./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 8393723b Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/config/TaipanReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/config/svcomp-Reach-32bit-Taipan_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Taipan --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 88f09ec5af0f641c9edfe2f7047937341e46c7f8baabeed0fd38f069cd3b5278 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-8393723 [2022-11-19 08:35:16,033 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-19 08:35:16,035 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-19 08:35:16,060 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-19 08:35:16,061 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-19 08:35:16,062 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-19 08:35:16,064 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-19 08:35:16,066 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-19 08:35:16,068 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-19 08:35:16,070 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-19 08:35:16,071 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-19 08:35:16,072 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-19 08:35:16,073 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-19 08:35:16,074 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-19 08:35:16,076 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-19 08:35:16,077 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-19 08:35:16,078 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-19 08:35:16,080 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-19 08:35:16,082 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-19 08:35:16,084 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-19 08:35:16,086 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-19 08:35:16,088 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-19 08:35:16,090 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-19 08:35:16,091 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-19 08:35:16,095 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-19 08:35:16,096 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-19 08:35:16,097 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-19 08:35:16,098 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-19 08:35:16,099 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-19 08:35:16,100 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-19 08:35:16,101 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-19 08:35:16,102 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-19 08:35:16,103 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-19 08:35:16,104 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-19 08:35:16,105 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-19 08:35:16,106 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-19 08:35:16,107 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-19 08:35:16,107 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-19 08:35:16,108 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-19 08:35:16,109 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-19 08:35:16,110 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-19 08:35:16,111 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/config/svcomp-Reach-32bit-Taipan_Default.epf [2022-11-19 08:35:16,138 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-19 08:35:16,139 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-19 08:35:16,139 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-19 08:35:16,140 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-19 08:35:16,141 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-19 08:35:16,141 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-19 08:35:16,141 INFO L138 SettingsManager]: * User list type=DISABLED [2022-11-19 08:35:16,142 INFO L136 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2022-11-19 08:35:16,142 INFO L138 SettingsManager]: * Explicit value domain=true [2022-11-19 08:35:16,142 INFO L138 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2022-11-19 08:35:16,143 INFO L138 SettingsManager]: * Octagon Domain=false [2022-11-19 08:35:16,143 INFO L138 SettingsManager]: * Abstract domain=CompoundDomain [2022-11-19 08:35:16,143 INFO L138 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2022-11-19 08:35:16,144 INFO L138 SettingsManager]: * Use the RCFG-of-the-future interface=true [2022-11-19 08:35:16,144 INFO L138 SettingsManager]: * Interval Domain=false [2022-11-19 08:35:16,144 INFO L136 SettingsManager]: Preferences of Sifa differ from their defaults: [2022-11-19 08:35:16,145 INFO L138 SettingsManager]: * Call Summarizer=TopInputCallSummarizer [2022-11-19 08:35:16,145 INFO L138 SettingsManager]: * Simplification Technique=POLY_PAC [2022-11-19 08:35:16,146 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-19 08:35:16,146 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-19 08:35:16,147 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-19 08:35:16,147 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-19 08:35:16,147 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-19 08:35:16,148 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-19 08:35:16,148 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-19 08:35:16,148 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-19 08:35:16,149 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-19 08:35:16,149 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-19 08:35:16,150 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-19 08:35:16,150 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-19 08:35:16,150 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-19 08:35:16,151 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-19 08:35:16,151 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-19 08:35:16,151 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-19 08:35:16,152 INFO L138 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2022-11-19 08:35:16,152 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-19 08:35:16,152 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-19 08:35:16,153 INFO L138 SettingsManager]: * Trace refinement strategy=SIFA_TAIPAN [2022-11-19 08:35:16,153 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-19 08:35:16,153 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-19 08:35:16,154 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2022-11-19 08:35:16,154 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Taipan Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 88f09ec5af0f641c9edfe2f7047937341e46c7f8baabeed0fd38f069cd3b5278 [2022-11-19 08:35:16,390 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-19 08:35:16,415 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-19 08:35:16,417 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-19 08:35:16,418 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-19 08:35:16,423 INFO L275 PluginConnector]: CDTParser initialized [2022-11-19 08:35:16,424 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c [2022-11-19 08:35:16,487 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/data/2b2e6a0f2/8681cf51fb4540c79bcb33eabbdca96f/FLAGba21cdc1f [2022-11-19 08:35:17,030 INFO L306 CDTParser]: Found 1 translation units. [2022-11-19 08:35:17,030 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c [2022-11-19 08:35:17,043 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/data/2b2e6a0f2/8681cf51fb4540c79bcb33eabbdca96f/FLAGba21cdc1f [2022-11-19 08:35:17,365 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/data/2b2e6a0f2/8681cf51fb4540c79bcb33eabbdca96f [2022-11-19 08:35:17,368 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-19 08:35:17,369 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-19 08:35:17,373 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-19 08:35:17,374 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-19 08:35:17,378 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-19 08:35:17,378 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:17,381 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@42c834d1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17, skipping insertion in model container [2022-11-19 08:35:17,382 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:17,390 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-19 08:35:17,455 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-19 08:35:17,676 WARN L234 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c[3971,3984] [2022-11-19 08:35:17,758 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-19 08:35:17,772 INFO L203 MainTranslator]: Completed pre-run [2022-11-19 08:35:17,809 WARN L234 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c[3971,3984] [2022-11-19 08:35:17,891 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-19 08:35:17,921 INFO L208 MainTranslator]: Completed translation [2022-11-19 08:35:17,921 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17 WrapperNode [2022-11-19 08:35:17,921 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-19 08:35:17,922 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-19 08:35:17,922 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-19 08:35:17,923 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-19 08:35:17,930 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:17,943 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:17,969 INFO L138 Inliner]: procedures = 59, calls = 106, calls flagged for inlining = 26, calls inlined = 23, statements flattened = 233 [2022-11-19 08:35:17,969 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-19 08:35:17,970 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-19 08:35:17,970 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-19 08:35:17,970 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-19 08:35:17,990 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:17,990 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:17,993 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:17,993 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:18,004 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:18,013 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:18,017 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:18,018 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:18,021 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-19 08:35:18,031 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-19 08:35:18,031 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-19 08:35:18,032 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-19 08:35:18,033 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (1/1) ... [2022-11-19 08:35:18,040 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-19 08:35:18,056 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:35:18,073 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-19 08:35:18,079 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-19 08:35:18,114 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-19 08:35:18,114 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-19 08:35:18,114 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-19 08:35:18,115 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-19 08:35:18,115 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-19 08:35:18,115 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-19 08:35:18,115 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-19 08:35:18,115 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-19 08:35:18,115 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-19 08:35:18,116 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-19 08:35:18,116 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-19 08:35:18,116 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-19 08:35:18,116 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-19 08:35:18,116 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-19 08:35:18,117 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-19 08:35:18,117 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-19 08:35:18,117 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-19 08:35:18,117 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-19 08:35:18,117 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-19 08:35:18,117 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-19 08:35:18,118 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-19 08:35:18,118 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-19 08:35:18,211 INFO L235 CfgBuilder]: Building ICFG [2022-11-19 08:35:18,213 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-19 08:35:18,574 INFO L276 CfgBuilder]: Performing block encoding [2022-11-19 08:35:18,746 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-19 08:35:18,747 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-19 08:35:18,749 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.11 08:35:18 BoogieIcfgContainer [2022-11-19 08:35:18,750 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-19 08:35:18,753 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-19 08:35:18,753 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-19 08:35:18,757 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-19 08:35:18,757 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 19.11 08:35:17" (1/3) ... [2022-11-19 08:35:18,758 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@60494f37 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 19.11 08:35:18, skipping insertion in model container [2022-11-19 08:35:18,758 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 19.11 08:35:17" (2/3) ... [2022-11-19 08:35:18,758 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@60494f37 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 19.11 08:35:18, skipping insertion in model container [2022-11-19 08:35:18,758 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.11 08:35:18" (3/3) ... [2022-11-19 08:35:18,760 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product54.cil.c [2022-11-19 08:35:18,781 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-19 08:35:18,781 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-19 08:35:18,861 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-19 08:35:18,876 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@254c20cd, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-19 08:35:18,877 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-19 08:35:18,880 INFO L276 IsEmpty]: Start isEmpty. Operand has 69 states, 42 states have (on average 1.4285714285714286) internal successors, (60), 52 states have internal predecessors, (60), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-19 08:35:18,888 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-19 08:35:18,888 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:18,889 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:18,889 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:18,894 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:18,894 INFO L85 PathProgramCache]: Analyzing trace with hash -1377510126, now seen corresponding path program 1 times [2022-11-19 08:35:18,901 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:18,901 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [110433471] [2022-11-19 08:35:18,901 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:18,902 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:19,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:19,069 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:35:19,070 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:19,070 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [110433471] [2022-11-19 08:35:19,071 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [110433471] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:19,071 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:19,071 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-19 08:35:19,073 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1931664399] [2022-11-19 08:35:19,074 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:19,078 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-19 08:35:19,078 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:19,106 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-19 08:35:19,107 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-19 08:35:19,109 INFO L87 Difference]: Start difference. First operand has 69 states, 42 states have (on average 1.4285714285714286) internal successors, (60), 52 states have internal predecessors, (60), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) Second operand has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-19 08:35:19,175 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:19,176 INFO L93 Difference]: Finished difference Result 136 states and 185 transitions. [2022-11-19 08:35:19,181 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-19 08:35:19,183 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 21 [2022-11-19 08:35:19,183 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:19,192 INFO L225 Difference]: With dead ends: 136 [2022-11-19 08:35:19,192 INFO L226 Difference]: Without dead ends: 64 [2022-11-19 08:35:19,203 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-19 08:35:19,206 INFO L413 NwaCegarLoop]: 71 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 18 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 71 SdHoareTripleChecker+Invalid, 19 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 18 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:19,207 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 71 Invalid, 19 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 18 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-19 08:35:19,225 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2022-11-19 08:35:19,260 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 64. [2022-11-19 08:35:19,261 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 64 states, 39 states have (on average 1.3333333333333333) internal successors, (52), 48 states have internal predecessors, (52), 16 states have call successors, (16), 9 states have call predecessors, (16), 8 states have return successors, (15), 10 states have call predecessors, (15), 15 states have call successors, (15) [2022-11-19 08:35:19,273 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 83 transitions. [2022-11-19 08:35:19,275 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 83 transitions. Word has length 21 [2022-11-19 08:35:19,275 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:19,275 INFO L495 AbstractCegarLoop]: Abstraction has 64 states and 83 transitions. [2022-11-19 08:35:19,276 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-19 08:35:19,277 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 83 transitions. [2022-11-19 08:35:19,281 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-11-19 08:35:19,281 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:19,282 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:19,282 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-19 08:35:19,282 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:19,284 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:19,284 INFO L85 PathProgramCache]: Analyzing trace with hash -1985979574, now seen corresponding path program 1 times [2022-11-19 08:35:19,284 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:19,285 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [541929010] [2022-11-19 08:35:19,285 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:19,285 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:19,339 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:19,659 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-19 08:35:19,659 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:19,660 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [541929010] [2022-11-19 08:35:19,660 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [541929010] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:19,660 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:19,660 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-19 08:35:19,661 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [731898544] [2022-11-19 08:35:19,661 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:19,662 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-19 08:35:19,662 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:19,663 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-19 08:35:19,663 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-19 08:35:19,663 INFO L87 Difference]: Start difference. First operand 64 states and 83 transitions. Second operand has 6 states, 5 states have (on average 3.8) internal successors, (19), 5 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-19 08:35:19,917 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:19,919 INFO L93 Difference]: Finished difference Result 176 states and 252 transitions. [2022-11-19 08:35:19,920 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-19 08:35:19,920 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 3.8) internal successors, (19), 5 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 24 [2022-11-19 08:35:19,921 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:19,930 INFO L225 Difference]: With dead ends: 176 [2022-11-19 08:35:19,930 INFO L226 Difference]: Without dead ends: 114 [2022-11-19 08:35:19,933 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-19 08:35:19,935 INFO L413 NwaCegarLoop]: 92 mSDtfsCounter, 52 mSDsluCounter, 297 mSDsCounter, 0 mSdLazyCounter, 140 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 53 SdHoareTripleChecker+Valid, 389 SdHoareTripleChecker+Invalid, 148 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 140 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:19,935 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [53 Valid, 389 Invalid, 148 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 140 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-19 08:35:19,936 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 114 states. [2022-11-19 08:35:19,958 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 114 to 110. [2022-11-19 08:35:19,963 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 110 states, 70 states have (on average 1.2571428571428571) internal successors, (88), 78 states have internal predecessors, (88), 24 states have call successors, (24), 17 states have call predecessors, (24), 15 states have return successors, (32), 20 states have call predecessors, (32), 22 states have call successors, (32) [2022-11-19 08:35:19,969 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 110 states to 110 states and 144 transitions. [2022-11-19 08:35:19,970 INFO L78 Accepts]: Start accepts. Automaton has 110 states and 144 transitions. Word has length 24 [2022-11-19 08:35:19,970 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:19,971 INFO L495 AbstractCegarLoop]: Abstraction has 110 states and 144 transitions. [2022-11-19 08:35:19,971 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 3.8) internal successors, (19), 5 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-19 08:35:19,972 INFO L276 IsEmpty]: Start isEmpty. Operand 110 states and 144 transitions. [2022-11-19 08:35:19,978 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-11-19 08:35:19,978 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:19,979 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:19,979 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-19 08:35:19,979 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:19,980 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:19,980 INFO L85 PathProgramCache]: Analyzing trace with hash 998528266, now seen corresponding path program 1 times [2022-11-19 08:35:19,980 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:19,980 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1840603992] [2022-11-19 08:35:19,980 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:19,981 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:19,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:20,066 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:35:20,066 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:20,067 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1840603992] [2022-11-19 08:35:20,067 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1840603992] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:20,067 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:20,067 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-19 08:35:20,067 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1446035141] [2022-11-19 08:35:20,068 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:20,068 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-19 08:35:20,068 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:20,069 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-19 08:35:20,069 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-19 08:35:20,069 INFO L87 Difference]: Start difference. First operand 110 states and 144 transitions. Second operand has 3 states, 3 states have (on average 8.0) internal successors, (24), 3 states have internal predecessors, (24), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-19 08:35:20,109 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:20,109 INFO L93 Difference]: Finished difference Result 176 states and 226 transitions. [2022-11-19 08:35:20,110 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-19 08:35:20,110 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.0) internal successors, (24), 3 states have internal predecessors, (24), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 35 [2022-11-19 08:35:20,110 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:20,111 INFO L225 Difference]: With dead ends: 176 [2022-11-19 08:35:20,111 INFO L226 Difference]: Without dead ends: 94 [2022-11-19 08:35:20,112 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-19 08:35:20,114 INFO L413 NwaCegarLoop]: 57 mSDtfsCounter, 7 mSDsluCounter, 48 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 105 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:20,114 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [10 Valid, 105 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-19 08:35:20,115 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 94 states. [2022-11-19 08:35:20,129 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 94 to 94. [2022-11-19 08:35:20,134 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 94 states, 60 states have (on average 1.2666666666666666) internal successors, (76), 68 states have internal predecessors, (76), 18 states have call successors, (18), 15 states have call predecessors, (18), 15 states have return successors, (24), 16 states have call predecessors, (24), 18 states have call successors, (24) [2022-11-19 08:35:20,136 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 94 states to 94 states and 118 transitions. [2022-11-19 08:35:20,137 INFO L78 Accepts]: Start accepts. Automaton has 94 states and 118 transitions. Word has length 35 [2022-11-19 08:35:20,137 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:20,138 INFO L495 AbstractCegarLoop]: Abstraction has 94 states and 118 transitions. [2022-11-19 08:35:20,138 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.0) internal successors, (24), 3 states have internal predecessors, (24), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-19 08:35:20,138 INFO L276 IsEmpty]: Start isEmpty. Operand 94 states and 118 transitions. [2022-11-19 08:35:20,140 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-11-19 08:35:20,140 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:20,140 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:20,141 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-19 08:35:20,141 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:20,142 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:20,144 INFO L85 PathProgramCache]: Analyzing trace with hash 1279318241, now seen corresponding path program 1 times [2022-11-19 08:35:20,144 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:20,145 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [461630106] [2022-11-19 08:35:20,145 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:20,145 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:20,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:20,530 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:35:20,530 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:20,531 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [461630106] [2022-11-19 08:35:20,531 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [461630106] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:20,532 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:20,533 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-19 08:35:20,533 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [796730080] [2022-11-19 08:35:20,533 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:20,534 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-19 08:35:20,534 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:20,537 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-19 08:35:20,537 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-11-19 08:35:20,538 INFO L87 Difference]: Start difference. First operand 94 states and 118 transitions. Second operand has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-19 08:35:20,762 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:20,762 INFO L93 Difference]: Finished difference Result 273 states and 341 transitions. [2022-11-19 08:35:20,762 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-19 08:35:20,763 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) Word has length 37 [2022-11-19 08:35:20,763 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:20,769 INFO L225 Difference]: With dead ends: 273 [2022-11-19 08:35:20,769 INFO L226 Difference]: Without dead ends: 181 [2022-11-19 08:35:20,770 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=26, Unknown=0, NotChecked=0, Total=42 [2022-11-19 08:35:20,780 INFO L413 NwaCegarLoop]: 91 mSDtfsCounter, 127 mSDsluCounter, 104 mSDsCounter, 0 mSdLazyCounter, 100 mSolverCounterSat, 41 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 128 SdHoareTripleChecker+Valid, 195 SdHoareTripleChecker+Invalid, 141 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 41 IncrementalHoareTripleChecker+Valid, 100 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:20,781 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [128 Valid, 195 Invalid, 141 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [41 Valid, 100 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-19 08:35:20,782 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 181 states. [2022-11-19 08:35:20,821 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 181 to 177. [2022-11-19 08:35:20,822 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 177 states, 112 states have (on average 1.2321428571428572) internal successors, (138), 125 states have internal predecessors, (138), 34 states have call successors, (34), 29 states have call predecessors, (34), 30 states have return successors, (46), 31 states have call predecessors, (46), 34 states have call successors, (46) [2022-11-19 08:35:20,824 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 177 states to 177 states and 218 transitions. [2022-11-19 08:35:20,824 INFO L78 Accepts]: Start accepts. Automaton has 177 states and 218 transitions. Word has length 37 [2022-11-19 08:35:20,825 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:20,825 INFO L495 AbstractCegarLoop]: Abstraction has 177 states and 218 transitions. [2022-11-19 08:35:20,825 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-19 08:35:20,825 INFO L276 IsEmpty]: Start isEmpty. Operand 177 states and 218 transitions. [2022-11-19 08:35:20,827 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-11-19 08:35:20,827 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:20,827 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:20,827 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-19 08:35:20,828 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:20,828 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:20,828 INFO L85 PathProgramCache]: Analyzing trace with hash -637786689, now seen corresponding path program 1 times [2022-11-19 08:35:20,828 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:20,829 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [517533992] [2022-11-19 08:35:20,829 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:20,829 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:20,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:21,211 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-19 08:35:21,212 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:21,212 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [517533992] [2022-11-19 08:35:21,212 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [517533992] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:21,213 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:21,213 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-19 08:35:21,213 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1449467711] [2022-11-19 08:35:21,213 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:21,214 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-19 08:35:21,214 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:21,219 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-19 08:35:21,220 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=39, Unknown=0, NotChecked=0, Total=56 [2022-11-19 08:35:21,220 INFO L87 Difference]: Start difference. First operand 177 states and 218 transitions. Second operand has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-19 08:35:21,884 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:21,884 INFO L93 Difference]: Finished difference Result 413 states and 522 transitions. [2022-11-19 08:35:21,886 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-11-19 08:35:21,886 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Word has length 40 [2022-11-19 08:35:21,887 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:21,889 INFO L225 Difference]: With dead ends: 413 [2022-11-19 08:35:21,889 INFO L226 Difference]: Without dead ends: 291 [2022-11-19 08:35:21,890 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=67, Invalid=143, Unknown=0, NotChecked=0, Total=210 [2022-11-19 08:35:21,891 INFO L413 NwaCegarLoop]: 70 mSDtfsCounter, 206 mSDsluCounter, 179 mSDsCounter, 0 mSdLazyCounter, 384 mSolverCounterSat, 81 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 214 SdHoareTripleChecker+Valid, 249 SdHoareTripleChecker+Invalid, 465 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 81 IncrementalHoareTripleChecker+Valid, 384 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:21,891 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [214 Valid, 249 Invalid, 465 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [81 Valid, 384 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-19 08:35:21,892 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 291 states. [2022-11-19 08:35:21,928 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 291 to 261. [2022-11-19 08:35:21,929 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 261 states, 170 states have (on average 1.2411764705882353) internal successors, (211), 188 states have internal predecessors, (211), 47 states have call successors, (47), 36 states have call predecessors, (47), 43 states have return successors, (66), 48 states have call predecessors, (66), 47 states have call successors, (66) [2022-11-19 08:35:21,930 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 261 states to 261 states and 324 transitions. [2022-11-19 08:35:21,931 INFO L78 Accepts]: Start accepts. Automaton has 261 states and 324 transitions. Word has length 40 [2022-11-19 08:35:21,931 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:21,931 INFO L495 AbstractCegarLoop]: Abstraction has 261 states and 324 transitions. [2022-11-19 08:35:21,932 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-19 08:35:21,932 INFO L276 IsEmpty]: Start isEmpty. Operand 261 states and 324 transitions. [2022-11-19 08:35:21,933 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-19 08:35:21,933 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:21,934 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:21,934 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-19 08:35:21,934 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:21,939 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:21,941 INFO L85 PathProgramCache]: Analyzing trace with hash 1585403647, now seen corresponding path program 1 times [2022-11-19 08:35:21,941 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:21,942 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2074599400] [2022-11-19 08:35:21,942 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:21,942 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:21,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:22,161 INFO L134 CoverageAnalysis]: Checked inductivity of 19 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-11-19 08:35:22,161 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:22,161 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2074599400] [2022-11-19 08:35:22,161 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2074599400] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:22,161 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:22,161 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-19 08:35:22,162 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [70395053] [2022-11-19 08:35:22,162 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:22,162 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-19 08:35:22,162 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:22,163 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-19 08:35:22,163 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-19 08:35:22,163 INFO L87 Difference]: Start difference. First operand 261 states and 324 transitions. Second operand has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-11-19 08:35:22,239 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:22,240 INFO L93 Difference]: Finished difference Result 520 states and 652 transitions. [2022-11-19 08:35:22,240 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-19 08:35:22,240 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 57 [2022-11-19 08:35:22,241 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:22,243 INFO L225 Difference]: With dead ends: 520 [2022-11-19 08:35:22,243 INFO L226 Difference]: Without dead ends: 261 [2022-11-19 08:35:22,244 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-11-19 08:35:22,245 INFO L413 NwaCegarLoop]: 54 mSDtfsCounter, 54 mSDsluCounter, 53 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 55 SdHoareTripleChecker+Valid, 107 SdHoareTripleChecker+Invalid, 36 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:22,245 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [55 Valid, 107 Invalid, 36 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-19 08:35:22,246 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 261 states. [2022-11-19 08:35:22,281 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 261 to 261. [2022-11-19 08:35:22,281 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 261 states, 170 states have (on average 1.2117647058823529) internal successors, (206), 188 states have internal predecessors, (206), 47 states have call successors, (47), 36 states have call predecessors, (47), 43 states have return successors, (66), 48 states have call predecessors, (66), 47 states have call successors, (66) [2022-11-19 08:35:22,283 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 261 states to 261 states and 319 transitions. [2022-11-19 08:35:22,283 INFO L78 Accepts]: Start accepts. Automaton has 261 states and 319 transitions. Word has length 57 [2022-11-19 08:35:22,283 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:22,284 INFO L495 AbstractCegarLoop]: Abstraction has 261 states and 319 transitions. [2022-11-19 08:35:22,284 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-11-19 08:35:22,284 INFO L276 IsEmpty]: Start isEmpty. Operand 261 states and 319 transitions. [2022-11-19 08:35:22,285 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-19 08:35:22,285 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:22,285 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:22,286 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-19 08:35:22,286 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:22,286 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:22,286 INFO L85 PathProgramCache]: Analyzing trace with hash -1087355715, now seen corresponding path program 1 times [2022-11-19 08:35:22,286 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:22,287 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [68906622] [2022-11-19 08:35:22,287 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:22,287 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:22,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:22,362 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 8 proven. 0 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-11-19 08:35:22,362 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:22,362 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [68906622] [2022-11-19 08:35:22,362 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [68906622] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:22,363 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:22,363 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-19 08:35:22,363 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1010701088] [2022-11-19 08:35:22,363 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:22,363 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-19 08:35:22,364 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:22,364 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-19 08:35:22,364 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-19 08:35:22,364 INFO L87 Difference]: Start difference. First operand 261 states and 319 transitions. Second operand has 5 states, 5 states have (on average 7.6) internal successors, (38), 5 states have internal predecessors, (38), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-19 08:35:22,556 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:22,556 INFO L93 Difference]: Finished difference Result 407 states and 499 transitions. [2022-11-19 08:35:22,557 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-19 08:35:22,557 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.6) internal successors, (38), 5 states have internal predecessors, (38), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) Word has length 71 [2022-11-19 08:35:22,558 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:22,559 INFO L225 Difference]: With dead ends: 407 [2022-11-19 08:35:22,559 INFO L226 Difference]: Without dead ends: 267 [2022-11-19 08:35:22,560 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2022-11-19 08:35:22,560 INFO L413 NwaCegarLoop]: 81 mSDtfsCounter, 121 mSDsluCounter, 93 mSDsCounter, 0 mSdLazyCounter, 154 mSolverCounterSat, 54 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 124 SdHoareTripleChecker+Valid, 174 SdHoareTripleChecker+Invalid, 208 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 54 IncrementalHoareTripleChecker+Valid, 154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:22,561 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [124 Valid, 174 Invalid, 208 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [54 Valid, 154 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-19 08:35:22,561 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 267 states. [2022-11-19 08:35:22,596 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 267 to 265. [2022-11-19 08:35:22,597 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 265 states, 172 states have (on average 1.1744186046511629) internal successors, (202), 189 states have internal predecessors, (202), 46 states have call successors, (46), 38 states have call predecessors, (46), 46 states have return successors, (57), 49 states have call predecessors, (57), 46 states have call successors, (57) [2022-11-19 08:35:22,598 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 265 states to 265 states and 305 transitions. [2022-11-19 08:35:22,598 INFO L78 Accepts]: Start accepts. Automaton has 265 states and 305 transitions. Word has length 71 [2022-11-19 08:35:22,599 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:22,599 INFO L495 AbstractCegarLoop]: Abstraction has 265 states and 305 transitions. [2022-11-19 08:35:22,599 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.6) internal successors, (38), 5 states have internal predecessors, (38), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-19 08:35:22,599 INFO L276 IsEmpty]: Start isEmpty. Operand 265 states and 305 transitions. [2022-11-19 08:35:22,600 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 75 [2022-11-19 08:35:22,600 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:22,600 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:22,600 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-19 08:35:22,601 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:22,601 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:22,601 INFO L85 PathProgramCache]: Analyzing trace with hash -1304573635, now seen corresponding path program 1 times [2022-11-19 08:35:22,601 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:22,601 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [844554600] [2022-11-19 08:35:22,602 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:22,602 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:22,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:22,734 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 7 proven. 1 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-11-19 08:35:22,734 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:22,734 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [844554600] [2022-11-19 08:35:22,734 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [844554600] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-19 08:35:22,734 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1311760688] [2022-11-19 08:35:22,734 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:22,735 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:35:22,735 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:35:22,738 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-19 08:35:22,766 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-19 08:35:22,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:22,883 INFO L263 TraceCheckSpWp]: Trace formula consists of 342 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-19 08:35:22,889 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-19 08:35:23,082 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 20 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-19 08:35:23,082 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-19 08:35:23,265 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 13 proven. 8 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2022-11-19 08:35:23,265 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1311760688] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-19 08:35:23,265 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [318012280] [2022-11-19 08:35:23,299 INFO L159 IcfgInterpreter]: Started Sifa with 48 locations of interest [2022-11-19 08:35:23,299 INFO L166 IcfgInterpreter]: Building call graph [2022-11-19 08:35:23,306 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-19 08:35:23,311 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-19 08:35:23,311 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-19 08:35:27,397 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 126 for LOIs [2022-11-19 08:35:27,419 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 29 for LOIs [2022-11-19 08:35:27,708 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__lowWaterSensor with input of size 64 for LOIs [2022-11-19 08:35:28,371 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 57 for LOIs [2022-11-19 08:35:28,461 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 53 for LOIs [2022-11-19 08:35:28,472 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__base with input of size 39 for LOIs [2022-11-19 08:35:28,479 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-19 08:35:37,350 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '5814#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~1#1| ~waterLevel~0) (<= 0 (+ 2147483648 |old(~pumpRunning~0)|)) (= ~head~0.offset 0) (<= 1 ~systemActive~0) (<= |old(~pumpRunning~0)| 2147483647) (<= |#NULL.offset| 0) (= |timeShift_getWaterLevel_~retValue_acc~1#1| |timeShift_getWaterLevel_#res#1|) (<= ~methaneLevelCritical~0 0) (<= 0 ~head~0.base) (<= 0 ~methaneLevelCritical~0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 2147483648)) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 2147483647) (<= ~head~0.base 0) (<= 0 |#NULL.offset|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= |timeShift_getWaterLevel_~retValue_acc~1#1| 2147483647) (<= ~systemActive~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-19 08:35:37,350 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-19 08:35:37,351 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-19 08:35:37,351 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6, 6] total 11 [2022-11-19 08:35:37,351 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1174769807] [2022-11-19 08:35:37,351 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-19 08:35:37,352 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-11-19 08:35:37,352 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:37,353 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-11-19 08:35:37,353 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=217, Invalid=1763, Unknown=0, NotChecked=0, Total=1980 [2022-11-19 08:35:37,354 INFO L87 Difference]: Start difference. First operand 265 states and 305 transitions. Second operand has 11 states, 8 states have (on average 9.625) internal successors, (77), 9 states have internal predecessors, (77), 4 states have call successors, (18), 3 states have call predecessors, (18), 6 states have return successors, (21), 6 states have call predecessors, (21), 4 states have call successors, (21) [2022-11-19 08:35:38,275 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:38,275 INFO L93 Difference]: Finished difference Result 340 states and 396 transitions. [2022-11-19 08:35:38,276 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 22 states. [2022-11-19 08:35:38,276 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 8 states have (on average 9.625) internal successors, (77), 9 states have internal predecessors, (77), 4 states have call successors, (18), 3 states have call predecessors, (18), 6 states have return successors, (21), 6 states have call predecessors, (21), 4 states have call successors, (21) Word has length 74 [2022-11-19 08:35:38,280 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:38,281 INFO L225 Difference]: With dead ends: 340 [2022-11-19 08:35:38,282 INFO L226 Difference]: Without dead ends: 338 [2022-11-19 08:35:38,283 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 243 GetRequests, 171 SyntacticMatches, 15 SemanticMatches, 57 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1256 ImplicationChecksByTransitivity, 9.3s TimeCoverageRelationStatistics Valid=321, Invalid=3101, Unknown=0, NotChecked=0, Total=3422 [2022-11-19 08:35:38,287 INFO L413 NwaCegarLoop]: 147 mSDtfsCounter, 156 mSDsluCounter, 678 mSDsCounter, 0 mSdLazyCounter, 796 mSolverCounterSat, 76 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 162 SdHoareTripleChecker+Valid, 825 SdHoareTripleChecker+Invalid, 872 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 76 IncrementalHoareTripleChecker+Valid, 796 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:38,288 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [162 Valid, 825 Invalid, 872 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [76 Valid, 796 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-11-19 08:35:38,289 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 338 states. [2022-11-19 08:35:38,336 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 338 to 301. [2022-11-19 08:35:38,338 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 301 states, 193 states have (on average 1.16580310880829) internal successors, (225), 215 states have internal predecessors, (225), 54 states have call successors, (54), 46 states have call predecessors, (54), 53 states have return successors, (69), 55 states have call predecessors, (69), 54 states have call successors, (69) [2022-11-19 08:35:38,341 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 301 states to 301 states and 348 transitions. [2022-11-19 08:35:38,341 INFO L78 Accepts]: Start accepts. Automaton has 301 states and 348 transitions. Word has length 74 [2022-11-19 08:35:38,341 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:38,342 INFO L495 AbstractCegarLoop]: Abstraction has 301 states and 348 transitions. [2022-11-19 08:35:38,342 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 8 states have (on average 9.625) internal successors, (77), 9 states have internal predecessors, (77), 4 states have call successors, (18), 3 states have call predecessors, (18), 6 states have return successors, (21), 6 states have call predecessors, (21), 4 states have call successors, (21) [2022-11-19 08:35:38,342 INFO L276 IsEmpty]: Start isEmpty. Operand 301 states and 348 transitions. [2022-11-19 08:35:38,344 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 94 [2022-11-19 08:35:38,345 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:38,345 INFO L195 NwaCegarLoop]: trace histogram [4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:38,362 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-19 08:35:38,555 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:35:38,555 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:38,556 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:38,556 INFO L85 PathProgramCache]: Analyzing trace with hash 167762817, now seen corresponding path program 1 times [2022-11-19 08:35:38,556 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:38,556 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [735617850] [2022-11-19 08:35:38,556 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:38,556 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:38,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:38,706 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 36 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-11-19 08:35:38,706 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:38,707 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [735617850] [2022-11-19 08:35:38,707 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [735617850] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-19 08:35:38,707 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-19 08:35:38,707 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-19 08:35:38,707 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [478555449] [2022-11-19 08:35:38,707 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-19 08:35:38,708 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-19 08:35:38,708 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:38,708 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-19 08:35:38,708 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-19 08:35:38,709 INFO L87 Difference]: Start difference. First operand 301 states and 348 transitions. Second operand has 5 states, 5 states have (on average 10.0) internal successors, (50), 5 states have internal predecessors, (50), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-19 08:35:38,932 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:38,932 INFO L93 Difference]: Finished difference Result 740 states and 866 transitions. [2022-11-19 08:35:38,933 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-19 08:35:38,933 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.0) internal successors, (50), 5 states have internal predecessors, (50), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) Word has length 93 [2022-11-19 08:35:38,933 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:38,937 INFO L225 Difference]: With dead ends: 740 [2022-11-19 08:35:38,937 INFO L226 Difference]: Without dead ends: 551 [2022-11-19 08:35:38,938 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-19 08:35:38,941 INFO L413 NwaCegarLoop]: 107 mSDtfsCounter, 125 mSDsluCounter, 114 mSDsCounter, 0 mSdLazyCounter, 189 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 125 SdHoareTripleChecker+Valid, 221 SdHoareTripleChecker+Invalid, 199 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 189 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:38,942 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [125 Valid, 221 Invalid, 199 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 189 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-19 08:35:38,943 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 551 states. [2022-11-19 08:35:39,008 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 551 to 540. [2022-11-19 08:35:39,009 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 540 states, 349 states have (on average 1.151862464183381) internal successors, (402), 384 states have internal predecessors, (402), 94 states have call successors, (94), 84 states have call predecessors, (94), 96 states have return successors, (118), 99 states have call predecessors, (118), 94 states have call successors, (118) [2022-11-19 08:35:39,012 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 540 states to 540 states and 614 transitions. [2022-11-19 08:35:39,014 INFO L78 Accepts]: Start accepts. Automaton has 540 states and 614 transitions. Word has length 93 [2022-11-19 08:35:39,014 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:39,014 INFO L495 AbstractCegarLoop]: Abstraction has 540 states and 614 transitions. [2022-11-19 08:35:39,015 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 10.0) internal successors, (50), 5 states have internal predecessors, (50), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-19 08:35:39,015 INFO L276 IsEmpty]: Start isEmpty. Operand 540 states and 614 transitions. [2022-11-19 08:35:39,024 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-11-19 08:35:39,025 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:39,025 INFO L195 NwaCegarLoop]: trace histogram [4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:39,025 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-19 08:35:39,025 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:39,026 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:39,026 INFO L85 PathProgramCache]: Analyzing trace with hash 1773303535, now seen corresponding path program 1 times [2022-11-19 08:35:39,026 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:39,026 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1075875637] [2022-11-19 08:35:39,027 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:39,027 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:39,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:39,692 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 43 proven. 10 refuted. 0 times theorem prover too weak. 17 trivial. 0 not checked. [2022-11-19 08:35:39,693 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:39,693 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1075875637] [2022-11-19 08:35:39,693 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1075875637] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-19 08:35:39,693 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [380307783] [2022-11-19 08:35:39,693 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:39,694 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:35:39,694 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:35:39,695 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-19 08:35:39,718 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-19 08:35:39,819 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:39,822 INFO L263 TraceCheckSpWp]: Trace formula consists of 413 conjuncts, 18 conjunts are in the unsatisfiable core [2022-11-19 08:35:39,826 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-19 08:35:40,145 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 63 proven. 3 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-19 08:35:40,146 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-19 08:35:40,553 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 45 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-11-19 08:35:40,553 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [380307783] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-19 08:35:40,554 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [595294908] [2022-11-19 08:35:40,556 INFO L159 IcfgInterpreter]: Started Sifa with 48 locations of interest [2022-11-19 08:35:40,557 INFO L166 IcfgInterpreter]: Building call graph [2022-11-19 08:35:40,557 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-19 08:35:40,557 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-19 08:35:40,557 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-19 08:35:45,271 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 130 for LOIs [2022-11-19 08:35:45,301 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 48 for LOIs [2022-11-19 08:35:46,122 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__lowWaterSensor with input of size 27 for LOIs [2022-11-19 08:35:46,170 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 27 for LOIs [2022-11-19 08:35:46,199 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 23 for LOIs [2022-11-19 08:35:46,201 INFO L197 IcfgInterpreter]: Interpreting procedure changeMethaneLevel with input of size 50 for LOIs [2022-11-19 08:35:46,212 INFO L197 IcfgInterpreter]: Interpreting procedure deactivatePump with input of size 34 for LOIs [2022-11-19 08:35:46,215 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-19 08:35:54,938 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '9479#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (<= ~methaneLevelCritical~0 1) (<= 0 |old(~pumpRunning~0)|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~1#1| ~waterLevel~0) (= ~head~0.offset 0) (<= |old(~pumpRunning~0)| 2147483647) (= 1 ~systemActive~0) (= |timeShift_getWaterLevel_~retValue_acc~1#1| |timeShift_getWaterLevel_#res#1|) (<= 0 ~methaneLevelCritical~0) (<= 0 ~pumpRunning~0) (= ~head~0.base 0) (= |#NULL.offset| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= |timeShift_getWaterLevel_~retValue_acc~1#1| 2147483647) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-19 08:35:54,938 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-19 08:35:54,938 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-19 08:35:54,939 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9, 9] total 24 [2022-11-19 08:35:54,939 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [706174716] [2022-11-19 08:35:54,939 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-19 08:35:54,940 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 24 states [2022-11-19 08:35:54,940 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:35:54,940 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 24 interpolants. [2022-11-19 08:35:54,942 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=330, Invalid=3092, Unknown=0, NotChecked=0, Total=3422 [2022-11-19 08:35:54,942 INFO L87 Difference]: Start difference. First operand 540 states and 614 transitions. Second operand has 24 states, 24 states have (on average 4.5) internal successors, (108), 24 states have internal predecessors, (108), 11 states have call successors, (23), 5 states have call predecessors, (23), 9 states have return successors, (26), 12 states have call predecessors, (26), 11 states have call successors, (26) [2022-11-19 08:35:57,767 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:35:57,767 INFO L93 Difference]: Finished difference Result 1434 states and 1809 transitions. [2022-11-19 08:35:57,768 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 37 states. [2022-11-19 08:35:57,768 INFO L78 Accepts]: Start accepts. Automaton has has 24 states, 24 states have (on average 4.5) internal successors, (108), 24 states have internal predecessors, (108), 11 states have call successors, (23), 5 states have call predecessors, (23), 9 states have return successors, (26), 12 states have call predecessors, (26), 11 states have call successors, (26) Word has length 96 [2022-11-19 08:35:57,768 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:35:57,774 INFO L225 Difference]: With dead ends: 1434 [2022-11-19 08:35:57,774 INFO L226 Difference]: Without dead ends: 884 [2022-11-19 08:35:57,778 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 346 GetRequests, 251 SyntacticMatches, 5 SemanticMatches, 90 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2890 ImplicationChecksByTransitivity, 10.5s TimeCoverageRelationStatistics Valid=792, Invalid=7580, Unknown=0, NotChecked=0, Total=8372 [2022-11-19 08:35:57,779 INFO L413 NwaCegarLoop]: 80 mSDtfsCounter, 469 mSDsluCounter, 518 mSDsCounter, 0 mSdLazyCounter, 1498 mSolverCounterSat, 322 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 471 SdHoareTripleChecker+Valid, 598 SdHoareTripleChecker+Invalid, 1820 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 322 IncrementalHoareTripleChecker+Valid, 1498 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-19 08:35:57,780 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [471 Valid, 598 Invalid, 1820 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [322 Valid, 1498 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2022-11-19 08:35:57,781 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 884 states. [2022-11-19 08:35:57,869 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 884 to 542. [2022-11-19 08:35:57,871 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 542 states, 351 states have (on average 1.1452991452991452) internal successors, (402), 390 states have internal predecessors, (402), 91 states have call successors, (91), 81 states have call predecessors, (91), 99 states have return successors, (122), 99 states have call predecessors, (122), 91 states have call successors, (122) [2022-11-19 08:35:57,874 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 542 states to 542 states and 615 transitions. [2022-11-19 08:35:57,875 INFO L78 Accepts]: Start accepts. Automaton has 542 states and 615 transitions. Word has length 96 [2022-11-19 08:35:57,875 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:35:57,875 INFO L495 AbstractCegarLoop]: Abstraction has 542 states and 615 transitions. [2022-11-19 08:35:57,876 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 24 states, 24 states have (on average 4.5) internal successors, (108), 24 states have internal predecessors, (108), 11 states have call successors, (23), 5 states have call predecessors, (23), 9 states have return successors, (26), 12 states have call predecessors, (26), 11 states have call successors, (26) [2022-11-19 08:35:57,876 INFO L276 IsEmpty]: Start isEmpty. Operand 542 states and 615 transitions. [2022-11-19 08:35:57,878 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2022-11-19 08:35:57,878 INFO L187 NwaCegarLoop]: Found error trace [2022-11-19 08:35:57,879 INFO L195 NwaCegarLoop]: trace histogram [5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:35:57,885 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-19 08:35:58,086 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-19 08:35:58,086 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-19 08:35:58,087 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-19 08:35:58,087 INFO L85 PathProgramCache]: Analyzing trace with hash 333350692, now seen corresponding path program 1 times [2022-11-19 08:35:58,087 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-19 08:35:58,087 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [152272111] [2022-11-19 08:35:58,087 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:58,087 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-19 08:35:58,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:59,004 INFO L134 CoverageAnalysis]: Checked inductivity of 81 backedges. 34 proven. 22 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2022-11-19 08:35:59,004 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-19 08:35:59,004 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [152272111] [2022-11-19 08:35:59,004 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [152272111] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-19 08:35:59,005 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1186563583] [2022-11-19 08:35:59,005 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-19 08:35:59,005 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-19 08:35:59,005 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 [2022-11-19 08:35:59,006 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-19 08:35:59,037 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-19 08:35:59,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-19 08:35:59,152 INFO L263 TraceCheckSpWp]: Trace formula consists of 427 conjuncts, 38 conjunts are in the unsatisfiable core [2022-11-19 08:35:59,156 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-19 08:35:59,624 INFO L134 CoverageAnalysis]: Checked inductivity of 81 backedges. 60 proven. 15 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-11-19 08:35:59,624 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-19 08:36:00,636 INFO L134 CoverageAnalysis]: Checked inductivity of 81 backedges. 51 proven. 5 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2022-11-19 08:36:00,637 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1186563583] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-19 08:36:00,637 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1105690454] [2022-11-19 08:36:00,640 INFO L159 IcfgInterpreter]: Started Sifa with 48 locations of interest [2022-11-19 08:36:00,640 INFO L166 IcfgInterpreter]: Building call graph [2022-11-19 08:36:00,643 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-19 08:36:00,644 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-19 08:36:00,645 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-19 08:36:04,630 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 54 for LOIs [2022-11-19 08:36:04,641 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 31 for LOIs [2022-11-19 08:36:05,094 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__lowWaterSensor with input of size 27 for LOIs [2022-11-19 08:36:05,144 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 27 for LOIs [2022-11-19 08:36:05,169 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 23 for LOIs [2022-11-19 08:36:05,171 INFO L197 IcfgInterpreter]: Interpreting procedure changeMethaneLevel with input of size 50 for LOIs [2022-11-19 08:36:05,180 INFO L197 IcfgInterpreter]: Interpreting procedure deactivatePump with input of size 34 for LOIs [2022-11-19 08:36:05,184 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-19 08:36:11,943 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '13305#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (<= ~methaneLevelCritical~0 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~1#1| ~waterLevel~0) (= ~head~0.offset 0) (= 1 ~systemActive~0) (= |old(~pumpRunning~0)| 0) (= |timeShift_getWaterLevel_~retValue_acc~1#1| |timeShift_getWaterLevel_#res#1|) (<= 0 ~head~0.base) (<= 0 ~methaneLevelCritical~0) (<= ~head~0.base 0) (= |#NULL.offset| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= |timeShift_getWaterLevel_~retValue_acc~1#1| 2147483647) (= ~pumpRunning~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-19 08:36:11,944 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-19 08:36:11,944 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-19 08:36:11,944 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [14, 12, 11] total 29 [2022-11-19 08:36:11,944 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1693616480] [2022-11-19 08:36:11,944 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-19 08:36:11,945 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 29 states [2022-11-19 08:36:11,945 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-19 08:36:11,945 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 29 interpolants. [2022-11-19 08:36:11,947 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=381, Invalid=3525, Unknown=0, NotChecked=0, Total=3906 [2022-11-19 08:36:11,947 INFO L87 Difference]: Start difference. First operand 542 states and 615 transitions. Second operand has 29 states, 28 states have (on average 5.035714285714286) internal successors, (141), 29 states have internal predecessors, (141), 15 states have call successors, (29), 7 states have call predecessors, (29), 12 states have return successors, (31), 16 states have call predecessors, (31), 14 states have call successors, (31) [2022-11-19 08:36:15,321 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-19 08:36:15,322 INFO L93 Difference]: Finished difference Result 1469 states and 1705 transitions. [2022-11-19 08:36:15,322 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 46 states. [2022-11-19 08:36:15,322 INFO L78 Accepts]: Start accepts. Automaton has has 29 states, 28 states have (on average 5.035714285714286) internal successors, (141), 29 states have internal predecessors, (141), 15 states have call successors, (29), 7 states have call predecessors, (29), 12 states have return successors, (31), 16 states have call predecessors, (31), 14 states have call successors, (31) Word has length 101 [2022-11-19 08:36:15,323 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-19 08:36:15,323 INFO L225 Difference]: With dead ends: 1469 [2022-11-19 08:36:15,323 INFO L226 Difference]: Without dead ends: 0 [2022-11-19 08:36:15,329 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 384 GetRequests, 272 SyntacticMatches, 8 SemanticMatches, 104 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4035 ImplicationChecksByTransitivity, 8.7s TimeCoverageRelationStatistics Valid=1113, Invalid=10017, Unknown=0, NotChecked=0, Total=11130 [2022-11-19 08:36:15,330 INFO L413 NwaCegarLoop]: 106 mSDtfsCounter, 1417 mSDsluCounter, 686 mSDsCounter, 0 mSdLazyCounter, 1989 mSolverCounterSat, 1101 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1417 SdHoareTripleChecker+Valid, 792 SdHoareTripleChecker+Invalid, 3090 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1101 IncrementalHoareTripleChecker+Valid, 1989 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-11-19 08:36:15,330 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1417 Valid, 792 Invalid, 3090 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1101 Valid, 1989 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-11-19 08:36:15,330 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-19 08:36:15,331 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-19 08:36:15,331 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-19 08:36:15,331 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-19 08:36:15,331 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 101 [2022-11-19 08:36:15,331 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-19 08:36:15,331 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-19 08:36:15,332 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 29 states, 28 states have (on average 5.035714285714286) internal successors, (141), 29 states have internal predecessors, (141), 15 states have call successors, (29), 7 states have call predecessors, (29), 12 states have return successors, (31), 16 states have call predecessors, (31), 14 states have call successors, (31) [2022-11-19 08:36:15,332 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-19 08:36:15,332 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-19 08:36:15,334 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-19 08:36:15,346 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-11-19 08:36:15,540 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2022-11-19 08:36:15,543 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-19 08:36:35,023 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 450 457) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= ~waterLevel~0 1)) .cse0 .cse1 .cse2 .cse3) (or (not (<= ~waterLevel~0 0)) .cse0 .cse1 .cse2 .cse3))) [2022-11-19 08:36:35,024 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 450 457) no Hoare annotation was computed. [2022-11-19 08:36:35,024 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 357 363) no Hoare annotation was computed. [2022-11-19 08:36:35,024 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 357 363) the Hoare annotation is: true [2022-11-19 08:36:35,024 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 135 146) the Hoare annotation is: (let ((.cse5 (= ~methaneLevelCritical~0 0)) (.cse2 (= |old(~methaneLevelCritical~0)| 0))) (let ((.cse10 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse0 (not (= ~waterLevel~0 1))) (.cse6 (not .cse2)) (.cse1 (not (= ~pumpRunning~0 0))) (.cse11 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse9 (not (< ~waterLevel~0 3))) (.cse7 (not (<= 2 ~waterLevel~0))) (.cse3 (not .cse5)) (.cse8 (not (<= 1 ~pumpRunning~0))) (.cse12 (not (<= ~waterLevel~0 2))) (.cse4 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 (and (or .cse6 .cse7 .cse8 .cse4 .cse9) (or .cse6 .cse10 .cse4 .cse11 .cse9))) (or .cse1 .cse2 .cse7 .cse3 .cse12 .cse4) (or .cse6 .cse1 .cse5 .cse10 .cse4 .cse9) (or .cse1 .cse2 .cse3 .cse10 .cse4 .cse9) (or .cse0 .cse6 .cse1 .cse5 .cse4) (or .cse1 .cse2 .cse3 (not (<= ~waterLevel~0 1)) .cse4 .cse11) (or .cse6 .cse1 .cse5 .cse7 .cse12 .cse4) (or .cse6 .cse1 .cse5 .cse4 .cse11 .cse9) (or .cse2 .cse7 .cse3 .cse8 .cse12 .cse4)))) [2022-11-19 08:36:35,025 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 135 146) no Hoare annotation was computed. [2022-11-19 08:36:35,025 INFO L899 garLoopResultBuilder]: For program point L85(lines 85 91) no Hoare annotation was computed. [2022-11-19 08:36:35,025 INFO L895 garLoopResultBuilder]: At program point L436(line 436) the Hoare annotation is: (let ((.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse3 (not (< |old(~waterLevel~0)| 3))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (and .cse6 (= |old(~waterLevel~0)| ~waterLevel~0) .cse7)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse5 (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse6 (= ~waterLevel~0 1) .cse7)) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 .cse5 .cse1 .cse2 .cse3) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse4 .cse5 .cse1)))) [2022-11-19 08:36:35,026 INFO L895 garLoopResultBuilder]: At program point L436-1(lines 417 441) the Hoare annotation is: (let ((.cse30 (< 0 |old(~waterLevel~0)|)) (.cse4 (= 0 ~systemActive~0)) (.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse15 (not .cse1)) (.cse26 (<= 1 ~pumpRunning~0)) (.cse27 (<= 2 ~waterLevel~0)) (.cse28 (<= ~waterLevel~0 2)) (.cse25 (= |old(~pumpRunning~0)| 0)) (.cse14 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse29 (not .cse4)) (.cse12 (= ~pumpRunning~0 0)) (.cse22 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse30)) (.cse24 (<= 1 ~switchedOnBeforeTS~0)) (.cse23 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse7 (and .cse12 (or (and (not .cse30) .cse22) .cse21) .cse24 .cse23)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse20 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (= ~waterLevel~0 1)) (.cse11 (not (<= 2 |old(~waterLevel~0)|))) (.cse16 (and .cse12 .cse1 .cse25 .cse22 .cse14 .cse29)) (.cse17 (and .cse26 .cse1 .cse27 .cse25 .cse28 .cse22 .cse29)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse6 (not (< |old(~waterLevel~0)| 3))) (.cse3 (and .cse26 .cse27 .cse25 .cse15 .cse28 .cse22 .cse29)) (.cse18 (not (= |old(~waterLevel~0)| 2))) (.cse8 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse19 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not .cse25)) (.cse2 (and .cse12 .cse22 .cse14))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 (and (or .cse8 .cse1 .cse4 .cse5 .cse6) (or .cse1 .cse9 .cse4 .cse10 .cse11))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse4 (and .cse12 .cse13 .cse14)) (or .cse0 .cse15 .cse16 .cse17 .cse18 .cse4) (or .cse8 .cse19 .cse7 (and .cse20 (<= ~waterLevel~0 0) (or .cse21 .cse22) .cse14 .cse23) .cse4 .cse5) (or .cse9 (and .cse12 .cse13 .cse24 .cse23) .cse4 .cse10 (and .cse20 .cse13 .cse14 .cse23) .cse11) (or .cse0 .cse15 .cse16 .cse17 .cse4 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse18 .cse4) (or .cse8 .cse19 .cse0 .cse2 .cse4))))) [2022-11-19 08:36:35,026 INFO L899 garLoopResultBuilder]: For program point L337-2(lines 333 355) no Hoare annotation was computed. [2022-11-19 08:36:35,027 INFO L895 garLoopResultBuilder]: At program point L82(line 82) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0)) (.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse24 (<= ~waterLevel~0 1)) (.cse26 (= |old(~pumpRunning~0)| 0)) (.cse19 (not .cse1)) (.cse10 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse25 (not .cse3)) (.cse20 (= ~pumpRunning~0 0)) (.cse7 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse22 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse9 (< 0 |old(~waterLevel~0)|)) (.cse23 (<= 1 ~switchedOnBeforeTS~0)) (.cse11 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse14 (and .cse20 .cse7 (or (and (not .cse9) .cse22) (and .cse8 .cse9)) .cse23 .cse11)) (.cse2 (and .cse20 .cse7 .cse24 .cse26 .cse19 .cse22 .cse10 .cse25)) (.cse13 (not (= |old(~waterLevel~0)| 1))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse12 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse0 (not .cse26)) (.cse18 (and .cse20 .cse7 .cse1 .cse24 .cse22 .cse10 .cse25)) (.cse5 (not (< |old(~waterLevel~0)| 3))) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse15 (not (<= 1 |old(~pumpRunning~0)|))) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse21 (= ~waterLevel~0 1)) (.cse17 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or (and .cse6 .cse7 .cse8 .cse9 .cse10 .cse11) .cse12 .cse13 .cse14 .cse3 .cse4) (or (and (or .cse12 .cse1 .cse3 .cse4 .cse5) (or .cse1 .cse15 .cse3 .cse16 .cse17)) .cse14) (or .cse0 (not (= |old(~waterLevel~0)| 2)) .cse3) (or .cse12 .cse0 .cse1 .cse2 .cse3 .cse5) (or .cse0 .cse18 .cse19 .cse3 .cse4 .cse5) (or .cse0 .cse13 .cse3 (and .cse20 .cse7 .cse21 .cse10)) (or .cse12 (and .cse20 .cse7 .cse22 .cse23 .cse11) (and .cse6 .cse7 .cse22 .cse10 .cse11) .cse3 (not (<= |old(~waterLevel~0)| 0)) .cse4) (or .cse12 .cse0 .cse18 .cse19 .cse3 .cse5) (or (and .cse6 .cse7 .cse21 .cse10 .cse11) .cse15 .cse3 .cse16 (and .cse20 .cse7 .cse21 .cse23 .cse11) .cse17))))) [2022-11-19 08:36:35,027 INFO L899 garLoopResultBuilder]: For program point L82-1(line 82) no Hoare annotation was computed. [2022-11-19 08:36:35,027 INFO L899 garLoopResultBuilder]: For program point L425(lines 425 433) no Hoare annotation was computed. [2022-11-19 08:36:35,027 INFO L895 garLoopResultBuilder]: At program point L421(lines 421 438) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse13 (= ~pumpRunning~0 0)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse9 (< 0 |old(~waterLevel~0)|))) (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (not (= |old(~waterLevel~0)| 1))) (.cse6 (= ~waterLevel~0 1)) (.cse11 (or .cse13 (and (not .cse9) .cse2) (and .cse8 .cse9))) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse10 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (and .cse13 .cse2 .cse3)) (.cse4 (= 0 ~systemActive~0))) (and (or .cse0 (and .cse1 .cse2 .cse3) .cse4 (not (<= |old(~waterLevel~0)| 0)) .cse5) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= |old(~waterLevel~0)| 2)) (and .cse1 .cse6 .cse3) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse7 (and .cse1 .cse8 .cse9 .cse3) .cse4 .cse5) (or .cse10 (and .cse2 .cse3 .cse11) (not (= |old(~waterLevel~0)| 2)) .cse4) (or .cse10 .cse7 .cse4 (and .cse6 .cse3 .cse11)) (or .cse10 .cse12 .cse4 .cse5 (not (< |old(~waterLevel~0)| 3))) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse10 .cse12 .cse4)))) [2022-11-19 08:36:35,028 INFO L895 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse7 (and .cse10 .cse9 .cse2)) (.cse4 (not (< |old(~waterLevel~0)| 3))) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (and .cse10 .cse9)) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 .cse2 .cse3 .cse4) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse5 .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse6 .cse7 .cse1 .cse4) (or .cse0 (<= 2 ~waterLevel~0) .cse7 .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9 (<= 1 ~switchedOnBeforeTS~0)) .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9) (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse6 (not (= |old(~waterLevel~0)| 1)) (and .cse8 (= ~waterLevel~0 1)) .cse1) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse5 .cse1 .cse3)))) [2022-11-19 08:36:35,028 INFO L895 garLoopResultBuilder]: At program point L67-1(line 67) the Hoare annotation is: (let ((.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~pumpRunning~0 0)) (.cse4 (= |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1| ~pumpRunning~0)) (.cse1 (= 0 ~systemActive~0)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (= ~waterLevel~0 1)) (.cse10 (= ~methaneLevelCritical~0 0))) (let ((.cse12 (not .cse10)) (.cse14 (let ((.cse16 (or .cse6 .cse3)) (.cse17 (not .cse1))) (or (and .cse5 .cse2 .cse16 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse4 .cse17) (and .cse5 .cse2 .cse16 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse17)))) (.cse15 (< ~waterLevel~0 3))) (let ((.cse11 (and .cse12 .cse6 .cse14 .cse15)) (.cse7 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse9 (not (< |old(~waterLevel~0)| 3))) (.cse13 (and .cse10 .cse6 .cse14 .cse15))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 .cse3 .cse4)) (or .cse0 (not (= |old(~waterLevel~0)| 2)) .cse1 (and .cse2 (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2) .cse4)) (or (and .cse5 .cse6 .cse4) (and (or .cse7 .cse1 .cse8 .cse9) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))))) (or .cse0 .cse10 .cse1 .cse8 .cse9 .cse11) (or .cse7 .cse0 .cse10 .cse1 .cse9 .cse11) (or .cse7 .cse0 .cse12 .cse1 .cse9 .cse13) (or .cse0 .cse12 .cse1 .cse8 .cse9 .cse13))))) [2022-11-19 08:36:35,029 INFO L895 garLoopResultBuilder]: At program point L216(line 216) the Hoare annotation is: (let ((.cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse3 (not (< |old(~waterLevel~0)| 3))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse1 .cse2 .cse3) (or .cse0 .cse4 .cse1 .cse3) (or .cse4 (not (= |old(~waterLevel~0)| 2)) .cse1) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse1))) [2022-11-19 08:36:35,029 INFO L895 garLoopResultBuilder]: At program point L344-1(lines 344 350) the Hoare annotation is: (let ((.cse30 (< 0 |old(~waterLevel~0)|)) (.cse4 (= 0 ~systemActive~0)) (.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse15 (not .cse1)) (.cse26 (<= 1 ~pumpRunning~0)) (.cse27 (<= 2 ~waterLevel~0)) (.cse28 (<= ~waterLevel~0 2)) (.cse25 (= |old(~pumpRunning~0)| 0)) (.cse14 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse29 (not .cse4)) (.cse12 (= ~pumpRunning~0 0)) (.cse22 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse30)) (.cse24 (<= 1 ~switchedOnBeforeTS~0)) (.cse23 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse7 (and .cse12 (or (and (not .cse30) .cse22) .cse21) .cse24 .cse23)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse20 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (= ~waterLevel~0 1)) (.cse11 (not (<= 2 |old(~waterLevel~0)|))) (.cse16 (and .cse12 .cse1 .cse25 .cse22 .cse14 .cse29)) (.cse17 (and .cse26 .cse1 .cse27 .cse25 .cse28 .cse22 .cse29)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse6 (not (< |old(~waterLevel~0)| 3))) (.cse3 (and .cse26 .cse27 .cse25 .cse15 .cse28 .cse22 .cse29)) (.cse18 (not (= |old(~waterLevel~0)| 2))) (.cse8 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse19 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not .cse25)) (.cse2 (and .cse12 .cse22 .cse14))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 (and (or .cse8 .cse1 .cse4 .cse5 .cse6) (or .cse1 .cse9 .cse4 .cse10 .cse11))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse4 (and .cse12 .cse13 .cse14)) (or .cse0 .cse15 .cse16 .cse17 .cse18 .cse4) (or .cse8 .cse19 .cse7 (and .cse20 (<= ~waterLevel~0 0) (or .cse21 .cse22) .cse14 .cse23) .cse4 .cse5) (or .cse9 (and .cse12 .cse13 .cse24 .cse23) .cse4 .cse10 (and .cse20 .cse13 .cse14 .cse23) .cse11) (or .cse0 .cse15 .cse16 .cse17 .cse4 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse18 .cse4) (or .cse8 .cse19 .cse0 .cse2 .cse4))))) [2022-11-19 08:36:35,032 INFO L899 garLoopResultBuilder]: For program point L84(lines 84 94) no Hoare annotation was computed. [2022-11-19 08:36:35,032 INFO L899 garLoopResultBuilder]: For program point L80(lines 80 97) no Hoare annotation was computed. [2022-11-19 08:36:35,033 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 330 356) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse7 (and .cse10 .cse9 .cse2)) (.cse4 (not (< |old(~waterLevel~0)| 3))) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (and .cse10 .cse9)) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 .cse2 .cse3 .cse4) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse5 .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse6 .cse7 .cse1 .cse4) (or .cse0 (<= 2 ~waterLevel~0) .cse7 .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9 (<= 1 ~switchedOnBeforeTS~0)) .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9) (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse6 (not (= |old(~waterLevel~0)| 1)) (and .cse8 (= ~waterLevel~0 1)) .cse1) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse5 .cse1 .cse3)))) [2022-11-19 08:36:35,033 INFO L895 garLoopResultBuilder]: At program point L431(line 431) the Hoare annotation is: (let ((.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse8 (not (< |old(~waterLevel~0)| 3))) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0)) (.cse5 (= 0 ~systemActive~0))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) (and .cse1 .cse2 (<= ~waterLevel~0 0) (or (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) (< 0 |old(~waterLevel~0)|)) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse3 .cse4) .cse5 .cse6) (or .cse7 .cse5 .cse6 .cse8) (or .cse0 .cse7 .cse5 .cse8) (or .cse7 (not (= |old(~waterLevel~0)| 2)) .cse5) (or .cse7 (not (= |old(~waterLevel~0)| 1)) .cse5) (or (not (<= 1 |old(~pumpRunning~0)|)) (and .cse1 .cse2 (= ~waterLevel~0 1) .cse3 .cse4) .cse5 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-19 08:36:35,034 INFO L895 garLoopResultBuilder]: At program point L80-1(lines 72 100) the Hoare annotation is: (let ((.cse9 (= 0 ~systemActive~0)) (.cse11 (= ~methaneLevelCritical~0 0))) (let ((.cse20 (not .cse11)) (.cse24 (<= 1 ~pumpRunning~0)) (.cse30 (= |old(~pumpRunning~0)| 0)) (.cse28 (= 2 ~waterLevel~0)) (.cse29 (<= ~waterLevel~0 1)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse31 (not .cse9)) (.cse22 (= ~pumpRunning~0 0)) (.cse1 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse25 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse3 (< 0 |old(~waterLevel~0)|)) (.cse27 (<= 1 ~switchedOnBeforeTS~0)) (.cse5 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse8 (and .cse22 .cse1 (or (and (not .cse3) .cse25) (and .cse2 .cse3)) .cse27 .cse5)) (.cse7 (not (= |old(~waterLevel~0)| 1))) (.cse18 (and .cse22 .cse1 .cse11 .cse29 .cse25 .cse4 .cse31)) (.cse19 (and .cse22 .cse1 .cse28 .cse11 .cse25 .cse4 .cse31)) (.cse21 (and .cse24 .cse1 .cse11 (<= 2 ~waterLevel~0) .cse30 (<= ~waterLevel~0 2) .cse25 .cse31)) (.cse6 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse16 (not .cse30)) (.cse17 (and .cse22 .cse1 .cse29 .cse30 .cse20 .cse25 .cse4 .cse31)) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse12 (not (< |old(~waterLevel~0)| 3))) (.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (not (<= 1 |old(~pumpRunning~0)|))) (.cse14 (not (<= |old(~waterLevel~0)| 2))) (.cse23 (= ~waterLevel~0 1)) (.cse15 (not (<= 2 |old(~waterLevel~0)|)))) (and (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) .cse6 .cse7 .cse8 .cse9 .cse10) (or (and (or .cse6 .cse11 .cse9 .cse10 .cse12) (or .cse11 .cse13 .cse9 .cse14 .cse15)) .cse8) (or .cse6 (not (<= |old(~waterLevel~0)| 1)) .cse16 .cse11 .cse17 .cse9) (or .cse6 .cse16 .cse18 .cse19 .cse20 .cse21 .cse9 .cse12) (or .cse16 .cse7 .cse9 (and .cse22 .cse1 .cse23 .cse4)) (or .cse16 .cse18 .cse19 .cse20 .cse21 .cse9 .cse10 .cse12) (let ((.cse26 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2))) (or .cse16 (and .cse24 .cse25 .cse26) (and .cse22 .cse25 .cse4 .cse26) (not (= |old(~waterLevel~0)| 2)) .cse9)) (or .cse6 (and .cse22 .cse1 .cse25 .cse27 .cse5) (and .cse0 .cse1 .cse25 .cse4 .cse5) .cse9 (not (<= |old(~waterLevel~0)| 0)) .cse10) (or .cse16 (and .cse28 .cse25) .cse11 .cse17 .cse9 .cse10 .cse12) (or (and .cse0 .cse1 .cse23 .cse4 .cse5) .cse13 .cse9 .cse14 (and .cse22 .cse1 .cse23 .cse27 .cse5) .cse15))))) [2022-11-19 08:36:35,034 INFO L895 garLoopResultBuilder]: At program point L427(line 427) the Hoare annotation is: (let ((.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (not (<= 2 |old(~waterLevel~0)|))) (.cse4 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse3 (not (< |old(~waterLevel~0)| 3))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse0 .cse1 .cse3) (or .cse0 (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse5 .cse6 .cse1 .cse7 .cse8) (or (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (let ((.cse9 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse9) (= |old(~waterLevel~0)| ~waterLevel~0)) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse9))) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0)) (and (or .cse4 .cse1 .cse2 .cse3) (or .cse5 .cse1 .cse7 .cse8))) (or .cse4 .cse6 .cse1 .cse2 .cse3) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1))) [2022-11-19 08:36:35,034 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 330 356) no Hoare annotation was computed. [2022-11-19 08:36:35,034 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 216) no Hoare annotation was computed. [2022-11-19 08:36:35,034 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 223 252) no Hoare annotation was computed. [2022-11-19 08:36:35,035 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 223 252) the Hoare annotation is: true [2022-11-19 08:36:35,035 INFO L902 garLoopResultBuilder]: At program point L248(lines 223 252) the Hoare annotation is: true [2022-11-19 08:36:35,035 INFO L899 garLoopResultBuilder]: For program point L244(line 244) no Hoare annotation was computed. [2022-11-19 08:36:35,035 INFO L899 garLoopResultBuilder]: For program point L237(lines 237 241) no Hoare annotation was computed. [2022-11-19 08:36:35,035 INFO L902 garLoopResultBuilder]: At program point L237-1(lines 237 241) the Hoare annotation is: true [2022-11-19 08:36:35,035 INFO L902 garLoopResultBuilder]: At program point L233-2(lines 233 247) the Hoare annotation is: true [2022-11-19 08:36:35,035 INFO L902 garLoopResultBuilder]: At program point L229(line 229) the Hoare annotation is: true [2022-11-19 08:36:35,035 INFO L899 garLoopResultBuilder]: For program point L229-1(line 229) no Hoare annotation was computed. [2022-11-19 08:36:35,035 INFO L895 garLoopResultBuilder]: At program point L609-2(lines 601 614) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (<= 2 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse1 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and (<= 1 ~pumpRunning~0) .cse5 .cse0 .cse6 .cse4)) .cse7) (and .cse8 .cse0 .cse7 (= ~waterLevel~0 1) .cse4) (and .cse8 .cse0 .cse7 .cse2 .cse3 .cse4) (and .cse8 .cse5 .cse0 .cse6 .cse7 .cse4) (and .cse8 .cse0 .cse7 .cse1 .cse2 .cse4))) [2022-11-19 08:36:35,036 INFO L899 garLoopResultBuilder]: For program point L572(lines 571 618) no Hoare annotation was computed. [2022-11-19 08:36:35,036 INFO L895 garLoopResultBuilder]: At program point L593(line 593) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse0 (<= 2 ~waterLevel~0)) (.cse2 (<= ~waterLevel~0 2)) (.cse5 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse7 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse1 .cse3 (= ~waterLevel~0 1) .cse4) (and (= ~methaneLevelCritical~0 0) .cse1 .cse3 .cse6 .cse7 .cse8 .cse4) (and .cse5 .cse1 .cse3 .cse7 .cse8 .cse4) (and .cse5 .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse1 .cse3 .cse6 .cse7 .cse4))) [2022-11-19 08:36:35,036 INFO L902 garLoopResultBuilder]: At program point L622(lines 561 626) the Hoare annotation is: true [2022-11-19 08:36:35,036 INFO L899 garLoopResultBuilder]: For program point L581(lines 581 587) no Hoare annotation was computed. [2022-11-19 08:36:35,036 INFO L899 garLoopResultBuilder]: For program point L581-1(lines 581 587) no Hoare annotation was computed. [2022-11-19 08:36:35,036 INFO L902 garLoopResultBuilder]: At program point ULTIMATE.startENTRY(line -1) the Hoare annotation is: true [2022-11-19 08:36:35,037 INFO L895 garLoopResultBuilder]: At program point L619(lines 570 620) the Hoare annotation is: false [2022-11-19 08:36:35,037 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-19 08:36:35,037 INFO L895 garLoopResultBuilder]: At program point L310(lines 310 317) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_main_~tmp~1#1| 1) (= ~waterLevel~0 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (= 0 ~systemActive~0))) [2022-11-19 08:36:35,037 INFO L902 garLoopResultBuilder]: At program point L310-2(lines 310 317) the Hoare annotation is: true [2022-11-19 08:36:35,037 INFO L899 garLoopResultBuilder]: For program point L591(lines 591 597) no Hoare annotation was computed. [2022-11-19 08:36:35,037 INFO L895 garLoopResultBuilder]: At program point L591-1(lines 591 597) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (<= 2 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse1 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and (<= 1 ~pumpRunning~0) .cse5 .cse0 .cse6 .cse4)) .cse7) (and .cse8 .cse0 .cse7 (= ~waterLevel~0 1) .cse4) (and .cse8 .cse0 .cse7 .cse2 .cse3 .cse4) (and .cse8 .cse5 .cse0 .cse6 .cse7 .cse4) (and .cse8 .cse0 .cse7 .cse1 .cse2 .cse4))) [2022-11-19 08:36:35,038 INFO L895 garLoopResultBuilder]: At program point L616(lines 571 618) the Hoare annotation is: (let ((.cse5 (< ~waterLevel~0 3)) (.cse6 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse3 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse1 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (= 0 ~systemActive~0)))) (or (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse0 (<= ~waterLevel~0 2) .cse1 .cse2) (and .cse3 .cse0 .cse1 (= ~waterLevel~0 1) .cse2) (and (= ~methaneLevelCritical~0 0) .cse0 .cse1 .cse4 .cse5 .cse6 .cse2) (and .cse3 .cse0 .cse1 .cse5 .cse6 .cse2) (and .cse3 (<= ~waterLevel~0 1) .cse0 .cse1 .cse4 .cse2))) [2022-11-19 08:36:35,038 INFO L895 garLoopResultBuilder]: At program point L583(line 583) the Hoare annotation is: (let ((.cse0 (<= 2 ~waterLevel~0)) (.cse2 (<= ~waterLevel~0 2)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse7 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse3 (or (and .cse5 .cse1 (= ~waterLevel~0 1)) (and .cse5 .cse0 .cse1 .cse2)) .cse4) (and (= ~methaneLevelCritical~0 0) .cse1 .cse3 .cse6 .cse7 .cse8 .cse4) (and .cse5 .cse1 .cse3 .cse7 .cse8 .cse4) (and .cse5 .cse1 .cse3 .cse6 .cse7 .cse4))) [2022-11-19 08:36:35,038 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 365 389) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-19 08:36:35,038 INFO L895 garLoopResultBuilder]: At program point L384(line 384) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse4 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse4 .cse1))) [2022-11-19 08:36:35,039 INFO L899 garLoopResultBuilder]: For program point L384-1(lines 365 389) no Hoare annotation was computed. [2022-11-19 08:36:35,039 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 365 389) no Hoare annotation was computed. [2022-11-19 08:36:35,039 INFO L895 garLoopResultBuilder]: At program point L379(line 379) the Hoare annotation is: (let ((.cse0 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (<= ~waterLevel~0 0)) .cse0 .cse1 .cse2 .cse3) (or (not (= ~waterLevel~0 1)) .cse0 .cse1 .cse2 .cse3) (or (not (= |old(~pumpRunning~0)| 0)) (let ((.cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0))) (and (or .cse4 (<= 2 ~waterLevel~0)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (or .cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 1)))) .cse1 (not (< ~waterLevel~0 3)) .cse3))) [2022-11-19 08:36:35,039 INFO L895 garLoopResultBuilder]: At program point L373(lines 373 381) the Hoare annotation is: (let ((.cse0 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (<= ~waterLevel~0 0)) .cse0 .cse1 .cse2 .cse3) (or (not (= ~waterLevel~0 1)) .cse0 .cse1 .cse2 .cse3) (or (not (= |old(~pumpRunning~0)| 0)) (let ((.cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0))) (and (or .cse4 (<= 2 ~waterLevel~0)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (or .cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 1)))) .cse1 (not (< ~waterLevel~0 3)) .cse3))) [2022-11-19 08:36:35,040 INFO L895 garLoopResultBuilder]: At program point L369(lines 369 386) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-19 08:36:35,040 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 123 134) no Hoare annotation was computed. [2022-11-19 08:36:35,040 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 123 134) the Hoare annotation is: (let ((.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (<= 2 |old(~waterLevel~0)|))) (.cse6 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse5 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (= 0 ~systemActive~0)) (.cse7 (not (<= 1 ~switchedOnBeforeTS~0)))) (and (or (and (or .cse0 .cse1 .cse2) (or .cse0 (not (= |old(~waterLevel~0)| 1)))) .cse3 .cse4) (or (not (<= 1 ~pumpRunning~0)) .cse3 .cse4 .cse1 .cse2) (or .cse5 .cse0 .cse6 .cse3 .cse4) (or (not (= ~methaneLevelCritical~0 0)) .cse6 .cse3 .cse4 .cse7 (not (< |old(~waterLevel~0)| 3))) (or .cse5 .cse0 .cse3 .cse4 .cse7))) [2022-11-19 08:36:35,040 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 391 415) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-19 08:36:35,041 INFO L895 garLoopResultBuilder]: At program point L405(line 405) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse4 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse4 .cse1))) [2022-11-19 08:36:35,041 INFO L895 garLoopResultBuilder]: At program point L401(line 401) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse4 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse4 .cse1))) [2022-11-19 08:36:35,041 INFO L899 garLoopResultBuilder]: For program point L399(lines 399 407) no Hoare annotation was computed. [2022-11-19 08:36:35,041 INFO L895 garLoopResultBuilder]: At program point L395(lines 395 412) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-19 08:36:35,041 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 391 415) no Hoare annotation was computed. [2022-11-19 08:36:35,042 INFO L895 garLoopResultBuilder]: At program point L410(line 410) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse1))) [2022-11-19 08:36:35,042 INFO L899 garLoopResultBuilder]: For program point L410-1(lines 391 415) no Hoare annotation was computed. [2022-11-19 08:36:35,042 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 469 477) no Hoare annotation was computed. [2022-11-19 08:36:35,042 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 469 477) the Hoare annotation is: true [2022-11-19 08:36:35,045 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-19 08:36:35,047 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-19 08:36:35,137 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 19.11 08:36:35 BoogieIcfgContainer [2022-11-19 08:36:35,137 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-19 08:36:35,137 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-19 08:36:35,137 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-19 08:36:35,138 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-19 08:36:35,138 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 19.11 08:35:18" (3/4) ... [2022-11-19 08:36:35,148 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-19 08:36:35,153 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-19 08:36:35,155 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-19 08:36:35,155 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-19 08:36:35,155 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-19 08:36:35,155 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-19 08:36:35,155 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-19 08:36:35,156 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-19 08:36:35,156 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-11-19 08:36:35,156 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-19 08:36:35,173 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 56 nodes and edges [2022-11-19 08:36:35,175 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 14 nodes and edges [2022-11-19 08:36:35,175 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-19 08:36:35,176 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-19 08:36:35,176 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-19 08:36:35,208 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && aux-isPumpRunning()-aux == pumpRunning)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((pumpRunning == 0 && 2 <= waterLevel) && waterLevel <= 2) && aux-isPumpRunning()-aux == pumpRunning))) && (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3)) [2022-11-19 08:36:35,210 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) [2022-11-19 08:36:35,211 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || !(\old(waterLevel) == 1)) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive)) && (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) < 3))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || (((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((((!(\old(pumpRunning) == 0) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(pumpRunning) == 0) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && tmp == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == 2)) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(pumpRunning) == 0) || (2 == waterLevel && \old(waterLevel) == waterLevel)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel))) [2022-11-19 08:36:35,212 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || ((\old(waterLevel) == waterLevel && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((waterLevel == 1 && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) [2022-11-19 08:36:35,212 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) [2022-11-19 08:36:35,212 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) [2022-11-19 08:36:35,212 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-19 08:36:35,213 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-19 08:36:35,220 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || (((tmp == 0 || 2 <= waterLevel) && pumpRunning == switchedOnBeforeTS) && (tmp == 0 || tmp == 1))) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-19 08:36:35,290 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/witness.graphml [2022-11-19 08:36:35,290 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-19 08:36:35,291 INFO L158 Benchmark]: Toolchain (without parser) took 77921.81ms. Allocated memory was 146.8MB in the beginning and 685.8MB in the end (delta: 539.0MB). Free memory was 115.4MB in the beginning and 652.6MB in the end (delta: -537.2MB). Peak memory consumption was 406.4MB. Max. memory is 16.1GB. [2022-11-19 08:36:35,291 INFO L158 Benchmark]: CDTParser took 0.30ms. Allocated memory is still 96.5MB. Free memory was 51.3MB in the beginning and 51.2MB in the end (delta: 44.4kB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-19 08:36:35,292 INFO L158 Benchmark]: CACSL2BoogieTranslator took 548.64ms. Allocated memory is still 146.8MB. Free memory was 115.4MB in the beginning and 116.5MB in the end (delta: -1.1MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-11-19 08:36:35,292 INFO L158 Benchmark]: Boogie Procedure Inliner took 46.74ms. Allocated memory is still 146.8MB. Free memory was 116.5MB in the beginning and 113.6MB in the end (delta: 2.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-19 08:36:35,293 INFO L158 Benchmark]: Boogie Preprocessor took 60.85ms. Allocated memory is still 146.8MB. Free memory was 113.6MB in the beginning and 112.3MB in the end (delta: 1.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-19 08:36:35,293 INFO L158 Benchmark]: RCFGBuilder took 718.78ms. Allocated memory is still 146.8MB. Free memory was 111.8MB in the beginning and 84.5MB in the end (delta: 27.3MB). Peak memory consumption was 27.3MB. Max. memory is 16.1GB. [2022-11-19 08:36:35,294 INFO L158 Benchmark]: TraceAbstraction took 76384.10ms. Allocated memory was 146.8MB in the beginning and 685.8MB in the end (delta: 539.0MB). Free memory was 84.0MB in the beginning and 254.4MB in the end (delta: -170.4MB). Peak memory consumption was 378.2MB. Max. memory is 16.1GB. [2022-11-19 08:36:35,295 INFO L158 Benchmark]: Witness Printer took 153.44ms. Allocated memory is still 685.8MB. Free memory was 254.4MB in the beginning and 652.6MB in the end (delta: -398.2MB). Peak memory consumption was 6.5MB. Max. memory is 16.1GB. [2022-11-19 08:36:35,298 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.30ms. Allocated memory is still 96.5MB. Free memory was 51.3MB in the beginning and 51.2MB in the end (delta: 44.4kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 548.64ms. Allocated memory is still 146.8MB. Free memory was 115.4MB in the beginning and 116.5MB in the end (delta: -1.1MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 46.74ms. Allocated memory is still 146.8MB. Free memory was 116.5MB in the beginning and 113.6MB in the end (delta: 2.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 60.85ms. Allocated memory is still 146.8MB. Free memory was 113.6MB in the beginning and 112.3MB in the end (delta: 1.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 718.78ms. Allocated memory is still 146.8MB. Free memory was 111.8MB in the beginning and 84.5MB in the end (delta: 27.3MB). Peak memory consumption was 27.3MB. Max. memory is 16.1GB. * TraceAbstraction took 76384.10ms. Allocated memory was 146.8MB in the beginning and 685.8MB in the end (delta: 539.0MB). Free memory was 84.0MB in the beginning and 254.4MB in the end (delta: -170.4MB). Peak memory consumption was 378.2MB. Max. memory is 16.1GB. * Witness Printer took 153.44ms. Allocated memory is still 685.8MB. Free memory was 254.4MB in the beginning and 652.6MB in the end (delta: -398.2MB). Peak memory consumption was 6.5MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 216]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 69 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 76.2s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 9.1s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 19.5s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2759 SdHoareTripleChecker+Valid, 4.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2734 mSDsluCounter, 3726 SdHoareTripleChecker+Invalid, 3.7s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2770 mSDsCounter, 1697 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 5328 IncrementalHoareTripleChecker+Invalid, 7025 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1697 mSolverCounterUnsat, 956 mSDtfsCounter, 5328 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1043 GetRequests, 724 SyntacticMatches, 28 SemanticMatches, 291 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 8220 ImplicationChecksByTransitivity, 28.9s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=542occurred in iteration=10, InterpolantAutomatonStates: 156, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 11 MinimizatonAttempts, 430 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 42 LocationsWithAnnotation, 1973 PreInvPairs, 2337 NumberOfFragments, 5110 HoareAnnotationTreeSize, 1973 FomulaSimplifications, 14211 FormulaSimplificationTreeSizeReduction, 1.4s HoareSimplificationTime, 42 FomulaSimplificationsInter, 62441 FormulaSimplificationTreeSizeReductionInter, 17.9s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 5.8s InterpolantComputationTime, 920 NumberOfCodeBlocks, 920 NumberOfCodeBlocksAsserted, 14 NumberOfCheckSat, 1174 ConstructedInterpolants, 0 QuantifiedInterpolants, 3226 SizeOfPredicates, 30 NumberOfNonLiveVariables, 1182 ConjunctsInSsa, 64 ConjunctsInUnsatCore, 17 InterpolantComputations, 8 PerfectInterpolantSequences, 594/670 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 223]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 417]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) - InvariantResult [Line: -1]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 310]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 571]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive)) || ((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) && !(0 == systemActive))) || ((((((methaneLevelCritical == 0 && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((pumpRunning == 0 && waterLevel <= 1) && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)) - InvariantResult [Line: 310]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && methaneLevelCritical == 0) && tmp == 1) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive) - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: ((((((((((((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || !(\old(waterLevel) == 1)) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive)) && (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) < 3))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || (((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((((!(\old(pumpRunning) == 0) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(pumpRunning) == 0) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && tmp == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == 2)) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(pumpRunning) == 0) || (2 == waterLevel && \old(waterLevel) == waterLevel)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 570]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 561]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 369]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 67]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && aux-isPumpRunning()-aux == pumpRunning)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((pumpRunning == 0 && 2 <= waterLevel) && waterLevel <= 2) && aux-isPumpRunning()-aux == pumpRunning))) && (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3)) - InvariantResult [Line: 395]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 373]: Loop Invariant Derived loop invariant: (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || (((tmp == 0 || 2 <= waterLevel) && pumpRunning == switchedOnBeforeTS) && (tmp == 0 || tmp == 1))) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 591]: Loop Invariant Derived loop invariant: (((((((((splverifierCounter == 0 && 1 <= switchedOnBeforeTS) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive)) || ((((1 <= pumpRunning && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive))) && tmp == 1) || ((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) && !(0 == systemActive))) || (((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((pumpRunning == 0 && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive))) || (((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) && waterLevel < 3) && !(0 == systemActive)) - InvariantResult [Line: 344]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) - InvariantResult [Line: 421]: Loop Invariant Derived loop invariant: (((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || ((\old(waterLevel) == waterLevel && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((waterLevel == 1 && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) - InvariantResult [Line: 216]: Loop Invariant Derived loop invariant: (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) - InvariantResult [Line: 233]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-11-19 08:36:35,370 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_7c213009-9fde-4622-9268-f91a563a5469/bin/utaipan-I9t0OCRTmS/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE