 .cse13) (or .cse8 .cse9 .cse5 .cse14 .cse6 .cse11) (or .cse9 (and .cse3 (or (and .cse2 .cse15) (and .cse8 .cse2))) .cse10 .cse7 .cse11) (or (and .cse2 .cse3) .cse5 .cse14 .cse6) (or .cse0 (and .cse3 .cse4 .cse16) .cse10 .cse17 .cse6 .cse7) (or .cse9 (and .cse18 .cse3) .cse5 .cse14) (or .cse10 .cse17 .cse14 .cse6 (and .cse3 .cse16)) (or .cse0 .cse9 .cse12 .cse5 .cse7 .cse13) (or .cse10 .cse19 .cse20 .cse7) (or .cse19 .cse5 .cse20 .cse7) (or (not (<= |old(~waterLevel~0)| 1)) .cse9 .cse5 (and .cse8 .cse18 .cse3) .cse11))))) [2022-11-03 04:02:48,364 INFO L895 garLoopResultBuilder]: At program point L80-1(lines 72 100) the Hoare annotation is: (let ((.cse4 (= 0 ~systemActive~0)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse27 (= ~methaneLevelCritical~0 0)) (.cse30 (= ~methaneLevelCritical~0 1))) (let ((.cse1 (= |old(~pumpRunning~0)| 0)) (.cse2 (not .cse30)) (.cse13 (not .cse27)) (.cse11 (= ~pumpRunning~0 1)) (.cse20 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse29 (not (= ~switchedOnBeforeTS~0 0))) (.cse7 (= ~pumpRunning~0 0)) (.cse18 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse26 (let ((.cse31 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse31) .cse8) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse31)))) (.cse28 (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (.cse9 (not .cse4)) (.cse21 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse0 (and .cse29 .cse7 .cse18 (<= ~waterLevel~0 1) .cse30 .cse26 .cse28 .cse9 .cse21)) (.cse14 (and .cse7 .cse18 .cse28 .cse20 .cse9)) (.cse22 (not (<= 2 |old(~waterLevel~0)|))) (.cse16 (and .cse29 .cse7 .cse18 .cse26 .cse28 .cse9 .cse21)) (.cse15 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse12 (not (<= |old(~waterLevel~0)| 1))) (.cse19 (or .cse13 .cse11)) (.cse17 (not (= |old(~pumpRunning~0)| 1))) (.cse6 (and .cse13 .cse2)) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse5 (not .cse1)) (.cse23 (and .cse7 .cse18 .cse8 .cse28 .cse20)) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse24 (= 2 ~waterLevel~0)) (.cse25 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 (and .cse7 .cse8 .cse9) .cse4 .cse10 (and .cse8 .cse11)) (or .cse12 .cse5 .cse13 .cse14 .cse4) (or .cse15 .cse0 .cse1 .cse2 .cse4 .cse10) (or .cse16 .cse13 .cse17 (and .cse18 .cse19 (= ~waterLevel~0 1) .cse20 .cse21) .cse4 .cse10 .cse22) (or .cse5 .cse23 .cse13 (and .cse7 .cse24 .cse8) .cse10 .cse9) (or .cse12 .cse5 .cse14 .cse2 .cse4) (or .cse5 .cse13 (and .cse11 .cse25) .cse10 (and .cse20 .cse25) .cse22) (or .cse16 .cse15 .cse12 (and .cse18 .cse19 .cse26 .cse20 .cse21) .cse13 .cse17 .cse4) (or .cse5 (and .cse7 .cse9 .cse25) .cse6 .cse27 .cse3 .cse4) (or .cse5 .cse23 .cse2 .cse10 (and .cse7 .cse24 .cse8 .cse20 .cse25) .cse9))))) [2022-11-03 04:02:48,364 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 188 214) no Hoare annotation was computed. [2022-11-03 04:02:48,364 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 658) no Hoare annotation was computed. [2022-11-03 04:02:48,365 INFO L895 garLoopResultBuilder]: At program point L168(lines 117 169) the Hoare annotation is: false [2022-11-03 04:02:48,365 INFO L902 garLoopResultBuilder]: At program point ULTIMATE.startENTRY(line -1) the Hoare annotation is: true [2022-11-03 04:02:48,365 INFO L899 garLoopResultBuilder]: For program point L156(lines 156 162) no Hoare annotation was computed. [2022-11-03 04:02:48,365 INFO L895 garLoopResultBuilder]: At program point L156-2(lines 148 163) the Hoare annotation is: (let ((.cse6 (= ~methaneLevelCritical~0 0)) (.cse8 (= ~methaneLevelCritical~0 1))) (let ((.cse0 (or .cse6 .cse8)) (.cse1 (or (not .cse6) (= ~pumpRunning~0 1))) (.cse5 (<= ~waterLevel~0 2)) (.cse2 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (= 2 ~waterLevel~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse0 .cse2 .cse3 .cse5) (and .cse6 .cse1 .cse2 .cse3 .cse5 .cse7 .cse4) (and (<= ~waterLevel~0 1) .cse2 .cse8 .cse3 .cse7 .cse4)))) [2022-11-03 04:02:48,366 INFO L899 garLoopResultBuilder]: For program point L119(lines 118 167) no Hoare annotation was computed. [2022-11-03 04:02:48,366 INFO L895 garLoopResultBuilder]: At program point L148(lines 148 163) the Hoare annotation is: (let ((.cse8 (= ~methaneLevelCritical~0 1)) (.cse5 (= ~methaneLevelCritical~0 0))) (let ((.cse1 (or (not .cse5) (= ~pumpRunning~0 1))) (.cse4 (not (= 0 ~systemActive~0))) (.cse9 (= ~pumpRunning~0 0)) (.cse0 (or .cse5 .cse8)) (.cse2 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse6 (<= ~waterLevel~0 2)) (.cse7 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (or (and (= 2 ~waterLevel~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse1 .cse2 .cse3 .cse6 .cse7 .cse4) (and (<= ~waterLevel~0 1) .cse2 .cse8 .cse3 .cse7 .cse4) (and .cse9 .cse0 .cse2 .cse3 .cse6 .cse4) (and .cse9 .cse0 .cse2 .cse3 .cse6 .cse7)))) [2022-11-03 04:02:48,366 INFO L895 garLoopResultBuilder]: At program point L433(line 433) the Hoare annotation is: (and (let ((.cse0 (not (= ~pumpRunning~0 0))) (.cse1 (or (= ~methaneLevelCritical~0 0) (= ~methaneLevelCritical~0 1))) (.cse2 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse4) (and .cse0 .cse1 .cse2 .cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse4))) (<= ~waterLevel~0 2)) [2022-11-03 04:02:48,368 INFO L895 garLoopResultBuilder]: At program point L140(line 140) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse8 (= ~methaneLevelCritical~0 0))) (let ((.cse5 (or .cse0 .cse8)) (.cse6 (not (= 0 ~systemActive~0))) (.cse7 (or .cse8 (= ~methaneLevelCritical~0 1))) (.cse1 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (or (and (not .cse0) .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and (= 2 ~waterLevel~0) .cse1 .cse2 .cse5 .cse6 (= ~pumpRunning~0 1)) (and .cse0 .cse7 .cse1 .cse2 .cse3 .cse6) (and .cse0 .cse7 .cse1 .cse2 .cse3 .cse4)))) [2022-11-03 04:02:48,371 INFO L895 garLoopResultBuilder]: At program point L165(lines 118 167) the Hoare annotation is: (let ((.cse0 (= ~methaneLevelCritical~0 0))) (let ((.cse8 (= 2 ~waterLevel~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse6 (= ~pumpRunning~0 1)) (.cse7 (= ~pumpRunning~0 0)) (.cse9 (or .cse0 (= ~methaneLevelCritical~0 1))) (.cse1 (<= ~waterLevel~0 1)) (.cse2 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and .cse7 .cse8 .cse9 .cse2 .cse3 .cse4) (and .cse7 .cse9 .cse1 .cse2 .cse3 .cse5) (and .cse7 .cse8 .cse9 .cse2 .cse3 .cse5) (and .cse8 .cse0 .cse2 .cse3 .cse5 .cse6) (and .cse7 .cse9 .cse1 .cse2 .cse3 .cse4)))) [2022-11-03 04:02:48,372 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-03 04:02:48,372 INFO L895 garLoopResultBuilder]: At program point L640(lines 640 647) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= ~waterLevel~0 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (= 0 ~systemActive~0))) [2022-11-03 04:02:48,372 INFO L899 garLoopResultBuilder]: For program point L128(lines 128 134) no Hoare annotation was computed. [2022-11-03 04:02:48,373 INFO L899 garLoopResultBuilder]: For program point L128-1(lines 128 134) no Hoare annotation was computed. [2022-11-03 04:02:48,374 INFO L902 garLoopResultBuilder]: At program point L640-2(lines 640 647) the Hoare annotation is: true [2022-11-03 04:02:48,374 INFO L899 garLoopResultBuilder]: For program point L431(lines 431 437) no Hoare annotation was computed. [2022-11-03 04:02:48,374 INFO L895 garLoopResultBuilder]: At program point L431-1(lines 431 437) the Hoare annotation is: (and (= ~pumpRunning~0 0) (or (= ~methaneLevelCritical~0 0) (= ~methaneLevelCritical~0 1)) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (<= ~waterLevel~0 2)) [2022-11-03 04:02:48,374 INFO L902 garLoopResultBuilder]: At program point L171(lines 108 175) the Hoare annotation is: true [2022-11-03 04:02:48,374 INFO L899 garLoopResultBuilder]: For program point L138(lines 138 144) no Hoare annotation was computed. [2022-11-03 04:02:48,375 INFO L899 garLoopResultBuilder]: For program point L138-1(lines 138 144) no Hoare annotation was computed. [2022-11-03 04:02:48,375 INFO L895 garLoopResultBuilder]: At program point L130(line 130) the Hoare annotation is: (let ((.cse0 (= ~methaneLevelCritical~0 0))) (let ((.cse1 (<= ~waterLevel~0 1)) (.cse9 (= 2 ~waterLevel~0)) (.cse5 (not (= 0 ~systemActive~0))) (.cse6 (= ~pumpRunning~0 1)) (.cse7 (= ~pumpRunning~0 0)) (.cse8 (or .cse0 (= ~methaneLevelCritical~0 1))) (.cse2 (= |ULTIMATE.start_main_~tmp~8#1| 1)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (and .cse7 .cse8 .cse1 .cse2 .cse3 .cse5) (and .cse7 .cse9 .cse8 .cse2 .cse3 .cse5) (and .cse9 .cse0 .cse2 .cse3 .cse5 .cse6) (and .cse7 .cse8 .cse2 .cse3 (<= ~waterLevel~0 2) .cse4)))) [2022-11-03 04:02:48,375 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 223 247) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4 .cse5) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse5 (= ~pumpRunning~0 1)))) [2022-11-03 04:02:48,376 INFO L895 garLoopResultBuilder]: At program point L242(line 242) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse4 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse4 (= ~pumpRunning~0 1)))) [2022-11-03 04:02:48,376 INFO L899 garLoopResultBuilder]: For program point L242-1(lines 223 247) no Hoare annotation was computed. [2022-11-03 04:02:48,376 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 223 247) no Hoare annotation was computed. [2022-11-03 04:02:48,376 INFO L895 garLoopResultBuilder]: At program point L313(line 313) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (and (= 2 ~waterLevel~0) (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse3 (not (<= ~waterLevel~0 2))) (.cse4 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse1 .cse3 (not (= ~methaneLevelCritical~0 1)) .cse4 .cse5) (or .cse2 (not (= |old(~pumpRunning~0)| 1)) .cse3 .cse4 .cse5))) [2022-11-03 04:02:48,377 INFO L895 garLoopResultBuilder]: At program point L313-1(line 313) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (and (= 2 ~waterLevel~0) (= ~methaneLevelCritical~0 |processEnvironment__wrappee__highWaterSensor_activatePump_#t~ret14#1|) (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse3 (not (<= ~waterLevel~0 2))) (.cse4 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 .cse3 (not (= ~methaneLevelCritical~0 1)) .cse4 .cse5) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse3 .cse4 .cse5))) [2022-11-03 04:02:48,377 INFO L895 garLoopResultBuilder]: At program point L237(line 237) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse1 (not (= 2 ~waterLevel~0))) (.cse6 (not (= ~methaneLevelCritical~0 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= ~waterLevel~0 1))) (.cse8 (and (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0) .cse4)) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse3 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse1 .cse6 .cse3 .cse4 .cse5) (or .cse0 .cse6 .cse7 .cse3 .cse5 .cse8) (or .cse0 .cse2 .cse7 .cse3 .cse5 .cse8) (or .cse2 (not (= |old(~pumpRunning~0)| 1)) (not (<= ~waterLevel~0 2)) .cse3 .cse5)))) [2022-11-03 04:02:48,377 INFO L899 garLoopResultBuilder]: For program point L231(lines 231 239) no Hoare annotation was computed. [2022-11-03 04:02:48,378 INFO L895 garLoopResultBuilder]: At program point L227(lines 227 244) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (= 0 ~systemActive~0)) (.cse5 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 1)) .cse3 .cse4 .cse5) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2 .cse3 .cse5 (= ~pumpRunning~0 1)))) [2022-11-03 04:02:48,378 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 465 476) no Hoare annotation was computed. [2022-11-03 04:02:48,378 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 465 476) the Hoare annotation is: (let ((.cse10 (= ~methaneLevelCritical~0 0))) (let ((.cse8 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse1 (not (= ~methaneLevelCritical~0 1))) (.cse9 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse5 (and .cse10 (not (= ~pumpRunning~0 1)))) (.cse6 (not .cse10)) (.cse7 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or (not (= |old(~waterLevel~0)| 1)) .cse5 .cse6 .cse7 .cse4 (= ~waterLevel~0 1)) (or .cse0 .cse6 .cse3 .cse4 .cse8) (or .cse5 .cse6 .cse3 .cse4 .cse8 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse6 .cse7 .cse2 .cse3) (or .cse9 .cse0 .cse1 .cse7 .cse3) (or .cse0 .cse1 .cse7 .cse2 .cse3) (or .cse9 .cse0 .cse1 .cse3 .cse4) (or .cse9 .cse0 .cse6 .cse7 .cse3) (or .cse5 .cse6 .cse7 .cse3 .cse4 (not (<= |old(~waterLevel~0)| 0)))))) [2022-11-03 04:02:48,379 INFO L902 garLoopResultBuilder]: At program point isMethaneAlarmENTRY(lines 333 343) the Hoare annotation is: true [2022-11-03 04:02:48,379 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmEXIT(lines 333 343) no Hoare annotation was computed. [2022-11-03 04:02:48,383 INFO L444 BasicCegarLoop]: Path program histogram: [3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-03 04:02:48,385 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-03 04:02:48,475 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 03.11 04:02:48 BoogieIcfgContainer [2022-11-03 04:02:48,476 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-03 04:02:48,477 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-03 04:02:48,477 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-03 04:02:48,477 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-03 04:02:48,478 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 03.11 03:59:50" (3/4) ... [2022-11-03 04:02:48,481 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-03 04:02:48,487 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-03 04:02:48,487 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-03 04:02:48,488 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-03 04:02:48,488 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-03 04:02:48,488 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-03 04:02:48,488 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-03 04:02:48,489 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-03 04:02:48,489 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__methaneQuery [2022-11-03 04:02:48,489 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-03 04:02:48,489 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneAlarm [2022-11-03 04:02:48,507 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 82 nodes and edges [2022-11-03 04:02:48,509 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 28 nodes and edges [2022-11-03 04:02:48,509 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 12 nodes and edges [2022-11-03 04:02:48,510 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-03 04:02:48,510 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-11-03 04:02:48,511 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-03 04:02:48,511 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-03 04:02:48,541 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(methaneLevelCritical == 0) || ((\old(waterLevel) == waterLevel && aux-isPumpRunning()-aux == pumpRunning) && pumpRunning == 1)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((\old(waterLevel) == waterLevel && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && pumpRunning == 1)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(methaneLevelCritical == 1)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive))) || !(methaneLevelCritical == 1)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) [2022-11-03 04:02:48,542 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || (\old(waterLevel) == waterLevel && pumpRunning == 1))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical)) [2022-11-03 04:02:48,544 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && methaneLevelCritical == 1) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) && (((((!(\old(pumpRunning) == 0) || (!(methaneLevelCritical == 0) && !(methaneLevelCritical == 1))) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (\old(waterLevel) == waterLevel && pumpRunning == 1))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || ((((pumpRunning == 0 && tmp == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && methaneLevelCritical == 1) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || ((((tmp == waterLevel && (!(methaneLevelCritical == 0) || pumpRunning == 1)) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && 2 == waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((((pumpRunning == 0 && tmp == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 1)) || 0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (pumpRunning == 1 && tmp == 2)) || !(\old(waterLevel) <= 2)) || (pumpRunning == switchedOnBeforeTS && tmp == 2)) || !(2 <= \old(waterLevel)))) && ((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || !(\old(waterLevel) <= 1)) || ((((tmp == waterLevel && (!(methaneLevelCritical == 0) || pumpRunning == 1)) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || 0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && !(0 == systemActive)) && tmp == 2)) || (!(methaneLevelCritical == 0) && !(methaneLevelCritical == 1))) || methaneLevelCritical == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == 0 && 2 == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == 2)) || !(0 == systemActive)) [2022-11-03 04:02:48,545 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(methaneLevelCritical == 1)) || 0 == systemActive) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0))) && ((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || 0 == systemActive)) && (((!(methaneLevelCritical == 1) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) [2022-11-03 04:02:48,545 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) && ((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || (\old(waterLevel) == waterLevel && pumpRunning == 1))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2))) && (((((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || \old(switchedOnBeforeTS) == 0) && ((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || !(2 <= \old(waterLevel)))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical))) && (((((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || \old(switchedOnBeforeTS) == 0) && ((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || !(2 <= \old(waterLevel)))) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 1)) || !(0 == systemActive)) [2022-11-03 04:02:48,546 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || !(methaneLevelCritical == 1)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) || pumpRunning == 1) [2022-11-03 04:02:48,546 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || !(methaneLevelCritical == 1)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) || pumpRunning == 1) [2022-11-03 04:02:48,547 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || ((2 == waterLevel && methaneLevelCritical == aux-isMethaneAlarm()-aux) && pumpRunning == switchedOnBeforeTS)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(\old(pumpRunning) == 0) || ((2 == waterLevel && methaneLevelCritical == aux-isMethaneAlarm()-aux) && pumpRunning == switchedOnBeforeTS)) || !(waterLevel <= 2)) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-03 04:02:48,602 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/witness.graphml [2022-11-03 04:02:48,603 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-03 04:02:48,603 INFO L158 Benchmark]: Toolchain (without parser) took 179695.22ms. Allocated memory was 123.7MB in the beginning and 1.1GB in the end (delta: 1.0GB). Free memory was 83.4MB in the beginning and 804.9MB in the end (delta: -721.4MB). Peak memory consumption was 295.4MB. Max. memory is 16.1GB. [2022-11-03 04:02:48,604 INFO L158 Benchmark]: CDTParser took 0.35ms. Allocated memory is still 123.7MB. Free memory was 101.4MB in the beginning and 101.3MB in the end (delta: 74.0kB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-03 04:02:48,604 INFO L158 Benchmark]: CACSL2BoogieTranslator took 785.07ms. Allocated memory is still 123.7MB. Free memory was 83.2MB in the beginning and 88.3MB in the end (delta: -5.1MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-11-03 04:02:48,605 INFO L158 Benchmark]: Boogie Procedure Inliner took 84.88ms. Allocated memory is still 123.7MB. Free memory was 88.3MB in the beginning and 85.8MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-03 04:02:48,605 INFO L158 Benchmark]: Boogie Preprocessor took 61.10ms. Allocated memory is still 123.7MB. Free memory was 85.8MB in the beginning and 83.7MB in the end (delta: 2.0MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-03 04:02:48,607 INFO L158 Benchmark]: RCFGBuilder took 854.38ms. Allocated memory is still 123.7MB. Free memory was 83.7MB in the beginning and 49.4MB in the end (delta: 34.3MB). Peak memory consumption was 35.7MB. Max. memory is 16.1GB. [2022-11-03 04:02:48,607 INFO L158 Benchmark]: TraceAbstraction took 177771.78ms. Allocated memory was 123.7MB in the beginning and 1.1GB in the end (delta: 1.0GB). Free memory was 48.5MB in the beginning and 812.2MB in the end (delta: -763.7MB). Peak memory consumption was 669.0MB. Max. memory is 16.1GB. [2022-11-03 04:02:48,608 INFO L158 Benchmark]: Witness Printer took 125.97ms. Allocated memory is still 1.1GB. Free memory was 811.2MB in the beginning and 804.9MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-03 04:02:48,609 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.35ms. Allocated memory is still 123.7MB. Free memory was 101.4MB in the beginning and 101.3MB in the end (delta: 74.0kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 785.07ms. Allocated memory is still 123.7MB. Free memory was 83.2MB in the beginning and 88.3MB in the end (delta: -5.1MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 84.88ms. Allocated memory is still 123.7MB. Free memory was 88.3MB in the beginning and 85.8MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 61.10ms. Allocated memory is still 123.7MB. Free memory was 85.8MB in the beginning and 83.7MB in the end (delta: 2.0MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 854.38ms. Allocated memory is still 123.7MB. Free memory was 83.7MB in the beginning and 49.4MB in the end (delta: 34.3MB). Peak memory consumption was 35.7MB. Max. memory is 16.1GB. * TraceAbstraction took 177771.78ms. Allocated memory was 123.7MB in the beginning and 1.1GB in the end (delta: 1.0GB). Free memory was 48.5MB in the beginning and 812.2MB in the end (delta: -763.7MB). Peak memory consumption was 669.0MB. Max. memory is 16.1GB. * Witness Printer took 125.97ms. Allocated memory is still 1.1GB. Free memory was 811.2MB in the beginning and 804.9MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 658]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 11 procedures, 80 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 177.6s, OverallIterations: 13, TraceHistogramMax: 5, PathProgramHistogramMax: 3, EmptinessCheckTime: 0.1s, AutomataDifference: 20.7s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 70.6s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 5382 SdHoareTripleChecker+Valid, 10.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 5337 mSDsluCounter, 6457 SdHoareTripleChecker+Invalid, 8.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 6132 mSDsCounter, 3919 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 11956 IncrementalHoareTripleChecker+Invalid, 15875 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 3919 mSolverCounterUnsat, 1409 mSDtfsCounter, 11956 mSolverCounterSat, 0.2s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 2047 GetRequests, 1415 SyntacticMatches, 38 SemanticMatches, 594 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25611 ImplicationChecksByTransitivity, 51.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=2115occurred in iteration=12, InterpolantAutomatonStates: 341, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 1.2s AutomataMinimizationTime, 13 MinimizatonAttempts, 2167 StatesRemovedByMinimization, 10 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 46 LocationsWithAnnotation, 5658 PreInvPairs, 6803 NumberOfFragments, 5820 HoareAnnotationTreeSize, 5658 FomulaSimplifications, 272087 FormulaSimplificationTreeSizeReduction, 30.2s HoareSimplificationTime, 46 FomulaSimplificationsInter, 589498 FormulaSimplificationTreeSizeReductionInter, 39.9s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.2s SsaConstructionTime, 0.7s SatisfiabilityAnalysisTime, 7.6s InterpolantComputationTime, 1343 NumberOfCodeBlocks, 1288 NumberOfCodeBlocksAsserted, 20 NumberOfCheckSat, 1835 ConstructedInterpolants, 0 QuantifiedInterpolants, 4928 SizeOfPredicates, 44 NumberOfNonLiveVariables, 2669 ConjunctsInSsa, 133 ConjunctsInUnsatCore, 23 InterpolantComputations, 8 PerfectInterpolantSequences, 935/1098 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 202]: Loop Invariant Derived loop invariant: ((((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || (\old(waterLevel) == waterLevel && pumpRunning == 1))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical)) - InvariantResult [Line: -1]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 555]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 565]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 431]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2 - InvariantResult [Line: 275]: Loop Invariant Derived loop invariant: (((((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) && ((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp == methaneLevelCritical) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || (\old(waterLevel) == waterLevel && pumpRunning == 1))) && (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && 2 == waterLevel)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2))) && (((((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || \old(switchedOnBeforeTS) == 0) && ((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || !(2 <= \old(waterLevel)))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) <= 2))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical))) && (((((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || \old(switchedOnBeforeTS) == 0) && ((!(\old(pumpRunning) == 0) || !(0 == systemActive)) || !(2 <= \old(waterLevel)))) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || (((((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) && pumpRunning == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((((((!(switchedOnBeforeTS == 0) && !(\old(pumpRunning) == 0)) && pumpRunning == 0) && methaneLevelCritical == 0) && waterLevel <= 2) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && !(0 == systemActive)) && tmp == methaneLevelCritical))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive)))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 1)) || !(0 == systemActive)) - InvariantResult [Line: 117]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 227]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || !(methaneLevelCritical == 1)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) || pumpRunning == 1) - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: (((((((((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && methaneLevelCritical == 1) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) && (((((!(\old(pumpRunning) == 0) || (!(methaneLevelCritical == 0) && !(methaneLevelCritical == 1))) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (\old(waterLevel) == waterLevel && pumpRunning == 1))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || ((((pumpRunning == 0 && tmp == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && methaneLevelCritical == 1) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || ((((tmp == waterLevel && (!(methaneLevelCritical == 0) || pumpRunning == 1)) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && 2 == waterLevel) && \old(waterLevel) == waterLevel)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((((pumpRunning == 0 && tmp == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 1)) || 0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (pumpRunning == 1 && tmp == 2)) || !(\old(waterLevel) <= 2)) || (pumpRunning == switchedOnBeforeTS && tmp == 2)) || !(2 <= \old(waterLevel)))) && ((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && tmp___0 == 0) && !(0 == systemActive)) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || !(\old(waterLevel) <= 1)) || ((((tmp == waterLevel && (!(methaneLevelCritical == 0) || pumpRunning == 1)) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || 0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && !(0 == systemActive)) && tmp == 2)) || (!(methaneLevelCritical == 0) && !(methaneLevelCritical == 1))) || methaneLevelCritical == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp___0 == 0) && pumpRunning == switchedOnBeforeTS)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == 0 && 2 == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == 2)) || !(0 == systemActive)) - InvariantResult [Line: 658]: Loop Invariant Derived loop invariant: ((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(methaneLevelCritical == 1)) || 0 == systemActive) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0))) && ((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || 0 == systemActive)) && (((!(methaneLevelCritical == 1) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) <= 2))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) - InvariantResult [Line: 108]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 333]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 118]: Loop Invariant Derived loop invariant: ((((((((((methaneLevelCritical == 0 && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive)) && pumpRunning == 1) || (((((pumpRunning == 0 && 2 == waterLevel) && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && tmp == 1) && splverifierCounter == 0) && pumpRunning == switchedOnBeforeTS)) || (((((pumpRunning == 0 && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive))) || (((((pumpRunning == 0 && 2 == waterLevel) && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive))) || (((((2 == waterLevel && methaneLevelCritical == 0) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive)) && pumpRunning == 1)) || (((((pumpRunning == 0 && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && waterLevel <= 1) && tmp == 1) && splverifierCounter == 0) && pumpRunning == switchedOnBeforeTS) - InvariantResult [Line: 67]: Loop Invariant Derived loop invariant: (((((((((((((!(methaneLevelCritical == 0) || ((\old(waterLevel) == waterLevel && aux-isPumpRunning()-aux == pumpRunning) && pumpRunning == 1)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) && ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((\old(waterLevel) == waterLevel && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && pumpRunning == 1)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(0 == systemActive))) && ((((!(\old(pumpRunning) == 0) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(\old(waterLevel) <= 2))) && ((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || !(\old(waterLevel) == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && \old(waterLevel) == waterLevel) && 0 == systemActive) && aux-isPumpRunning()-aux == pumpRunning)) || !(methaneLevelCritical == 1)) || !(0 == systemActive))) && ((((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive))) || !(methaneLevelCritical == 1)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 1)) || 0 == systemActive) - InvariantResult [Line: 148]: Loop Invariant Derived loop invariant: ((((((((2 == waterLevel && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && (!(methaneLevelCritical == 0) || pumpRunning == 1)) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive)) || ((((((methaneLevelCritical == 0 && (!(methaneLevelCritical == 0) || pumpRunning == 1)) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((waterLevel <= 1 && tmp == 1) && methaneLevelCritical == 1) && splverifierCounter == 0) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((pumpRunning == 0 && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive))) || (((((pumpRunning == 0 && (methaneLevelCritical == 0 || methaneLevelCritical == 1)) && tmp == 1) && splverifierCounter == 0) && waterLevel <= 2) && pumpRunning == switchedOnBeforeTS) - InvariantResult [Line: 313]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || ((2 == waterLevel && methaneLevelCritical == aux-isMethaneAlarm()-aux) && pumpRunning == switchedOnBeforeTS)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(\old(pumpRunning) == 0) || ((2 == waterLevel && methaneLevelCritical == aux-isMethaneAlarm()-aux) && pumpRunning == switchedOnBeforeTS)) || !(waterLevel <= 2)) || !(methaneLevelCritical == 1)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 640]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && methaneLevelCritical == 0) && tmp == 1) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive) - InvariantResult [Line: 640]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 253]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(\old(pumpRunning) == 0) || !(waterLevel <= 2)) || !(methaneLevelCritical == 1)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(methaneLevelCritical == 0) || !(\old(pumpRunning) == 1)) || !(waterLevel <= 2)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) || pumpRunning == 1) RESULT: Ultimate proved your program to be correct! [2022-11-03 04:02:48,695 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_8fdd8584-3843-4167-89b6-16c2ef7e70f1/bin/utaipan-7li7fVZpFI/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE