./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product46.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 8393723b Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/config/TaipanReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product46.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/config/svcomp-Reach-32bit-Taipan_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Taipan --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 73b8e020dd9d30fdd676c81009d4f1b850aa716d63ef29ce3d475a261546f853 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-8393723 [2022-11-19 08:15:20,129 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-19 08:15:20,131 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-19 08:15:20,160 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-19 08:15:20,160 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-19 08:15:20,162 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-19 08:15:20,164 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-19 08:15:20,166 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-19 08:15:20,168 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-19 08:15:20,170 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-19 08:15:20,171 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-19 08:15:20,173 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-19 08:15:20,174 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-19 08:15:20,175 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-19 08:15:20,177 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-19 08:15:20,178 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-19 08:15:20,179 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-19 08:15:20,181 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-19 08:15:20,184 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-19 08:15:20,187 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-19 08:15:20,189 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-19 08:15:20,191 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-19 08:15:20,193 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-19 08:15:20,194 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-19 08:15:20,200 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-19 08:15:20,200 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-19 08:15:20,201 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-19 08:15:20,202 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-19 08:15:20,203 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-19 08:15:20,205 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-19 08:15:20,205 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-19 08:15:20,207 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-19 08:15:20,208 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-19 08:15:20,209 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-19 08:15:20,211 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-19 08:15:20,212 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-19 08:15:20,213 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-19 08:15:20,213 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-19 08:15:20,214 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-19 08:15:20,215 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-19 08:15:20,217 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-19 08:15:20,218 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/config/svcomp-Reach-32bit-Taipan_Default.epf [2022-11-19 08:15:20,249 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-19 08:15:20,250 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-19 08:15:20,250 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-19 08:15:20,251 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-19 08:15:20,252 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-19 08:15:20,252 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-19 08:15:20,252 INFO L138 SettingsManager]: * User list type=DISABLED [2022-11-19 08:15:20,253 INFO L136 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2022-11-19 08:15:20,253 INFO L138 SettingsManager]: * Explicit value domain=true [2022-11-19 08:15:20,254 INFO L138 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2022-11-19 08:15:20,254 INFO L138 SettingsManager]: * Octagon Domain=false [2022-11-19 08:15:20,255 INFO L138 SettingsManager]: * Abstract domain=CompoundDomain [2022-11-19 08:15:20,255 INFO L138 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2022-11-19 08:15:20,256 INFO L138 SettingsManager]: * Use the RCFG-of-the-future interface=true [2022-11-19 08:15:20,256 INFO L138 SettingsManager]: * Interval Domain=false [2022-11-19 08:15:20,257 INFO L136 SettingsManager]: Preferences of Sifa differ from their defaults: [2022-11-19 08:15:20,257 INFO L138 SettingsManager]: * Call Summarizer=TopInputCallSummarizer [2022-11-19 08:15:20,257 INFO L138 SettingsManager]: * Simplification Technique=POLY_PAC [2022-11-19 08:15:20,259 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-19 08:15:20,259 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-19 08:15:20,260 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-19 08:15:20,260 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-19 08:15:20,260 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-19 08:15:20,261 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-19 08:15:20,261 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-19 08:15:20,261 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-19 08:15:20,262 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-19 08:15:20,262 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-19 08:15:20,262 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-19 08:15:20,263 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-19 08:15:20,263 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-19 08:15:20,263 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-19 08:15:20,264 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-19 08:15:20,264 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-19 08:15:20,264 INFO L138 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2022-11-19 08:15:20,265 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-19 08:15:20,265 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-19 08:15:20,265 INFO L138 SettingsManager]: * Trace refinement strategy=SIFA_TAIPAN [2022-11-19 08:15:20,266 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-19 08:15:20,266 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-19 08:15:20,266 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2022-11-19 08:15:20,267 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Taipan Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 73b8e020dd9d30fdd676c81009d4f1b850aa716d63ef29ce3d475a261546f853 [2022-11-19 08:15:20,696 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-19 08:15:20,742 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-19 08:15:20,745 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-19 08:15:20,747 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-19 08:15:20,748 INFO L275 PluginConnector]: CDTParser initialized [2022-11-19 08:15:20,749 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/../../sv-benchmarks/c/product-lines/minepump_spec5_product46.cil.c [2022-11-19 08:15:20,834 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/data/952e2e60f/afc321e10f0644fcb3f7f96c09e2c723/FLAGb962b8493 [2022-11-19 08:15:21,525 INFO L306 CDTParser]: Found 1 translation units. [2022-11-19 08:15:21,526 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/sv-benchmarks/c/product-lines/minepump_spec5_product46.cil.c [2022-11-19 08:15:21,540 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/data/952e2e60f/afc321e10f0644fcb3f7f96c09e2c723/FLAGb962b8493 [2022-11-19 08:15:21,779 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/data/952e2e60f/afc321e10f0644fcb3f7f96c09e2c723 [2022-11-19 08:15:21,783 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-19 08:15:21,784 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-19 08:15:21,787 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-19 08:15:21,787 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-19 08:15:21,793 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-19 08:15:21,794 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 19.11 08:15:21" (1/1) ... [2022-11-19 08:15:21,800 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4f6d4974 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:21, skipping insertion in model container [2022-11-19 08:15:21,800 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 19.11 08:15:21" (1/1) ... [2022-11-19 08:15:21,810 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-19 08:15:21,860 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-19 08:15:22,254 WARN L234 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/sv-benchmarks/c/product-lines/minepump_spec5_product46.cil.c[15211,15224] [2022-11-19 08:15:22,286 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-19 08:15:22,306 INFO L203 MainTranslator]: Completed pre-run [2022-11-19 08:15:22,366 WARN L234 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/sv-benchmarks/c/product-lines/minepump_spec5_product46.cil.c[15211,15224] [2022-11-19 08:15:22,376 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-19 08:15:22,398 INFO L208 MainTranslator]: Completed translation [2022-11-19 08:15:22,398 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22 WrapperNode [2022-11-19 08:15:22,398 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-19 08:15:22,400 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-19 08:15:22,400 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-19 08:15:22,400 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-19 08:15:22,411 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,432 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,470 INFO L138 Inliner]: procedures = 57, calls = 103, calls flagged for inlining = 25, calls inlined = 22, statements flattened = 211 [2022-11-19 08:15:22,470 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-19 08:15:22,471 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-19 08:15:22,471 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-19 08:15:22,472 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-19 08:15:22,493 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,493 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,496 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,505 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,511 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,528 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,529 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,531 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,543 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-19 08:15:22,545 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-19 08:15:22,545 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-19 08:15:22,545 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-19 08:15:22,548 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (1/1) ... [2022-11-19 08:15:22,558 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-19 08:15:22,572 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:15:22,587 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-19 08:15:22,603 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-19 08:15:22,646 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-19 08:15:22,646 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-19 08:15:22,646 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-19 08:15:22,647 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-19 08:15:22,647 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-19 08:15:22,647 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-19 08:15:22,647 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-19 08:15:22,647 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-19 08:15:22,647 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-19 08:15:22,648 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__methaneQuery [2022-11-19 08:15:22,648 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__methaneQuery [2022-11-19 08:15:22,648 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-19 08:15:22,648 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-19 08:15:22,649 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2022-11-19 08:15:22,650 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2022-11-19 08:15:22,650 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-19 08:15:22,650 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-19 08:15:22,650 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-19 08:15:22,650 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-19 08:15:22,651 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-19 08:15:22,783 INFO L235 CfgBuilder]: Building ICFG [2022-11-19 08:15:22,785 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-19 08:15:23,225 INFO L276 CfgBuilder]: Performing block encoding [2022-11-19 08:15:23,325 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-19 08:15:23,325 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-19 08:15:23,329 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.11 08:15:23 BoogieIcfgContainer [2022-11-19 08:15:23,329 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-19 08:15:23,332 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-19 08:15:23,332 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-19 08:15:23,346 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-19 08:15:23,346 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 19.11 08:15:21" (1/3) ... [2022-11-19 08:15:23,347 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@799963bb and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 19.11 08:15:23, skipping insertion in model container [2022-11-19 08:15:23,348 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:15:22" (2/3) ... [2022-11-19 08:15:23,348 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@799963bb and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 19.11 08:15:23, skipping insertion in model container [2022-11-19 08:15:23,348 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.11 08:15:23" (3/3) ... [2022-11-19 08:15:23,350 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product46.cil.c [2022-11-19 08:15:23,399 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-19 08:15:23,400 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-19 08:15:23,532 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-19 08:15:23,546 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@76ea7de3, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-19 08:15:23,546 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-19 08:15:23,552 INFO L276 IsEmpty]: Start isEmpty. Operand has 64 states, 40 states have (on average 1.4) internal successors, (56), 48 states have internal predecessors, (56), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2022-11-19 08:15:23,566 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-19 08:15:23,566 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:23,567 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:23,568 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:23,579 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:23,579 INFO L85 PathProgramCache]: Analyzing trace with hash 360600848, now seen corresponding path program 1 times [2022-11-19 08:15:23,593 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:23,594 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [456220945] [2022-11-19 08:15:23,594 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:23,595 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:23,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:23,900 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:15:23,900 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:23,901 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [456220945] [2022-11-19 08:15:23,901 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [456220945] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:15:23,902 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:15:23,902 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-19 08:15:23,904 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1183562355] [2022-11-19 08:15:23,905 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:15:23,910 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-19 08:15:23,912 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:23,959 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-19 08:15:23,961 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-19 08:15:23,965 INFO L87 Difference]: Start difference. First operand has 64 states, 40 states have (on average 1.4) internal successors, (56), 48 states have internal predecessors, (56), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-19 08:15:24,117 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:24,117 INFO L93 Difference]: Finished difference Result 126 states and 169 transitions. [2022-11-19 08:15:24,120 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-19 08:15:24,121 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 21 [2022-11-19 08:15:24,122 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:24,137 INFO L225 Difference]: With dead ends: 126 [2022-11-19 08:15:24,138 INFO L226 Difference]: Without dead ends: 59 [2022-11-19 08:15:24,144 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-19 08:15:24,150 INFO L413 NwaCegarLoop]: 64 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 17 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 64 SdHoareTripleChecker+Invalid, 18 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 17 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:24,151 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 64 Invalid, 18 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 17 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-19 08:15:24,175 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 59 states. [2022-11-19 08:15:24,225 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 59 to 59. [2022-11-19 08:15:24,227 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 59 states, 37 states have (on average 1.2972972972972974) internal successors, (48), 44 states have internal predecessors, (48), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 11 states have call predecessors, (13), 13 states have call successors, (13) [2022-11-19 08:15:24,239 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 59 states to 59 states and 75 transitions. [2022-11-19 08:15:24,241 INFO L78 Accepts]: Start accepts. Automaton has 59 states and 75 transitions. Word has length 21 [2022-11-19 08:15:24,242 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:24,242 INFO L495 AbstractCegarLoop]: Abstraction has 59 states and 75 transitions. [2022-11-19 08:15:24,243 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-19 08:15:24,243 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 75 transitions. [2022-11-19 08:15:24,250 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-11-19 08:15:24,250 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:24,251 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:24,251 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-19 08:15:24,252 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:24,253 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:24,253 INFO L85 PathProgramCache]: Analyzing trace with hash -1869551212, now seen corresponding path program 1 times [2022-11-19 08:15:24,254 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:24,254 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1386971470] [2022-11-19 08:15:24,255 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:24,256 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:24,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:24,598 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:15:24,598 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:24,599 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1386971470] [2022-11-19 08:15:24,599 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1386971470] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:15:24,599 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:15:24,599 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-19 08:15:24,600 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [172890033] [2022-11-19 08:15:24,600 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:15:24,602 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-19 08:15:24,602 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:24,603 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-19 08:15:24,603 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-11-19 08:15:24,603 INFO L87 Difference]: Start difference. First operand 59 states and 75 transitions. Second operand has 8 states, 7 states have (on average 2.5714285714285716) internal successors, (18), 6 states have internal predecessors, (18), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-19 08:15:25,637 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:25,637 INFO L93 Difference]: Finished difference Result 236 states and 357 transitions. [2022-11-19 08:15:25,638 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2022-11-19 08:15:25,638 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.5714285714285716) internal successors, (18), 6 states have internal predecessors, (18), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 24 [2022-11-19 08:15:25,639 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:25,642 INFO L225 Difference]: With dead ends: 236 [2022-11-19 08:15:25,643 INFO L226 Difference]: Without dead ends: 179 [2022-11-19 08:15:25,645 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 21 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=71, Invalid=271, Unknown=0, NotChecked=0, Total=342 [2022-11-19 08:15:25,646 INFO L413 NwaCegarLoop]: 149 mSDtfsCounter, 149 mSDsluCounter, 349 mSDsCounter, 0 mSdLazyCounter, 648 mSolverCounterSat, 52 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 153 SdHoareTripleChecker+Valid, 498 SdHoareTripleChecker+Invalid, 700 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 52 IncrementalHoareTripleChecker+Valid, 648 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:25,647 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [153 Valid, 498 Invalid, 700 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [52 Valid, 648 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-11-19 08:15:25,648 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 179 states. [2022-11-19 08:15:25,682 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 179 to 173. [2022-11-19 08:15:25,683 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 173 states, 111 states have (on average 1.2342342342342343) internal successors, (137), 122 states have internal predecessors, (137), 38 states have call successors, (38), 26 states have call predecessors, (38), 23 states have return successors, (66), 33 states have call predecessors, (66), 34 states have call successors, (66) [2022-11-19 08:15:25,686 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 173 states to 173 states and 241 transitions. [2022-11-19 08:15:25,686 INFO L78 Accepts]: Start accepts. Automaton has 173 states and 241 transitions. Word has length 24 [2022-11-19 08:15:25,687 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:25,687 INFO L495 AbstractCegarLoop]: Abstraction has 173 states and 241 transitions. [2022-11-19 08:15:25,687 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 2.5714285714285716) internal successors, (18), 6 states have internal predecessors, (18), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-19 08:15:25,688 INFO L276 IsEmpty]: Start isEmpty. Operand 173 states and 241 transitions. [2022-11-19 08:15:25,691 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-11-19 08:15:25,691 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:25,691 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:25,692 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-19 08:15:25,692 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:25,692 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:25,693 INFO L85 PathProgramCache]: Analyzing trace with hash 525880443, now seen corresponding path program 1 times [2022-11-19 08:15:25,693 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:25,693 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [154260091] [2022-11-19 08:15:25,694 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:25,694 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:25,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:25,768 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:15:25,768 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:25,769 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [154260091] [2022-11-19 08:15:25,769 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [154260091] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:15:25,769 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:15:25,770 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-19 08:15:25,770 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2418498] [2022-11-19 08:15:25,770 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:15:25,771 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-19 08:15:25,771 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:25,772 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-19 08:15:25,772 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-19 08:15:25,773 INFO L87 Difference]: Start difference. First operand 173 states and 241 transitions. Second operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 3 states have internal predecessors, (23), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-19 08:15:25,822 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:25,822 INFO L93 Difference]: Finished difference Result 260 states and 342 transitions. [2022-11-19 08:15:25,823 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-19 08:15:25,823 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 3 states have internal predecessors, (23), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 34 [2022-11-19 08:15:25,824 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:25,826 INFO L225 Difference]: With dead ends: 260 [2022-11-19 08:15:25,826 INFO L226 Difference]: Without dead ends: 141 [2022-11-19 08:15:25,828 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-19 08:15:25,829 INFO L413 NwaCegarLoop]: 50 mSDtfsCounter, 7 mSDsluCounter, 41 mSDsCounter, 0 mSdLazyCounter, 25 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 91 SdHoareTripleChecker+Invalid, 25 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 25 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:25,830 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [10 Valid, 91 Invalid, 25 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 25 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-19 08:15:25,831 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 141 states. [2022-11-19 08:15:25,851 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 141 to 141. [2022-11-19 08:15:25,851 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 141 states, 91 states have (on average 1.2417582417582418) internal successors, (113), 102 states have internal predecessors, (113), 26 states have call successors, (26), 22 states have call predecessors, (26), 23 states have return successors, (38), 25 states have call predecessors, (38), 26 states have call successors, (38) [2022-11-19 08:15:25,853 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 141 states to 141 states and 177 transitions. [2022-11-19 08:15:25,853 INFO L78 Accepts]: Start accepts. Automaton has 141 states and 177 transitions. Word has length 34 [2022-11-19 08:15:25,854 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:25,854 INFO L495 AbstractCegarLoop]: Abstraction has 141 states and 177 transitions. [2022-11-19 08:15:25,854 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 3 states have internal predecessors, (23), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-19 08:15:25,855 INFO L276 IsEmpty]: Start isEmpty. Operand 141 states and 177 transitions. [2022-11-19 08:15:25,856 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-11-19 08:15:25,856 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:25,857 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:25,857 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-19 08:15:25,857 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:25,858 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:25,858 INFO L85 PathProgramCache]: Analyzing trace with hash 1883380402, now seen corresponding path program 1 times [2022-11-19 08:15:25,858 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:25,859 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [80536737] [2022-11-19 08:15:25,859 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:25,859 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:25,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:26,315 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:15:26,316 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:26,316 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [80536737] [2022-11-19 08:15:26,316 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [80536737] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:15:26,317 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:15:26,317 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-19 08:15:26,317 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [876867758] [2022-11-19 08:15:26,318 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:15:26,318 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-19 08:15:26,319 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:26,320 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-19 08:15:26,320 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=36, Unknown=0, NotChecked=0, Total=56 [2022-11-19 08:15:26,320 INFO L87 Difference]: Start difference. First operand 141 states and 177 transitions. Second operand has 8 states, 7 states have (on average 3.7142857142857144) internal successors, (26), 8 states have internal predecessors, (26), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-19 08:15:26,707 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:26,707 INFO L93 Difference]: Finished difference Result 446 states and 581 transitions. [2022-11-19 08:15:26,708 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-11-19 08:15:26,708 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 3.7142857142857144) internal successors, (26), 8 states have internal predecessors, (26), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) Word has length 36 [2022-11-19 08:15:26,709 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:26,712 INFO L225 Difference]: With dead ends: 446 [2022-11-19 08:15:26,712 INFO L226 Difference]: Without dead ends: 307 [2022-11-19 08:15:26,713 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 8 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=25, Invalid=47, Unknown=0, NotChecked=0, Total=72 [2022-11-19 08:15:26,715 INFO L413 NwaCegarLoop]: 98 mSDtfsCounter, 226 mSDsluCounter, 148 mSDsCounter, 0 mSdLazyCounter, 222 mSolverCounterSat, 55 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 228 SdHoareTripleChecker+Valid, 246 SdHoareTripleChecker+Invalid, 277 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 55 IncrementalHoareTripleChecker+Valid, 222 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:26,716 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [228 Valid, 246 Invalid, 277 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [55 Valid, 222 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-19 08:15:26,717 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 307 states. [2022-11-19 08:15:26,760 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 307 to 270. [2022-11-19 08:15:26,761 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 270 states, 176 states have (on average 1.2386363636363635) internal successors, (218), 195 states have internal predecessors, (218), 50 states have call successors, (50), 43 states have call predecessors, (50), 43 states have return successors, (77), 45 states have call predecessors, (77), 50 states have call successors, (77) [2022-11-19 08:15:26,763 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 270 states to 270 states and 345 transitions. [2022-11-19 08:15:26,764 INFO L78 Accepts]: Start accepts. Automaton has 270 states and 345 transitions. Word has length 36 [2022-11-19 08:15:26,764 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:26,764 INFO L495 AbstractCegarLoop]: Abstraction has 270 states and 345 transitions. [2022-11-19 08:15:26,765 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 3.7142857142857144) internal successors, (26), 8 states have internal predecessors, (26), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-19 08:15:26,765 INFO L276 IsEmpty]: Start isEmpty. Operand 270 states and 345 transitions. [2022-11-19 08:15:26,767 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-11-19 08:15:26,768 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:26,768 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:26,768 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-19 08:15:26,769 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:26,769 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:26,770 INFO L85 PathProgramCache]: Analyzing trace with hash -532747675, now seen corresponding path program 1 times [2022-11-19 08:15:26,770 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:26,770 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1044516701] [2022-11-19 08:15:26,771 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:26,771 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:26,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:27,181 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:15:27,181 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:27,181 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1044516701] [2022-11-19 08:15:27,182 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1044516701] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:15:27,182 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:15:27,183 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-19 08:15:27,184 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [491688915] [2022-11-19 08:15:27,190 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:15:27,191 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-19 08:15:27,191 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:27,192 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-19 08:15:27,193 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2022-11-19 08:15:27,193 INFO L87 Difference]: Start difference. First operand 270 states and 345 transitions. Second operand has 8 states, 7 states have (on average 3.857142857142857) internal successors, (27), 7 states have internal predecessors, (27), 4 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-19 08:15:28,108 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:28,108 INFO L93 Difference]: Finished difference Result 675 states and 909 transitions. [2022-11-19 08:15:28,109 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-11-19 08:15:28,109 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 3.857142857142857) internal successors, (27), 7 states have internal predecessors, (27), 4 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) Word has length 39 [2022-11-19 08:15:28,110 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:28,113 INFO L225 Difference]: With dead ends: 675 [2022-11-19 08:15:28,114 INFO L226 Difference]: Without dead ends: 517 [2022-11-19 08:15:28,115 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 50 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=93, Invalid=213, Unknown=0, NotChecked=0, Total=306 [2022-11-19 08:15:28,117 INFO L413 NwaCegarLoop]: 75 mSDtfsCounter, 176 mSDsluCounter, 269 mSDsCounter, 0 mSdLazyCounter, 450 mSolverCounterSat, 77 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 344 SdHoareTripleChecker+Invalid, 527 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 77 IncrementalHoareTripleChecker+Valid, 450 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:28,118 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [183 Valid, 344 Invalid, 527 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [77 Valid, 450 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-11-19 08:15:28,119 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 517 states. [2022-11-19 08:15:28,222 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 517 to 460. [2022-11-19 08:15:28,223 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 460 states, 303 states have (on average 1.2343234323432344) internal successors, (374), 338 states have internal predecessors, (374), 82 states have call successors, (82), 66 states have call predecessors, (82), 74 states have return successors, (133), 79 states have call predecessors, (133), 82 states have call successors, (133) [2022-11-19 08:15:28,227 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 460 states to 460 states and 589 transitions. [2022-11-19 08:15:28,227 INFO L78 Accepts]: Start accepts. Automaton has 460 states and 589 transitions. Word has length 39 [2022-11-19 08:15:28,228 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:28,228 INFO L495 AbstractCegarLoop]: Abstraction has 460 states and 589 transitions. [2022-11-19 08:15:28,229 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 3.857142857142857) internal successors, (27), 7 states have internal predecessors, (27), 4 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 3 states have call predecessors, (5), 4 states have call successors, (5) [2022-11-19 08:15:28,229 INFO L276 IsEmpty]: Start isEmpty. Operand 460 states and 589 transitions. [2022-11-19 08:15:28,232 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2022-11-19 08:15:28,233 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:28,233 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:28,233 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-19 08:15:28,234 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:28,234 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:28,235 INFO L85 PathProgramCache]: Analyzing trace with hash -1720944663, now seen corresponding path program 1 times [2022-11-19 08:15:28,235 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:28,235 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1553777821] [2022-11-19 08:15:28,235 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:28,236 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:28,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:28,373 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 15 proven. 1 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-19 08:15:28,373 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:28,373 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1553777821] [2022-11-19 08:15:28,374 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1553777821] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-19 08:15:28,374 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [294690372] [2022-11-19 08:15:28,374 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:28,374 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:15:28,375 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:15:28,379 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-19 08:15:28,396 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-19 08:15:28,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:28,544 INFO L263 TraceCheckSpWp]: Trace formula consists of 314 conjuncts, 22 conjunts are in the unsatisfiable core [2022-11-19 08:15:28,551 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-19 08:15:28,821 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 22 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-19 08:15:28,823 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-19 08:15:29,085 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 14 proven. 1 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2022-11-19 08:15:29,086 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [294690372] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-19 08:15:29,086 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [149060019] [2022-11-19 08:15:29,118 INFO L159 IcfgInterpreter]: Started Sifa with 43 locations of interest [2022-11-19 08:15:29,118 INFO L166 IcfgInterpreter]: Building call graph [2022-11-19 08:15:29,124 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-19 08:15:29,131 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-19 08:15:29,132 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-19 08:15:32,830 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 53 for LOIs [2022-11-19 08:15:32,843 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 49 for LOIs [2022-11-19 08:15:34,043 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 41 for LOIs [2022-11-19 08:15:34,051 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 26 for LOIs [2022-11-19 08:15:34,208 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 27 for LOIs [2022-11-19 08:15:34,211 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-19 08:15:40,603 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '4940#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= ~methaneLevelCritical~0 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| |timeShift_getWaterLevel_#res#1|) (= ~head~0.offset 0) (= 1 ~systemActive~0) (= |old(~pumpRunning~0)| 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| ~waterLevel~0) (<= 2 |old(~waterLevel~0)|) (<= 0 ~pumpRunning~0) (= ~head~0.base 0) (= |#NULL.offset| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (<= |timeShift_getWaterLevel_~retValue_acc~5#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 2 |timeShift_getWaterLevel_~retValue_acc~5#1|))' at error location [2022-11-19 08:15:40,603 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-19 08:15:40,604 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-19 08:15:40,604 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 6, 6] total 13 [2022-11-19 08:15:40,604 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [851875991] [2022-11-19 08:15:40,604 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-19 08:15:40,605 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 13 states [2022-11-19 08:15:40,606 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:40,606 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 13 interpolants. [2022-11-19 08:15:40,609 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=227, Invalid=1753, Unknown=0, NotChecked=0, Total=1980 [2022-11-19 08:15:40,610 INFO L87 Difference]: Start difference. First operand 460 states and 589 transitions. Second operand has 13 states, 12 states have (on average 7.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (18), 3 states have call predecessors, (18), 5 states have return successors, (17), 5 states have call predecessors, (17), 4 states have call successors, (17) [2022-11-19 08:15:43,778 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:43,778 INFO L93 Difference]: Finished difference Result 2959 states and 4123 transitions. [2022-11-19 08:15:43,782 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 45 states. [2022-11-19 08:15:43,782 INFO L78 Accepts]: Start accepts. Automaton has has 13 states, 12 states have (on average 7.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (18), 3 states have call predecessors, (18), 5 states have return successors, (17), 5 states have call predecessors, (17), 4 states have call successors, (17) Word has length 63 [2022-11-19 08:15:43,783 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:43,800 INFO L225 Difference]: With dead ends: 2959 [2022-11-19 08:15:43,800 INFO L226 Difference]: Without dead ends: 2329 [2022-11-19 08:15:43,808 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 245 GetRequests, 160 SyntacticMatches, 1 SemanticMatches, 84 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2282 ImplicationChecksByTransitivity, 7.6s TimeCoverageRelationStatistics Valid=634, Invalid=6676, Unknown=0, NotChecked=0, Total=7310 [2022-11-19 08:15:43,810 INFO L413 NwaCegarLoop]: 228 mSDtfsCounter, 373 mSDsluCounter, 1126 mSDsCounter, 0 mSdLazyCounter, 1820 mSolverCounterSat, 315 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 381 SdHoareTripleChecker+Valid, 1354 SdHoareTripleChecker+Invalid, 2135 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.1s SdHoareTripleChecker+Time, 315 IncrementalHoareTripleChecker+Valid, 1820 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:43,810 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [381 Valid, 1354 Invalid, 2135 Unknown, 0 Unchecked, 0.1s Time], IncrementalHoareTripleChecker [315 Valid, 1820 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-11-19 08:15:43,814 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2329 states. [2022-11-19 08:15:44,105 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2329 to 2163. [2022-11-19 08:15:44,111 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2163 states, 1429 states have (on average 1.2148355493351994) internal successors, (1736), 1593 states have internal predecessors, (1736), 380 states have call successors, (380), 315 states have call predecessors, (380), 353 states have return successors, (708), 366 states have call predecessors, (708), 380 states have call successors, (708) [2022-11-19 08:15:44,128 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2163 states to 2163 states and 2824 transitions. [2022-11-19 08:15:44,130 INFO L78 Accepts]: Start accepts. Automaton has 2163 states and 2824 transitions. Word has length 63 [2022-11-19 08:15:44,130 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:44,130 INFO L495 AbstractCegarLoop]: Abstraction has 2163 states and 2824 transitions. [2022-11-19 08:15:44,131 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 13 states, 12 states have (on average 7.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (18), 3 states have call predecessors, (18), 5 states have return successors, (17), 5 states have call predecessors, (17), 4 states have call successors, (17) [2022-11-19 08:15:44,131 INFO L276 IsEmpty]: Start isEmpty. Operand 2163 states and 2824 transitions. [2022-11-19 08:15:44,141 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 62 [2022-11-19 08:15:44,142 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:44,142 INFO L195 NwaCegarLoop]: trace histogram [4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:44,156 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-19 08:15:44,350 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:15:44,350 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:44,351 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:44,351 INFO L85 PathProgramCache]: Analyzing trace with hash 2009817692, now seen corresponding path program 1 times [2022-11-19 08:15:44,352 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:44,354 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1899643489] [2022-11-19 08:15:44,354 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:44,355 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:44,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:44,537 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 16 proven. 0 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2022-11-19 08:15:44,540 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:44,541 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1899643489] [2022-11-19 08:15:44,541 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1899643489] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:15:44,541 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:15:44,541 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-19 08:15:44,542 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [855688221] [2022-11-19 08:15:44,542 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:15:44,543 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-19 08:15:44,543 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:44,543 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-19 08:15:44,544 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-11-19 08:15:44,544 INFO L87 Difference]: Start difference. First operand 2163 states and 2824 transitions. Second operand has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 4 states have call successors, (9), 2 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-19 08:15:44,832 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:44,833 INFO L93 Difference]: Finished difference Result 3354 states and 4392 transitions. [2022-11-19 08:15:44,833 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-19 08:15:44,834 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 4 states have call successors, (9), 2 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) Word has length 61 [2022-11-19 08:15:44,835 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:44,848 INFO L225 Difference]: With dead ends: 3354 [2022-11-19 08:15:44,848 INFO L226 Difference]: Without dead ends: 1260 [2022-11-19 08:15:44,858 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-11-19 08:15:44,861 INFO L413 NwaCegarLoop]: 45 mSDtfsCounter, 60 mSDsluCounter, 46 mSDsCounter, 0 mSdLazyCounter, 85 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 63 SdHoareTripleChecker+Valid, 91 SdHoareTripleChecker+Invalid, 91 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 85 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:44,862 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [63 Valid, 91 Invalid, 91 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 85 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-19 08:15:44,865 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1260 states. [2022-11-19 08:15:45,042 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1260 to 1212. [2022-11-19 08:15:45,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1212 states, 788 states have (on average 1.16751269035533) internal successors, (920), 873 states have internal predecessors, (920), 213 states have call successors, (213), 189 states have call predecessors, (213), 210 states have return successors, (352), 207 states have call predecessors, (352), 213 states have call successors, (352) [2022-11-19 08:15:45,052 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1212 states to 1212 states and 1485 transitions. [2022-11-19 08:15:45,053 INFO L78 Accepts]: Start accepts. Automaton has 1212 states and 1485 transitions. Word has length 61 [2022-11-19 08:15:45,053 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:45,054 INFO L495 AbstractCegarLoop]: Abstraction has 1212 states and 1485 transitions. [2022-11-19 08:15:45,054 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 4 states have call successors, (9), 2 states have call predecessors, (9), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-19 08:15:45,054 INFO L276 IsEmpty]: Start isEmpty. Operand 1212 states and 1485 transitions. [2022-11-19 08:15:45,059 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-19 08:15:45,059 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:45,059 INFO L195 NwaCegarLoop]: trace histogram [4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:45,060 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-19 08:15:45,060 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:45,060 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:45,060 INFO L85 PathProgramCache]: Analyzing trace with hash 732097012, now seen corresponding path program 1 times [2022-11-19 08:15:45,061 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:45,061 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1213288477] [2022-11-19 08:15:45,061 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:45,061 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:45,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:45,592 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 11 proven. 7 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2022-11-19 08:15:45,592 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:45,593 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1213288477] [2022-11-19 08:15:45,593 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1213288477] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-19 08:15:45,593 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1982995420] [2022-11-19 08:15:45,593 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:45,593 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:15:45,594 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:15:45,599 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-19 08:15:45,626 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-19 08:15:45,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:45,729 INFO L263 TraceCheckSpWp]: Trace formula consists of 334 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-19 08:15:45,737 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-19 08:15:45,829 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 28 proven. 0 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-19 08:15:45,830 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-19 08:15:45,830 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1982995420] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:15:45,831 INFO L184 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-11-19 08:15:45,831 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [16] total 17 [2022-11-19 08:15:45,831 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1237634400] [2022-11-19 08:15:45,831 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:15:45,832 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-19 08:15:45,832 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:15:45,833 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-19 08:15:45,833 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=233, Unknown=0, NotChecked=0, Total=272 [2022-11-19 08:15:45,834 INFO L87 Difference]: Start difference. First operand 1212 states and 1485 transitions. Second operand has 5 states, 5 states have (on average 9.6) internal successors, (48), 5 states have internal predecessors, (48), 4 states have call successors, (11), 4 states have call predecessors, (11), 4 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-19 08:15:46,235 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:15:46,236 INFO L93 Difference]: Finished difference Result 2066 states and 2571 transitions. [2022-11-19 08:15:46,236 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-19 08:15:46,237 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.6) internal successors, (48), 5 states have internal predecessors, (48), 4 states have call successors, (11), 4 states have call predecessors, (11), 4 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) Word has length 71 [2022-11-19 08:15:46,237 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:15:46,243 INFO L225 Difference]: With dead ends: 2066 [2022-11-19 08:15:46,244 INFO L226 Difference]: Without dead ends: 966 [2022-11-19 08:15:46,248 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 93 GetRequests, 75 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 37 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=53, Invalid=327, Unknown=0, NotChecked=0, Total=380 [2022-11-19 08:15:46,249 INFO L413 NwaCegarLoop]: 57 mSDtfsCounter, 86 mSDsluCounter, 71 mSDsCounter, 0 mSdLazyCounter, 126 mSolverCounterSat, 50 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 86 SdHoareTripleChecker+Valid, 128 SdHoareTripleChecker+Invalid, 176 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 50 IncrementalHoareTripleChecker+Valid, 126 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-19 08:15:46,249 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [86 Valid, 128 Invalid, 176 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [50 Valid, 126 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-19 08:15:46,252 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 966 states. [2022-11-19 08:15:46,367 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 966 to 835. [2022-11-19 08:15:46,369 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 835 states, 539 states have (on average 1.1391465677179964) internal successors, (614), 592 states have internal predecessors, (614), 147 states have call successors, (147), 135 states have call predecessors, (147), 148 states have return successors, (217), 142 states have call predecessors, (217), 147 states have call successors, (217) [2022-11-19 08:15:46,373 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 835 states to 835 states and 978 transitions. [2022-11-19 08:15:46,374 INFO L78 Accepts]: Start accepts. Automaton has 835 states and 978 transitions. Word has length 71 [2022-11-19 08:15:46,374 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:15:46,375 INFO L495 AbstractCegarLoop]: Abstraction has 835 states and 978 transitions. [2022-11-19 08:15:46,375 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.6) internal successors, (48), 5 states have internal predecessors, (48), 4 states have call successors, (11), 4 states have call predecessors, (11), 4 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-19 08:15:46,375 INFO L276 IsEmpty]: Start isEmpty. Operand 835 states and 978 transitions. [2022-11-19 08:15:46,377 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 73 [2022-11-19 08:15:46,377 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:15:46,378 INFO L195 NwaCegarLoop]: trace histogram [4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:15:46,389 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-19 08:15:46,584 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable7 [2022-11-19 08:15:46,584 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:15:46,585 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:15:46,585 INFO L85 PathProgramCache]: Analyzing trace with hash 842138188, now seen corresponding path program 1 times [2022-11-19 08:15:46,585 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:15:46,586 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1471924203] [2022-11-19 08:15:46,586 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:46,586 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:15:46,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:47,152 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 6 proven. 18 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2022-11-19 08:15:47,153 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:15:47,153 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1471924203] [2022-11-19 08:15:47,153 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1471924203] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-19 08:15:47,153 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1507656029] [2022-11-19 08:15:47,153 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:15:47,154 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:15:47,154 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:15:47,155 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-19 08:15:47,160 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-19 08:15:47,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:15:47,261 INFO L263 TraceCheckSpWp]: Trace formula consists of 338 conjuncts, 39 conjunts are in the unsatisfiable core [2022-11-19 08:15:47,264 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-19 08:15:47,865 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 18 proven. 13 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2022-11-19 08:15:47,865 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-19 08:15:48,538 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 14 proven. 1 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-11-19 08:15:48,539 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1507656029] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-19 08:15:48,539 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1862844289] [2022-11-19 08:15:48,542 INFO L159 IcfgInterpreter]: Started Sifa with 43 locations of interest [2022-11-19 08:15:48,543 INFO L166 IcfgInterpreter]: Building call graph [2022-11-19 08:15:48,543 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-19 08:15:48,544 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-19 08:15:48,544 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-19 08:15:53,977 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 127 for LOIs [2022-11-19 08:15:54,002 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 31 for LOIs [2022-11-19 08:15:54,418 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 58 for LOIs [2022-11-19 08:15:54,432 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 26 for LOIs [2022-11-19 08:15:54,709 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 29 for LOIs [2022-11-19 08:15:54,712 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__base with input of size 28 for LOIs [2022-11-19 08:15:54,714 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-19 08:16:02,767 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '25140#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (<= 0 |old(~pumpRunning~0)|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (<= 0 |old(~switchedOnBeforeTS~0)|) (= |timeShift_getWaterLevel_~retValue_acc~5#1| |timeShift_getWaterLevel_#res#1|) (= ~head~0.offset 0) (<= 1 ~systemActive~0) (<= |#NULL.offset| 0) (<= |old(~switchedOnBeforeTS~0)| 0) (= |timeShift_getWaterLevel_~retValue_acc~5#1| ~waterLevel~0) (<= |old(~pumpRunning~0)| 0) (<= ~methaneLevelCritical~0 0) (<= 0 ~head~0.base) (<= 0 ~methaneLevelCritical~0) (= |old(~waterLevel~0)| ~waterLevel~0) (<= 0 ~pumpRunning~0) (<= ~head~0.base 0) (<= 0 |#NULL.offset|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (<= |timeShift_getWaterLevel_~retValue_acc~5#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= ~systemActive~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-19 08:16:02,768 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-19 08:16:02,768 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-19 08:16:02,768 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 12, 11] total 27 [2022-11-19 08:16:02,768 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1622619799] [2022-11-19 08:16:02,768 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-19 08:16:02,769 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 27 states [2022-11-19 08:16:02,769 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:16:02,770 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2022-11-19 08:16:02,771 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=405, Invalid=2787, Unknown=0, NotChecked=0, Total=3192 [2022-11-19 08:16:02,772 INFO L87 Difference]: Start difference. First operand 835 states and 978 transitions. Second operand has 27 states, 25 states have (on average 4.32) internal successors, (108), 26 states have internal predecessors, (108), 14 states have call successors, (30), 10 states have call predecessors, (30), 11 states have return successors, (28), 13 states have call predecessors, (28), 14 states have call successors, (28) [2022-11-19 08:16:06,204 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:16:06,204 INFO L93 Difference]: Finished difference Result 1947 states and 2341 transitions. [2022-11-19 08:16:06,205 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 46 states. [2022-11-19 08:16:06,205 INFO L78 Accepts]: Start accepts. Automaton has has 27 states, 25 states have (on average 4.32) internal successors, (108), 26 states have internal predecessors, (108), 14 states have call successors, (30), 10 states have call predecessors, (30), 11 states have return successors, (28), 13 states have call predecessors, (28), 14 states have call successors, (28) Word has length 72 [2022-11-19 08:16:06,206 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:16:06,206 INFO L225 Difference]: With dead ends: 1947 [2022-11-19 08:16:06,206 INFO L226 Difference]: Without dead ends: 0 [2022-11-19 08:16:06,214 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 273 GetRequests, 166 SyntacticMatches, 14 SemanticMatches, 93 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3468 ImplicationChecksByTransitivity, 10.4s TimeCoverageRelationStatistics Valid=1204, Invalid=7726, Unknown=0, NotChecked=0, Total=8930 [2022-11-19 08:16:06,217 INFO L413 NwaCegarLoop]: 52 mSDtfsCounter, 902 mSDsluCounter, 394 mSDsCounter, 0 mSdLazyCounter, 1127 mSolverCounterSat, 607 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 908 SdHoareTripleChecker+Valid, 446 SdHoareTripleChecker+Invalid, 1734 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 607 IncrementalHoareTripleChecker+Valid, 1127 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-11-19 08:16:06,217 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [908 Valid, 446 Invalid, 1734 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [607 Valid, 1127 Invalid, 0 Unknown, 0 Unchecked, 1.3s Time] [2022-11-19 08:16:06,218 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-19 08:16:06,218 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-19 08:16:06,219 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-19 08:16:06,219 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-19 08:16:06,219 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 72 [2022-11-19 08:16:06,220 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:16:06,220 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-19 08:16:06,220 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 27 states, 25 states have (on average 4.32) internal successors, (108), 26 states have internal predecessors, (108), 14 states have call successors, (30), 10 states have call predecessors, (30), 11 states have return successors, (28), 13 states have call predecessors, (28), 14 states have call successors, (28) [2022-11-19 08:16:06,221 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-19 08:16:06,221 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-19 08:16:06,224 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-19 08:16:06,237 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-11-19 08:16:06,436 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable8 [2022-11-19 08:16:06,439 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-19 08:16:27,736 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 748 754) no Hoare annotation was computed. [2022-11-19 08:16:27,737 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 748 754) the Hoare annotation is: true [2022-11-19 08:16:27,737 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 603 614) the Hoare annotation is: (let ((.cse5 (= |old(~methaneLevelCritical~0)| 0)) (.cse2 (= ~methaneLevelCritical~0 0))) (let ((.cse1 (not (= ~pumpRunning~0 0))) (.cse7 (not (<= 2 ~waterLevel~0))) (.cse6 (not .cse2)) (.cse8 (not (<= ~waterLevel~0 2))) (.cse0 (not .cse5)) (.cse3 (not (<= ~waterLevel~0 1))) (.cse4 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 (not (<= 1 ~waterLevel~0)) .cse3 .cse4) (or .cse1 .cse5 .cse6 .cse4 (not (< ~waterLevel~0 3))) (or .cse0 .cse2 .cse7 .cse8 .cse4) (or .cse5 .cse7 .cse6 .cse8 .cse4) (or .cse0 .cse2 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse3 .cse4)))) [2022-11-19 08:16:27,738 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 603 614) no Hoare annotation was computed. [2022-11-19 08:16:27,738 INFO L899 garLoopResultBuilder]: For program point L85(lines 85 91) no Hoare annotation was computed. [2022-11-19 08:16:27,738 INFO L895 garLoopResultBuilder]: At program point L796(line 796) the Hoare annotation is: (let ((.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= |timeShift_processEnvironment_~tmp~6#1| ~methaneLevelCritical~0)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse5 (= 0 ~systemActive~0)) (.cse6 (= |old(~switchedOnBeforeTS~0)| 0))) (and (or .cse0 .cse1 (and .cse2 (not (< 0 ~waterLevel~0)) .cse3 (<= ~waterLevel~0 |old(~waterLevel~0)|) .cse4) .cse5 .cse6) (or (and .cse2 .cse7 .cse3 (= ~waterLevel~0 1) .cse4) .cse5 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~pumpRunning~0)| 0)) .cse5 (not (< |old(~waterLevel~0)| 3))) (or .cse0 .cse1 .cse7 .cse5 .cse6))) [2022-11-19 08:16:27,739 INFO L895 garLoopResultBuilder]: At program point L788(line 788) the Hoare annotation is: (let ((.cse1 (not (< |old(~waterLevel~0)| 3))) (.cse0 (= 0 ~systemActive~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) (and .cse2 (or (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) (and (not (< 0 ~waterLevel~0)) (<= ~waterLevel~0 |old(~waterLevel~0)|))) .cse3) .cse0 .cse1) (or .cse0 (not (<= |old(~waterLevel~0)| 2)) (and .cse2 (= ~waterLevel~0 1) .cse3) (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-19 08:16:27,739 INFO L899 garLoopResultBuilder]: For program point L788-1(line 788) no Hoare annotation was computed. [2022-11-19 08:16:27,740 INFO L895 garLoopResultBuilder]: At program point L82(line 82) the Hoare annotation is: (let ((.cse11 (= ~methaneLevelCritical~0 0)) (.cse12 (= ~pumpRunning~0 0)) (.cse14 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (or (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) (and (not (< 0 ~waterLevel~0)) .cse14) (and .cse12 .cse14))) (.cse10 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse9 (not (< |old(~waterLevel~0)| 3))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse1 (not .cse11)) (.cse3 (not (= ~switchedOnBeforeTS~0 0))) (.cse6 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse13 (<= 1 ~waterLevel~0)) (.cse7 (= |timeShift_processEnvironment_~tmp~6#1| ~methaneLevelCritical~0)) (.cse15 (not (= |old(~waterLevel~0)| 2))) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) .cse9 .cse10) (or .cse0 .cse11 (and .cse3 .cse5 .cse12 .cse6 .cse7) .cse2 .cse9 .cse10) (or (not (= |old(~pumpRunning~0)| 0)) (and (or (not (= |old(~waterLevel~0)| 1)) .cse13) .cse12 .cse6 .cse14 .cse8) .cse2 .cse9) (or (and .cse3 .cse4 .cse6 (= ~waterLevel~0 1) .cse8) .cse1 .cse2 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse11 (and .cse3 .cse12 .cse6 (<= ~waterLevel~0 1) .cse13) .cse15 .cse2) (or .cse7 .cse15 .cse2)))) [2022-11-19 08:16:27,740 INFO L899 garLoopResultBuilder]: For program point L82-1(line 82) no Hoare annotation was computed. [2022-11-19 08:16:27,741 INFO L895 garLoopResultBuilder]: At program point L710(line 710) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) (not (<= |old(~waterLevel~0)| 1)) .cse0) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (< |old(~waterLevel~0)| 3))))) [2022-11-19 08:16:27,741 INFO L895 garLoopResultBuilder]: At program point L801(line 801) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= 0 ~systemActive~0))) (and (or (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 .cse1) .cse2 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) (not (<= |old(~waterLevel~0)| 1)) .cse2 (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse3 (and .cse0 (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse2 (not (< |old(~waterLevel~0)| 3))) (or .cse3 (not (= |old(~waterLevel~0)| 1)) .cse1 .cse2))) [2022-11-19 08:16:27,742 INFO L895 garLoopResultBuilder]: At program point L801-1(lines 782 806) the Hoare annotation is: (let ((.cse10 (not (= ~switchedOnBeforeTS~0 0))) (.cse13 (= |timeShift_processEnvironment_~tmp~6#1| ~methaneLevelCritical~0)) (.cse1 (<= 1 ~waterLevel~0)) (.cse2 (= 0 ~systemActive~0)) (.cse4 (= ~methaneLevelCritical~0 0)) (.cse12 (= ~pumpRunning~0 0)) (.cse18 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (let ((.cse6 (not (<= |old(~waterLevel~0)| 2))) (.cse7 (not (<= 2 |old(~waterLevel~0)|))) (.cse3 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse11 (or (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) (and (not (< 0 ~waterLevel~0)) .cse18) (and .cse12 .cse18))) (.cse8 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse9 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse15 (not .cse4)) (.cse16 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse17 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (and .cse10 .cse12 (<= ~waterLevel~0 1) .cse13 .cse1 (not .cse2))) (.cse19 (not (= |old(~waterLevel~0)| 2))) (.cse14 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 .cse2) (or .cse3 .cse4 .cse5 .cse2 .cse6 .cse7 .cse8) (or .cse3 .cse9 .cse4 .cse2 (and .cse10 .cse11 .cse12 .cse13) .cse8) (or .cse0 .cse14 .cse2 .cse6 .cse7) (or .cse3 .cse15 (and .cse16 .cse11 .cse13 .cse17) .cse2 (not (< |old(~waterLevel~0)| 3)) .cse8) (or .cse9 .cse0 (and .cse12 .cse18 .cse17) .cse2) (or .cse15 (and .cse16 .cse13 (= ~waterLevel~0 1) .cse17) .cse19 .cse14 .cse2) (or .cse4 .cse5 .cse19 .cse14 .cse2)))) [2022-11-19 08:16:27,743 INFO L895 garLoopResultBuilder]: At program point L735-1(lines 735 741) the Hoare annotation is: (let ((.cse9 (= ~methaneLevelCritical~0 0))) (let ((.cse19 (<= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse0 (not (= ~switchedOnBeforeTS~0 0))) (.cse18 (= ~pumpRunning~0 0)) (.cse2 (= |timeShift_processEnvironment_~tmp~6#1| ~methaneLevelCritical~0)) (.cse4 (not .cse9)) (.cse15 (<= 1 ~waterLevel~0)) (.cse7 (= 0 ~systemActive~0))) (let ((.cse10 (and .cse0 .cse18 (<= ~waterLevel~0 1) .cse2 .cse4 .cse15 (not .cse7))) (.cse5 (not (= |old(~waterLevel~0)| 2))) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse11 (not (<= |old(~waterLevel~0)| 2))) (.cse12 (not (<= 2 |old(~waterLevel~0)|))) (.cse8 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse17 (or (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) (and (not (< 0 ~waterLevel~0)) .cse19) (and .cse18 .cse19))) (.cse13 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse16 (not (<= |old(~waterLevel~0)| 1))) (.cse14 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (and (or (and .cse0 .cse1 .cse2 (= ~waterLevel~0 1) .cse3) .cse4 .cse5 .cse6 .cse7) (or .cse8 .cse9 .cse10 .cse7 .cse11 .cse12 .cse13) (or .cse9 .cse10 .cse5 .cse6 .cse7) (or .cse14 (not (= |old(~waterLevel~0)| 1)) .cse15 .cse7) (or .cse8 .cse16 .cse9 .cse7 (and .cse0 .cse17 .cse18 .cse2) .cse13) (or .cse14 .cse6 .cse7 .cse11 .cse12) (or .cse8 .cse4 (and .cse0 .cse1 .cse17 .cse2 .cse3) .cse7 (not (< |old(~waterLevel~0)| 3)) .cse13) (or .cse16 .cse14 (and .cse18 .cse19 .cse3) .cse7))))) [2022-11-19 08:16:27,743 INFO L895 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: (let ((.cse6 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (< |old(~waterLevel~0)| 3))) (.cse4 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6)) (.cse3 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (= ~switchedOnBeforeTS~0 0)) .cse0 .cse1 .cse2 (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse3 .cse4 .cse1 .cse2) (or .cse4 .cse1 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse1 .cse5 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 (and (= ~pumpRunning~0 0) .cse6) .cse1)))) [2022-11-19 08:16:27,744 INFO L895 garLoopResultBuilder]: At program point L67-1(line 67) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1| ~pumpRunning~0)) (.cse3 (= 0 ~systemActive~0))) (and (or (and .cse0 .cse1 .cse2) .cse3 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) (and .cse0 .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse2) .cse3 (not (< |old(~waterLevel~0)| 3)) (= |old(~switchedOnBeforeTS~0)| 0)) (or (not (<= |old(~waterLevel~0)| 1)) (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse1 .cse2) .cse3))) [2022-11-19 08:16:27,744 INFO L899 garLoopResultBuilder]: For program point L728-2(lines 724 746) no Hoare annotation was computed. [2022-11-19 08:16:27,744 INFO L895 garLoopResultBuilder]: At program point L790(lines 790 798) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (= |timeShift_processEnvironment_~tmp~6#1| ~methaneLevelCritical~0)) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse3 (= 0 ~systemActive~0))) (and (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) (not (<= |old(~waterLevel~0)| 1)) (and .cse0 (not (< 0 ~waterLevel~0)) .cse1 (<= ~waterLevel~0 |old(~waterLevel~0)|) .cse2) .cse3) (or (and .cse0 .cse1 (= ~waterLevel~0 1) .cse2) (not (= |old(~waterLevel~0)| 2)) .cse3) (or (not (= |old(~pumpRunning~0)| 0)) .cse3 (not (< |old(~waterLevel~0)| 3))))) [2022-11-19 08:16:27,745 INFO L899 garLoopResultBuilder]: For program point L84(lines 84 94) no Hoare annotation was computed. [2022-11-19 08:16:27,745 INFO L899 garLoopResultBuilder]: For program point L786(lines 786 803) no Hoare annotation was computed. [2022-11-19 08:16:27,745 INFO L899 garLoopResultBuilder]: For program point L80(lines 80 97) no Hoare annotation was computed. [2022-11-19 08:16:27,745 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 721 747) the Hoare annotation is: (let ((.cse6 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse2 (not (< |old(~waterLevel~0)| 3))) (.cse4 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse6)) (.cse3 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= 0 ~systemActive~0))) (and (or (not (= ~switchedOnBeforeTS~0 0)) .cse0 .cse1 .cse2 (= |old(~switchedOnBeforeTS~0)| 0)) (or .cse3 .cse4 .cse1 .cse2) (or .cse4 .cse1 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse3 .cse1 .cse5 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (or (not (<= |old(~waterLevel~0)| 1)) .cse0 (and (= ~pumpRunning~0 0) .cse6) .cse1)))) [2022-11-19 08:16:27,746 INFO L895 garLoopResultBuilder]: At program point L80-1(lines 72 100) the Hoare annotation is: (let ((.cse15 (= ~methaneLevelCritical~0 0)) (.cse3 (= ~pumpRunning~0 0)) (.cse1 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse6 (not (< |old(~waterLevel~0)| 3))) (.cse12 (or (<= (+ ~waterLevel~0 1) |old(~waterLevel~0)|) (and (not (< 0 ~waterLevel~0)) .cse1) (and .cse3 .cse1))) (.cse14 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse5 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse17 (not (= |old(~waterLevel~0)| 2))) (.cse10 (not (= ~switchedOnBeforeTS~0 0))) (.cse16 (<= ~waterLevel~0 1)) (.cse13 (= |timeShift_processEnvironment_~tmp~6#1| ~methaneLevelCritical~0)) (.cse7 (<= 1 ~waterLevel~0)) (.cse18 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (.cse9 (not .cse15)) (.cse11 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse19 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 (and (= 2 ~waterLevel~0) .cse1) .cse2 (and .cse3 .cse4 .cse1 .cse5) .cse6) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse7 .cse2) (or .cse8 .cse9 .cse2 (and .cse10 .cse11 .cse12 .cse4 .cse13 .cse5) .cse6 .cse14) (or .cse8 .cse15 .cse2 .cse6 (and .cse10 .cse12 .cse3 .cse4 .cse16 .cse13) .cse14) (or .cse9 (and .cse10 .cse13 (= ~waterLevel~0 1) .cse5) .cse17 .cse2 .cse18) (or .cse15 .cse17 .cse2 (and .cse10 .cse3 .cse4 .cse16 .cse13 .cse7) (and .cse19 .cse18)) (or .cse9 (and .cse11 .cse4) .cse19 .cse2 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|)))))) [2022-11-19 08:16:27,746 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 721 747) no Hoare annotation was computed. [2022-11-19 08:16:27,747 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 710) no Hoare annotation was computed. [2022-11-19 08:16:27,747 INFO L902 garLoopResultBuilder]: At program point L129(lines 104 133) the Hoare annotation is: true [2022-11-19 08:16:27,747 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 104 133) no Hoare annotation was computed. [2022-11-19 08:16:27,747 INFO L899 garLoopResultBuilder]: For program point L125(line 125) no Hoare annotation was computed. [2022-11-19 08:16:27,748 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 104 133) the Hoare annotation is: true [2022-11-19 08:16:27,748 INFO L899 garLoopResultBuilder]: For program point L118(lines 118 122) no Hoare annotation was computed. [2022-11-19 08:16:27,748 INFO L902 garLoopResultBuilder]: At program point L118-1(lines 118 122) the Hoare annotation is: true [2022-11-19 08:16:27,748 INFO L902 garLoopResultBuilder]: At program point L114-2(lines 114 128) the Hoare annotation is: true [2022-11-19 08:16:27,748 INFO L902 garLoopResultBuilder]: At program point L110(line 110) the Hoare annotation is: true [2022-11-19 08:16:27,749 INFO L899 garLoopResultBuilder]: For program point L110-1(line 110) no Hoare annotation was computed. [2022-11-19 08:16:27,749 INFO L895 garLoopResultBuilder]: At program point L956(line 956) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse5 (<= ~waterLevel~0 1)) (.cse1 (= |ULTIMATE.start_main_~tmp~1#1| ~systemActive~0)) (.cse4 (= ~methaneLevelCritical~0 0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~1#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 (= ~waterLevel~0 1)) (and .cse4 .cse5 .cse1 .cse2 .cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (<= 2 ~waterLevel~0) .cse1 .cse2 (<= ~waterLevel~0 2) .cse3) (and .cse0 .cse5 .cse1 (not .cse4) .cse2 .cse3))) [2022-11-19 08:16:27,749 INFO L902 garLoopResultBuilder]: At program point L985(lines 924 989) the Hoare annotation is: true [2022-11-19 08:16:27,750 INFO L899 garLoopResultBuilder]: For program point L944(lines 944 950) no Hoare annotation was computed. [2022-11-19 08:16:27,750 INFO L899 garLoopResultBuilder]: For program point L944-1(lines 944 950) no Hoare annotation was computed. [2022-11-19 08:16:27,750 INFO L895 garLoopResultBuilder]: At program point L193(lines 193 200) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_main_~tmp~1#1| ~systemActive~0) (= |ULTIMATE.start_main_~tmp~1#1| 1) (= ~waterLevel~0 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) [2022-11-19 08:16:27,750 INFO L902 garLoopResultBuilder]: At program point L193-2(lines 193 200) the Hoare annotation is: true [2022-11-19 08:16:27,750 INFO L902 garLoopResultBuilder]: At program point ULTIMATE.startENTRY(line -1) the Hoare annotation is: true [2022-11-19 08:16:27,751 INFO L895 garLoopResultBuilder]: At program point L982(lines 933 983) the Hoare annotation is: false [2022-11-19 08:16:27,751 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-19 08:16:27,751 INFO L899 garLoopResultBuilder]: For program point L954(lines 954 960) no Hoare annotation was computed. [2022-11-19 08:16:27,751 INFO L895 garLoopResultBuilder]: At program point L954-1(lines 954 960) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_main_~tmp~1#1| ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse3 (< ~waterLevel~0 3))) (or (and (<= 2 ~waterLevel~0) .cse0 .cse1 (<= ~waterLevel~0 2) .cse2) (and .cse0 .cse1 .cse2 .cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2 .cse3))) [2022-11-19 08:16:27,752 INFO L895 garLoopResultBuilder]: At program point L979(lines 934 981) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse5 (<= ~waterLevel~0 1)) (.cse4 (= ~methaneLevelCritical~0 0)) (.cse1 (= |ULTIMATE.start_main_~tmp~1#1| ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~1#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 (= ~waterLevel~0 1)) (and .cse4 .cse5 .cse1 .cse2 .cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and .cse0 .cse5 .cse1 (not .cse4) .cse2 .cse3) (and (= 2 ~waterLevel~0) .cse1 .cse2 .cse3))) [2022-11-19 08:16:27,752 INFO L895 garLoopResultBuilder]: At program point L946(line 946) the Hoare annotation is: (let ((.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (let ((.cse1 (<= ~waterLevel~0 1)) (.cse0 (= ~methaneLevelCritical~0 0)) (.cse7 (= ~pumpRunning~0 0)) (.cse2 (= |ULTIMATE.start_main_~tmp~1#1| ~systemActive~0)) (.cse5 (<= ~waterLevel~0 2)) (.cse6 (or (and .cse3 (= ~waterLevel~0 1)) (and (<= 2 ~waterLevel~0) .cse3))) (.cse4 (= |ULTIMATE.start_main_~tmp~1#1| 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (= 2 ~waterLevel~0) .cse2 .cse5 .cse6 .cse4) (and .cse7 .cse1 .cse2 (not .cse0) .cse3 .cse4) (and .cse7 .cse2 .cse5 .cse6 .cse4)))) [2022-11-19 08:16:27,753 INFO L895 garLoopResultBuilder]: At program point L972-2(lines 964 977) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_main_~tmp~1#1| ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse3 (< ~waterLevel~0 3))) (or (and (<= 2 ~waterLevel~0) .cse0 .cse1 (<= ~waterLevel~0 2) .cse2) (and .cse0 .cse1 .cse2 .cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2 .cse3))) [2022-11-19 08:16:27,753 INFO L899 garLoopResultBuilder]: For program point L935(lines 934 981) no Hoare annotation was computed. [2022-11-19 08:16:27,753 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 591 602) no Hoare annotation was computed. [2022-11-19 08:16:27,753 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 591 602) the Hoare annotation is: (let ((.cse3 (not (= ~pumpRunning~0 0))) (.cse2 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (= ~methaneLevelCritical~0 0)) (.cse0 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse2 .cse3 .cse4 .cse0 .cse1) (or .cse3 (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1) (or .cse2 (not .cse4) (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse0 .cse1))) [2022-11-19 08:16:27,754 INFO L899 garLoopResultBuilder]: For program point L764(lines 764 772) no Hoare annotation was computed. [2022-11-19 08:16:27,754 INFO L895 garLoopResultBuilder]: At program point L760(lines 760 777) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) .cse0 .cse1 .cse2))) [2022-11-19 08:16:27,754 INFO L895 garLoopResultBuilder]: At program point L820(line 820) the Hoare annotation is: (let ((.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (not (< ~waterLevel~0 3))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) .cse0 .cse1) (or (and (= |processEnvironment__wrappee__methaneQuery_~tmp~5#1| 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse2 .cse0 .cse3 .cse1) (or .cse2 (= 2 ~waterLevel~0) .cse0 .cse3 .cse1))) [2022-11-19 08:16:27,755 INFO L895 garLoopResultBuilder]: At program point L820-1(line 820) the Hoare annotation is: (let ((.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (not (< ~waterLevel~0 3))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) .cse0 .cse1) (or (and (= |processEnvironment__wrappee__methaneQuery_~tmp~5#1| 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse2 .cse0 .cse3 .cse1) (or .cse2 (= 2 ~waterLevel~0) .cse0 .cse3 .cse1))) [2022-11-19 08:16:27,755 INFO L895 garLoopResultBuilder]: At program point L775(line 775) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) .cse0 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) (not (<= ~waterLevel~0 2)) .cse0 .cse1))) [2022-11-19 08:16:27,755 INFO L899 garLoopResultBuilder]: For program point L775-1(lines 756 780) no Hoare annotation was computed. [2022-11-19 08:16:27,756 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__methaneQueryENTRY(lines 756 780) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 1)) .cse0 .cse1 .cse2))) [2022-11-19 08:16:27,756 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__methaneQueryEXIT(lines 756 780) no Hoare annotation was computed. [2022-11-19 08:16:27,756 INFO L895 garLoopResultBuilder]: At program point L770(line 770) the Hoare annotation is: (let ((.cse1 (<= ~waterLevel~0 1)) (.cse0 (= 0 ~systemActive~0)) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (and (= |processEnvironment__wrappee__methaneQuery_~tmp~5#1| 0) .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (not (< ~waterLevel~0 3)) .cse2) (or (not (= ~methaneLevelCritical~0 0)) (not .cse1) .cse0 (= ~switchedOnBeforeTS~0 0) .cse2))) [2022-11-19 08:16:27,757 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 851 859) no Hoare annotation was computed. [2022-11-19 08:16:27,757 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 851 859) the Hoare annotation is: true [2022-11-19 08:16:27,757 INFO L902 garLoopResultBuilder]: At program point isMethaneAlarmENTRY(lines 840 850) the Hoare annotation is: true [2022-11-19 08:16:27,757 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmEXIT(lines 840 850) no Hoare annotation was computed. [2022-11-19 08:16:27,761 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:16:27,764 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-19 08:16:27,814 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 19.11 08:16:27 BoogieIcfgContainer [2022-11-19 08:16:27,814 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-19 08:16:27,815 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-19 08:16:27,815 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-19 08:16:27,816 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-19 08:16:27,816 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.11 08:15:23" (3/4) ... [2022-11-19 08:16:27,820 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-19 08:16:27,828 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-19 08:16:27,829 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-19 08:16:27,829 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-19 08:16:27,829 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-19 08:16:27,830 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-19 08:16:27,830 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__methaneQuery [2022-11-19 08:16:27,830 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-19 08:16:27,830 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneAlarm [2022-11-19 08:16:27,839 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 50 nodes and edges [2022-11-19 08:16:27,840 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 13 nodes and edges [2022-11-19 08:16:27,840 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 6 nodes and edges [2022-11-19 08:16:27,841 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-19 08:16:27,842 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-19 08:16:27,875 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning)) || 0 == systemActive) [2022-11-19 08:16:27,876 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == \old(pumpRunning)) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && !(methaneLevelCritical == 0)) && 1 <= waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0)) && ((((methaneLevelCritical == 0 || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && !(methaneLevelCritical == 0)) && 1 <= waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 1 <= waterLevel) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || methaneLevelCritical == 0) || 0 == systemActive) || (((!(switchedOnBeforeTS == 0) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && pumpRunning == 0) && tmp == methaneLevelCritical)) || \old(switchedOnBeforeTS) == 0)) && ((((!(\old(pumpRunning) == 0) || \old(waterLevel) == waterLevel) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || ((((!(switchedOnBeforeTS == 0) && pumpRunning == \old(pumpRunning)) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && tmp == methaneLevelCritical) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) [2022-11-19 08:16:27,877 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(pumpRunning) == 0) || (2 == waterLevel && waterLevel <= \old(waterLevel))) || 0 == systemActive) || (((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) < 3)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 1 <= waterLevel) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || 0 == systemActive) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == \old(pumpRunning)) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && tmp == waterLevel) && tmp == methaneLevelCritical) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((((!(switchedOnBeforeTS == 0) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && tmp == methaneLevelCritical)) || \old(switchedOnBeforeTS) == 0)) && ((((!(methaneLevelCritical == 0) || (((!(switchedOnBeforeTS == 0) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || tmp == 2)) && ((((methaneLevelCritical == 0 || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && tmp == methaneLevelCritical) && 1 <= waterLevel)) || (\old(waterLevel) == waterLevel && tmp == 2))) && (((((!(methaneLevelCritical == 0) || (pumpRunning == \old(pumpRunning) && tmp == waterLevel)) || \old(waterLevel) == waterLevel) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) [2022-11-19 08:16:27,877 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || 0 == systemActive)) && ((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) [2022-11-19 08:16:27,877 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 1 <= waterLevel) || 0 == systemActive) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && 1 <= waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || methaneLevelCritical == 0) || 0 == systemActive) || (((!(switchedOnBeforeTS == 0) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && pumpRunning == 0) && tmp == methaneLevelCritical)) || \old(switchedOnBeforeTS) == 0)) && ((((!(\old(pumpRunning) == 0) || \old(waterLevel) == waterLevel) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && tmp == methaneLevelCritical) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive)) && ((((!(methaneLevelCritical == 0) || (((pumpRunning == \old(pumpRunning) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive)) && ((((methaneLevelCritical == 0 || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && 1 <= waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive) [2022-11-19 08:16:27,878 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(methaneLevelCritical == 0) || !(waterLevel <= 1)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-19 08:16:27,878 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || ((((pumpRunning == \old(pumpRunning) && !(0 < waterLevel)) && tmp == methaneLevelCritical) && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) && (((((pumpRunning == \old(pumpRunning) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) [2022-11-19 08:16:27,879 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(methaneLevelCritical == 0) || !(waterLevel <= 1)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((tmp == 1 && pumpRunning == switchedOnBeforeTS) || !(\old(pumpRunning) == 0)) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || 2 == waterLevel) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-19 08:16:27,907 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/witness.graphml [2022-11-19 08:16:27,907 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-19 08:16:27,908 INFO L158 Benchmark]: Toolchain (without parser) took 66123.73ms. Allocated memory was 111.1MB in the beginning and 564.1MB in the end (delta: 453.0MB). Free memory was 68.6MB in the beginning and 369.9MB in the end (delta: -301.2MB). Peak memory consumption was 150.0MB. Max. memory is 16.1GB. [2022-11-19 08:16:27,908 INFO L158 Benchmark]: CDTParser took 0.25ms. Allocated memory is still 111.1MB. Free memory is still 85.5MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-19 08:16:27,909 INFO L158 Benchmark]: CACSL2BoogieTranslator took 612.20ms. Allocated memory is still 111.1MB. Free memory was 68.4MB in the beginning and 77.4MB in the end (delta: -9.0MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-19 08:16:27,909 INFO L158 Benchmark]: Boogie Procedure Inliner took 70.56ms. Allocated memory is still 111.1MB. Free memory was 77.4MB in the beginning and 74.9MB in the end (delta: 2.5MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-11-19 08:16:27,910 INFO L158 Benchmark]: Boogie Preprocessor took 72.50ms. Allocated memory is still 111.1MB. Free memory was 74.9MB in the beginning and 73.2MB in the end (delta: 1.7MB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-19 08:16:27,910 INFO L158 Benchmark]: RCFGBuilder took 784.53ms. Allocated memory is still 111.1MB. Free memory was 73.2MB in the beginning and 48.0MB in the end (delta: 25.1MB). Peak memory consumption was 25.2MB. Max. memory is 16.1GB. [2022-11-19 08:16:27,911 INFO L158 Benchmark]: TraceAbstraction took 64482.75ms. Allocated memory was 111.1MB in the beginning and 564.1MB in the end (delta: 453.0MB). Free memory was 47.6MB in the beginning and 375.1MB in the end (delta: -327.5MB). Peak memory consumption was 309.5MB. Max. memory is 16.1GB. [2022-11-19 08:16:27,911 INFO L158 Benchmark]: Witness Printer took 92.32ms. Allocated memory is still 564.1MB. Free memory was 375.1MB in the beginning and 369.9MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-11-19 08:16:27,913 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.25ms. Allocated memory is still 111.1MB. Free memory is still 85.5MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 612.20ms. Allocated memory is still 111.1MB. Free memory was 68.4MB in the beginning and 77.4MB in the end (delta: -9.0MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 70.56ms. Allocated memory is still 111.1MB. Free memory was 77.4MB in the beginning and 74.9MB in the end (delta: 2.5MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 72.50ms. Allocated memory is still 111.1MB. Free memory was 74.9MB in the beginning and 73.2MB in the end (delta: 1.7MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 784.53ms. Allocated memory is still 111.1MB. Free memory was 73.2MB in the beginning and 48.0MB in the end (delta: 25.1MB). Peak memory consumption was 25.2MB. Max. memory is 16.1GB. * TraceAbstraction took 64482.75ms. Allocated memory was 111.1MB in the beginning and 564.1MB in the end (delta: 453.0MB). Free memory was 47.6MB in the beginning and 375.1MB in the end (delta: -327.5MB). Peak memory consumption was 309.5MB. Max. memory is 16.1GB. * Witness Printer took 92.32ms. Allocated memory is still 564.1MB. Free memory was 375.1MB in the beginning and 369.9MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 710]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 64 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 64.3s, OverallIterations: 9, TraceHistogramMax: 4, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 10.1s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 21.3s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2012 SdHoareTripleChecker+Valid, 4.9s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1979 mSDsluCounter, 3262 SdHoareTripleChecker+Invalid, 4.0s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2444 mSDsCounter, 1163 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 4520 IncrementalHoareTripleChecker+Invalid, 5683 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1163 mSolverCounterUnsat, 818 mSDtfsCounter, 4520 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 675 GetRequests, 421 SyntacticMatches, 15 SemanticMatches, 239 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5892 ImplicationChecksByTransitivity, 18.7s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=2163occurred in iteration=6, InterpolantAutomatonStates: 151, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.9s AutomataMinimizationTime, 9 MinimizatonAttempts, 445 StatesRemovedByMinimization, 6 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 38 LocationsWithAnnotation, 4117 PreInvPairs, 4721 NumberOfFragments, 2415 HoareAnnotationTreeSize, 4117 FomulaSimplifications, 19625 FormulaSimplificationTreeSizeReduction, 2.7s HoareSimplificationTime, 38 FomulaSimplificationsInter, 105372 FormulaSimplificationTreeSizeReductionInter, 18.3s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 4.5s InterpolantComputationTime, 627 NumberOfCodeBlocks, 627 NumberOfCodeBlocksAsserted, 12 NumberOfCheckSat, 748 ConstructedInterpolants, 0 QuantifiedInterpolants, 2181 SizeOfPredicates, 28 NumberOfNonLiveVariables, 986 ConjunctsInSsa, 68 ConjunctsInUnsatCore, 14 InterpolantComputations, 7 PerfectInterpolantSequences, 237/279 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 820]: Loop Invariant Derived loop invariant: ((((!(methaneLevelCritical == 0) || !(waterLevel <= 1)) || 0 == systemActive) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((tmp == 1 && pumpRunning == switchedOnBeforeTS) || !(\old(pumpRunning) == 0)) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || 2 == waterLevel) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 710]: Loop Invariant Derived loop invariant: (((0 == systemActive || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || 0 == systemActive)) && ((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) - InvariantResult [Line: -1]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 933]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 114]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 193]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && methaneLevelCritical == 0) && tmp == systemActive) && tmp == 1) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: (((((((((!(\old(pumpRunning) == 0) || (2 == waterLevel && waterLevel <= \old(waterLevel))) || 0 == systemActive) || (((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) < 3)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 1 <= waterLevel) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || 0 == systemActive) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == \old(pumpRunning)) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && tmp == waterLevel) && tmp == methaneLevelCritical) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((((!(switchedOnBeforeTS == 0) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && tmp == methaneLevelCritical)) || \old(switchedOnBeforeTS) == 0)) && ((((!(methaneLevelCritical == 0) || (((!(switchedOnBeforeTS == 0) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || 0 == systemActive) || tmp == 2)) && ((((methaneLevelCritical == 0 || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && tmp == waterLevel) && waterLevel <= 1) && tmp == methaneLevelCritical) && 1 <= waterLevel)) || (\old(waterLevel) == waterLevel && tmp == 2))) && (((((!(methaneLevelCritical == 0) || (pumpRunning == \old(pumpRunning) && tmp == waterLevel)) || \old(waterLevel) == waterLevel) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 790]: Loop Invariant Derived loop invariant: ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || ((((pumpRunning == \old(pumpRunning) && !(0 < waterLevel)) && tmp == methaneLevelCritical) && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) && (((((pumpRunning == \old(pumpRunning) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) - InvariantResult [Line: 840]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 67]: Loop Invariant Derived loop invariant: ((((((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning)) || 0 == systemActive) - InvariantResult [Line: 104]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 954]: Loop Invariant Derived loop invariant: (((((2 <= waterLevel && tmp == systemActive) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) || ((((tmp == systemActive && splverifierCounter == 0) && tmp == 1) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS)) || ((((pumpRunning == 0 && tmp == systemActive) && splverifierCounter == 0) && tmp == 1) && waterLevel < 3) - InvariantResult [Line: 735]: Loop Invariant Derived loop invariant: ((((((((((((((!(switchedOnBeforeTS == 0) && pumpRunning == \old(pumpRunning)) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && !(methaneLevelCritical == 0)) && 1 <= waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0)) && ((((methaneLevelCritical == 0 || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && !(methaneLevelCritical == 0)) && 1 <= waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 1 <= waterLevel) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || methaneLevelCritical == 0) || 0 == systemActive) || (((!(switchedOnBeforeTS == 0) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && pumpRunning == 0) && tmp == methaneLevelCritical)) || \old(switchedOnBeforeTS) == 0)) && ((((!(\old(pumpRunning) == 0) || \old(waterLevel) == waterLevel) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || ((((!(switchedOnBeforeTS == 0) && pumpRunning == \old(pumpRunning)) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && tmp == methaneLevelCritical) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) - InvariantResult [Line: 924]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 934]: Loop Invariant Derived loop invariant: ((((((pumpRunning == 0 && tmp == systemActive) && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) || (((((methaneLevelCritical == 0 && waterLevel <= 1) && tmp == systemActive) && splverifierCounter == 0) && tmp == 1) && pumpRunning == switchedOnBeforeTS)) || (((((pumpRunning == 0 && waterLevel <= 1) && tmp == systemActive) && !(methaneLevelCritical == 0)) && splverifierCounter == 0) && tmp == 1)) || (((2 == waterLevel && tmp == systemActive) && splverifierCounter == 0) && tmp == 1) - InvariantResult [Line: 193]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 782]: Loop Invariant Derived loop invariant: (((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 1 <= waterLevel) || 0 == systemActive) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && 1 <= waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel))) || \old(switchedOnBeforeTS) == 0)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || methaneLevelCritical == 0) || 0 == systemActive) || (((!(switchedOnBeforeTS == 0) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && pumpRunning == 0) && tmp == methaneLevelCritical)) || \old(switchedOnBeforeTS) == 0)) && ((((!(\old(pumpRunning) == 0) || \old(waterLevel) == waterLevel) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(methaneLevelCritical == 0)) || (((pumpRunning == \old(pumpRunning) && ((waterLevel + 1 <= \old(waterLevel) || (!(0 < waterLevel) && waterLevel <= \old(waterLevel))) || (pumpRunning == 0 && waterLevel <= \old(waterLevel)))) && tmp == methaneLevelCritical) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || \old(switchedOnBeforeTS) == 0)) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && waterLevel <= \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive)) && ((((!(methaneLevelCritical == 0) || (((pumpRunning == \old(pumpRunning) && tmp == methaneLevelCritical) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive)) && ((((methaneLevelCritical == 0 || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && waterLevel <= 1) && tmp == methaneLevelCritical) && 1 <= waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel) || 0 == systemActive) - InvariantResult [Line: 760]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(methaneLevelCritical == 0) || !(waterLevel <= 1)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) RESULT: Ultimate proved your program to be correct! [2022-11-19 08:16:27,954 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_a8ef5214-5c85-403e-b698-61dafdd01a6e/bin/utaipan-I9t0OCRTmS/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE