./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product48.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 6b4ec56b Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/config/TaipanReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product48.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/config/svcomp-Reach-32bit-Taipan_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Taipan --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 96a9f4a5eb48d3a052332271e6f513d6efe176b9f027fc1b42847acbd4831cf9 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-6b4ec56 [2022-11-20 21:07:53,359 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-20 21:07:53,361 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-20 21:07:53,386 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-20 21:07:53,387 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-20 21:07:53,388 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-20 21:07:53,390 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-20 21:07:53,392 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-20 21:07:53,394 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-20 21:07:53,395 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-20 21:07:53,396 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-20 21:07:53,398 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-20 21:07:53,399 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-20 21:07:53,400 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-20 21:07:53,401 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-20 21:07:53,403 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-20 21:07:53,404 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-20 21:07:53,405 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-20 21:07:53,407 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-20 21:07:53,410 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-20 21:07:53,412 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-20 21:07:53,414 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-20 21:07:53,416 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-20 21:07:53,417 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-20 21:07:53,422 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-20 21:07:53,422 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-20 21:07:53,423 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-20 21:07:53,424 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-20 21:07:53,425 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-20 21:07:53,426 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-20 21:07:53,426 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-20 21:07:53,428 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-20 21:07:53,429 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-20 21:07:53,430 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-20 21:07:53,431 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-20 21:07:53,431 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-20 21:07:53,432 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-20 21:07:53,433 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-20 21:07:53,433 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-20 21:07:53,434 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-20 21:07:53,435 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-20 21:07:53,437 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/config/svcomp-Reach-32bit-Taipan_Default.epf [2022-11-20 21:07:53,465 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-20 21:07:53,465 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-20 21:07:53,466 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-20 21:07:53,466 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-20 21:07:53,467 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-20 21:07:53,467 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-20 21:07:53,468 INFO L138 SettingsManager]: * User list type=DISABLED [2022-11-20 21:07:53,468 INFO L136 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2022-11-20 21:07:53,469 INFO L138 SettingsManager]: * Explicit value domain=true [2022-11-20 21:07:53,469 INFO L138 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2022-11-20 21:07:53,469 INFO L138 SettingsManager]: * Octagon Domain=false [2022-11-20 21:07:53,470 INFO L138 SettingsManager]: * Abstract domain=CompoundDomain [2022-11-20 21:07:53,470 INFO L138 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2022-11-20 21:07:53,470 INFO L138 SettingsManager]: * Use the RCFG-of-the-future interface=true [2022-11-20 21:07:53,471 INFO L138 SettingsManager]: * Interval Domain=false [2022-11-20 21:07:53,471 INFO L136 SettingsManager]: Preferences of Sifa differ from their defaults: [2022-11-20 21:07:53,471 INFO L138 SettingsManager]: * Call Summarizer=TopInputCallSummarizer [2022-11-20 21:07:53,472 INFO L138 SettingsManager]: * Simplification Technique=POLY_PAC [2022-11-20 21:07:53,472 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-20 21:07:53,473 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-20 21:07:53,473 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-20 21:07:53,473 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-20 21:07:53,474 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-20 21:07:53,474 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-20 21:07:53,474 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-20 21:07:53,474 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-20 21:07:53,475 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-20 21:07:53,475 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-20 21:07:53,475 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-20 21:07:53,475 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-20 21:07:53,476 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-20 21:07:53,476 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-20 21:07:53,476 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-20 21:07:53,476 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-20 21:07:53,477 INFO L138 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2022-11-20 21:07:53,477 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-20 21:07:53,477 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-20 21:07:53,477 INFO L138 SettingsManager]: * Trace refinement strategy=SIFA_TAIPAN [2022-11-20 21:07:53,478 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-20 21:07:53,478 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-20 21:07:53,478 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2022-11-20 21:07:53,478 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Taipan Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 96a9f4a5eb48d3a052332271e6f513d6efe176b9f027fc1b42847acbd4831cf9 [2022-11-20 21:07:53,834 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-20 21:07:53,874 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-20 21:07:53,878 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-20 21:07:53,879 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-20 21:07:53,880 INFO L275 PluginConnector]: CDTParser initialized [2022-11-20 21:07:53,882 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/../../sv-benchmarks/c/product-lines/minepump_spec5_product48.cil.c [2022-11-20 21:07:57,403 INFO L500 CDTParser]: Created temporary CDT project at NULL [2022-11-20 21:07:57,711 INFO L351 CDTParser]: Found 1 translation units. [2022-11-20 21:07:57,712 INFO L172 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/sv-benchmarks/c/product-lines/minepump_spec5_product48.cil.c [2022-11-20 21:07:57,726 INFO L394 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/data/174ca5b31/406dbf645e2749b1beedb2b67c82eb8a/FLAG1df7379b3 [2022-11-20 21:07:57,753 INFO L402 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/data/174ca5b31/406dbf645e2749b1beedb2b67c82eb8a [2022-11-20 21:07:57,756 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-20 21:07:57,757 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-20 21:07:57,759 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-20 21:07:57,759 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-20 21:07:57,764 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-20 21:07:57,765 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 09:07:57" (1/1) ... [2022-11-20 21:07:57,766 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@ad91a5b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:57, skipping insertion in model container [2022-11-20 21:07:57,767 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 09:07:57" (1/1) ... [2022-11-20 21:07:57,785 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-20 21:07:57,834 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-20 21:07:58,180 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/sv-benchmarks/c/product-lines/minepump_spec5_product48.cil.c[11292,11305] [2022-11-20 21:07:58,234 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 21:07:58,247 INFO L203 MainTranslator]: Completed pre-run [2022-11-20 21:07:58,301 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/sv-benchmarks/c/product-lines/minepump_spec5_product48.cil.c[11292,11305] [2022-11-20 21:07:58,324 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 21:07:58,347 INFO L208 MainTranslator]: Completed translation [2022-11-20 21:07:58,348 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58 WrapperNode [2022-11-20 21:07:58,348 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-20 21:07:58,350 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-20 21:07:58,350 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-20 21:07:58,350 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-20 21:07:58,359 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,375 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,407 INFO L138 Inliner]: procedures = 58, calls = 105, calls flagged for inlining = 25, calls inlined = 22, statements flattened = 214 [2022-11-20 21:07:58,407 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-20 21:07:58,408 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-20 21:07:58,408 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-20 21:07:58,409 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-20 21:07:58,421 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,421 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,424 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,424 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,431 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,437 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,439 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,441 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,444 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-20 21:07:58,445 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-20 21:07:58,445 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-20 21:07:58,446 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-20 21:07:58,447 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (1/1) ... [2022-11-20 21:07:58,455 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-20 21:07:58,470 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 [2022-11-20 21:07:58,487 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-20 21:07:58,520 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-20 21:07:58,551 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-20 21:07:58,551 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-20 21:07:58,552 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-20 21:07:58,552 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-20 21:07:58,552 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-20 21:07:58,552 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-20 21:07:58,553 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-20 21:07:58,553 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-20 21:07:58,553 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-20 21:07:58,553 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__methaneQuery [2022-11-20 21:07:58,554 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__methaneQuery [2022-11-20 21:07:58,554 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-20 21:07:58,554 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-20 21:07:58,554 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2022-11-20 21:07:58,555 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2022-11-20 21:07:58,556 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-20 21:07:58,556 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-20 21:07:58,557 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-20 21:07:58,557 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-20 21:07:58,557 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-20 21:07:58,557 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-20 21:07:58,558 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-20 21:07:58,701 INFO L235 CfgBuilder]: Building ICFG [2022-11-20 21:07:58,704 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-20 21:07:59,161 INFO L276 CfgBuilder]: Performing block encoding [2022-11-20 21:07:59,281 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-20 21:07:59,281 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-20 21:07:59,284 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 09:07:59 BoogieIcfgContainer [2022-11-20 21:07:59,285 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-20 21:07:59,288 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-20 21:07:59,288 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-20 21:07:59,292 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-20 21:07:59,292 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.11 09:07:57" (1/3) ... [2022-11-20 21:07:59,293 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2a7d808f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.11 09:07:59, skipping insertion in model container [2022-11-20 21:07:59,293 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 09:07:58" (2/3) ... [2022-11-20 21:07:59,294 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2a7d808f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.11 09:07:59, skipping insertion in model container [2022-11-20 21:07:59,294 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 09:07:59" (3/3) ... [2022-11-20 21:07:59,296 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product48.cil.c [2022-11-20 21:07:59,320 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-20 21:07:59,320 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-20 21:07:59,380 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-20 21:07:59,388 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@a8c4b92, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-20 21:07:59,388 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-20 21:07:59,393 INFO L276 IsEmpty]: Start isEmpty. Operand has 72 states, 45 states have (on average 1.4222222222222223) internal successors, (64), 54 states have internal predecessors, (64), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 13 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-20 21:07:59,405 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-20 21:07:59,406 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:07:59,407 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:07:59,407 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:07:59,414 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:07:59,415 INFO L85 PathProgramCache]: Analyzing trace with hash 290419434, now seen corresponding path program 1 times [2022-11-20 21:07:59,427 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:07:59,428 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1589073628] [2022-11-20 21:07:59,429 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:07:59,429 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:07:59,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:07:59,730 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-20 21:07:59,731 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:07:59,731 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1589073628] [2022-11-20 21:07:59,732 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1589073628] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 21:07:59,732 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 21:07:59,733 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-20 21:07:59,735 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [468677017] [2022-11-20 21:07:59,738 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 21:07:59,744 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-20 21:07:59,745 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:07:59,815 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-20 21:07:59,816 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-20 21:07:59,819 INFO L87 Difference]: Start difference. First operand has 72 states, 45 states have (on average 1.4222222222222223) internal successors, (64), 54 states have internal predecessors, (64), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 13 states have call predecessors, (16), 16 states have call successors, (16) Second operand has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 21:07:59,931 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:07:59,934 INFO L93 Difference]: Finished difference Result 142 states and 193 transitions. [2022-11-20 21:07:59,935 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-20 21:07:59,937 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 21 [2022-11-20 21:07:59,938 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:07:59,960 INFO L225 Difference]: With dead ends: 142 [2022-11-20 21:07:59,968 INFO L226 Difference]: Without dead ends: 67 [2022-11-20 21:07:59,974 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-20 21:07:59,981 INFO L413 NwaCegarLoop]: 75 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 18 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 75 SdHoareTripleChecker+Invalid, 19 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 18 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 21:07:59,983 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 75 Invalid, 19 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 18 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 21:08:00,004 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2022-11-20 21:08:00,030 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2022-11-20 21:08:00,032 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 67 states, 42 states have (on average 1.3333333333333333) internal successors, (56), 50 states have internal predecessors, (56), 16 states have call successors, (16), 9 states have call predecessors, (16), 8 states have return successors, (15), 12 states have call predecessors, (15), 15 states have call successors, (15) [2022-11-20 21:08:00,035 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 87 transitions. [2022-11-20 21:08:00,037 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 87 transitions. Word has length 21 [2022-11-20 21:08:00,037 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:00,038 INFO L495 AbstractCegarLoop]: Abstraction has 67 states and 87 transitions. [2022-11-20 21:08:00,038 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 21:08:00,038 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 87 transitions. [2022-11-20 21:08:00,041 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2022-11-20 21:08:00,041 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:00,042 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:00,042 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-20 21:08:00,042 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:00,044 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:00,044 INFO L85 PathProgramCache]: Analyzing trace with hash -817408466, now seen corresponding path program 1 times [2022-11-20 21:08:00,044 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:00,045 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [95406134] [2022-11-20 21:08:00,045 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:00,045 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:00,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:00,177 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-20 21:08:00,177 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:00,178 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [95406134] [2022-11-20 21:08:00,178 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [95406134] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 21:08:00,178 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 21:08:00,179 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-20 21:08:00,179 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1816630895] [2022-11-20 21:08:00,179 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 21:08:00,181 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-20 21:08:00,181 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:00,182 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-20 21:08:00,182 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 21:08:00,183 INFO L87 Difference]: Start difference. First operand 67 states and 87 transitions. Second operand has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 21:08:00,252 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:00,253 INFO L93 Difference]: Finished difference Result 106 states and 136 transitions. [2022-11-20 21:08:00,253 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-20 21:08:00,254 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 22 [2022-11-20 21:08:00,254 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:00,256 INFO L225 Difference]: With dead ends: 106 [2022-11-20 21:08:00,256 INFO L226 Difference]: Without dead ends: 59 [2022-11-20 21:08:00,257 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 21:08:00,258 INFO L413 NwaCegarLoop]: 61 mSDtfsCounter, 14 mSDsluCounter, 45 mSDsCounter, 0 mSdLazyCounter, 26 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 106 SdHoareTripleChecker+Invalid, 26 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 26 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:00,259 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [18 Valid, 106 Invalid, 26 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 26 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 21:08:00,261 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 59 states. [2022-11-20 21:08:00,283 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 59 to 59. [2022-11-20 21:08:00,284 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 59 states, 37 states have (on average 1.3513513513513513) internal successors, (50), 45 states have internal predecessors, (50), 13 states have call successors, (13), 8 states have call predecessors, (13), 8 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-11-20 21:08:00,286 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 59 states to 59 states and 76 transitions. [2022-11-20 21:08:00,287 INFO L78 Accepts]: Start accepts. Automaton has 59 states and 76 transitions. Word has length 22 [2022-11-20 21:08:00,287 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:00,287 INFO L495 AbstractCegarLoop]: Abstraction has 59 states and 76 transitions. [2022-11-20 21:08:00,288 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 21:08:00,288 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 76 transitions. [2022-11-20 21:08:00,289 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-11-20 21:08:00,290 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:00,290 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:00,290 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-20 21:08:00,291 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:00,292 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:00,292 INFO L85 PathProgramCache]: Analyzing trace with hash 456387070, now seen corresponding path program 1 times [2022-11-20 21:08:00,292 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:00,293 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2006238472] [2022-11-20 21:08:00,293 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:00,293 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:00,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:00,394 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-20 21:08:00,395 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:00,395 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2006238472] [2022-11-20 21:08:00,396 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2006238472] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 21:08:00,396 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 21:08:00,396 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-20 21:08:00,397 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [427334005] [2022-11-20 21:08:00,397 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 21:08:00,397 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-20 21:08:00,398 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:00,398 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-20 21:08:00,399 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 21:08:00,399 INFO L87 Difference]: Start difference. First operand 59 states and 76 transitions. Second operand has 3 states, 3 states have (on average 6.333333333333333) internal successors, (19), 3 states have internal predecessors, (19), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 21:08:00,485 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:00,485 INFO L93 Difference]: Finished difference Result 173 states and 225 transitions. [2022-11-20 21:08:00,486 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-20 21:08:00,486 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.333333333333333) internal successors, (19), 3 states have internal predecessors, (19), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 25 [2022-11-20 21:08:00,487 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:00,489 INFO L225 Difference]: With dead ends: 173 [2022-11-20 21:08:00,489 INFO L226 Difference]: Without dead ends: 116 [2022-11-20 21:08:00,490 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-20 21:08:00,492 INFO L413 NwaCegarLoop]: 82 mSDtfsCounter, 68 mSDsluCounter, 59 mSDsCounter, 0 mSdLazyCounter, 32 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 141 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 32 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:00,493 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [68 Valid, 141 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 32 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 21:08:00,494 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 116 states. [2022-11-20 21:08:00,515 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 116 to 113. [2022-11-20 21:08:00,516 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 113 states, 70 states have (on average 1.3571428571428572) internal successors, (95), 85 states have internal predecessors, (95), 26 states have call successors, (26), 16 states have call predecessors, (26), 16 states have return successors, (26), 19 states have call predecessors, (26), 26 states have call successors, (26) [2022-11-20 21:08:00,519 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 113 states to 113 states and 147 transitions. [2022-11-20 21:08:00,519 INFO L78 Accepts]: Start accepts. Automaton has 113 states and 147 transitions. Word has length 25 [2022-11-20 21:08:00,520 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:00,520 INFO L495 AbstractCegarLoop]: Abstraction has 113 states and 147 transitions. [2022-11-20 21:08:00,520 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.333333333333333) internal successors, (19), 3 states have internal predecessors, (19), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 21:08:00,520 INFO L276 IsEmpty]: Start isEmpty. Operand 113 states and 147 transitions. [2022-11-20 21:08:00,522 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-11-20 21:08:00,523 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:00,523 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:00,523 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-20 21:08:00,524 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:00,524 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:00,525 INFO L85 PathProgramCache]: Analyzing trace with hash -209325405, now seen corresponding path program 1 times [2022-11-20 21:08:00,525 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:00,525 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1004903850] [2022-11-20 21:08:00,526 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:00,526 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:00,548 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:00,719 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-20 21:08:00,720 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:00,720 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1004903850] [2022-11-20 21:08:00,721 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1004903850] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 21:08:00,721 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 21:08:00,721 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-20 21:08:00,721 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [532242597] [2022-11-20 21:08:00,722 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 21:08:00,722 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-20 21:08:00,722 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:00,723 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-20 21:08:00,723 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-20 21:08:00,724 INFO L87 Difference]: Start difference. First operand 113 states and 147 transitions. Second operand has 6 states, 5 states have (on average 4.6) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 21:08:00,971 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:00,971 INFO L93 Difference]: Finished difference Result 310 states and 411 transitions. [2022-11-20 21:08:00,972 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-20 21:08:00,972 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 4.6) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 28 [2022-11-20 21:08:00,974 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:00,982 INFO L225 Difference]: With dead ends: 310 [2022-11-20 21:08:00,983 INFO L226 Difference]: Without dead ends: 199 [2022-11-20 21:08:00,987 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-20 21:08:00,988 INFO L413 NwaCegarLoop]: 70 mSDtfsCounter, 39 mSDsluCounter, 225 mSDsCounter, 0 mSdLazyCounter, 126 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 40 SdHoareTripleChecker+Valid, 295 SdHoareTripleChecker+Invalid, 134 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 126 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:00,989 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [40 Valid, 295 Invalid, 134 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 126 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-20 21:08:00,990 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 199 states. [2022-11-20 21:08:01,055 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 199 to 190. [2022-11-20 21:08:01,057 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 190 states, 123 states have (on average 1.2926829268292683) internal successors, (159), 138 states have internal predecessors, (159), 36 states have call successors, (36), 30 states have call predecessors, (36), 30 states have return successors, (44), 33 states have call predecessors, (44), 36 states have call successors, (44) [2022-11-20 21:08:01,068 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 190 states to 190 states and 239 transitions. [2022-11-20 21:08:01,068 INFO L78 Accepts]: Start accepts. Automaton has 190 states and 239 transitions. Word has length 28 [2022-11-20 21:08:01,068 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:01,069 INFO L495 AbstractCegarLoop]: Abstraction has 190 states and 239 transitions. [2022-11-20 21:08:01,069 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 4.6) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-20 21:08:01,069 INFO L276 IsEmpty]: Start isEmpty. Operand 190 states and 239 transitions. [2022-11-20 21:08:01,071 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-11-20 21:08:01,071 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:01,071 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:01,072 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-20 21:08:01,072 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:01,072 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:01,073 INFO L85 PathProgramCache]: Analyzing trace with hash 894536872, now seen corresponding path program 1 times [2022-11-20 21:08:01,073 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:01,073 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [713604656] [2022-11-20 21:08:01,073 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:01,074 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:01,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:01,714 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-20 21:08:01,715 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:01,715 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [713604656] [2022-11-20 21:08:01,716 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [713604656] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 21:08:01,717 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 21:08:01,720 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-20 21:08:01,722 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1347646607] [2022-11-20 21:08:01,723 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 21:08:01,724 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-20 21:08:01,725 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:01,726 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-20 21:08:01,728 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2022-11-20 21:08:01,728 INFO L87 Difference]: Start difference. First operand 190 states and 239 transitions. Second operand has 8 states, 8 states have (on average 3.375) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-20 21:08:02,182 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:02,189 INFO L93 Difference]: Finished difference Result 537 states and 681 transitions. [2022-11-20 21:08:02,189 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-20 21:08:02,190 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.375) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) Word has length 37 [2022-11-20 21:08:02,190 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:02,194 INFO L225 Difference]: With dead ends: 537 [2022-11-20 21:08:02,198 INFO L226 Difference]: Without dead ends: 349 [2022-11-20 21:08:02,200 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-11-20 21:08:02,202 INFO L413 NwaCegarLoop]: 107 mSDtfsCounter, 208 mSDsluCounter, 256 mSDsCounter, 0 mSdLazyCounter, 231 mSolverCounterSat, 57 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 209 SdHoareTripleChecker+Valid, 363 SdHoareTripleChecker+Invalid, 288 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 57 IncrementalHoareTripleChecker+Valid, 231 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:02,211 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [209 Valid, 363 Invalid, 288 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [57 Valid, 231 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-20 21:08:02,212 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 349 states. [2022-11-20 21:08:02,307 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 349 to 334. [2022-11-20 21:08:02,314 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 334 states, 220 states have (on average 1.2818181818181817) internal successors, (282), 243 states have internal predecessors, (282), 61 states have call successors, (61), 51 states have call predecessors, (61), 52 states have return successors, (78), 56 states have call predecessors, (78), 61 states have call successors, (78) [2022-11-20 21:08:02,318 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 334 states to 334 states and 421 transitions. [2022-11-20 21:08:02,318 INFO L78 Accepts]: Start accepts. Automaton has 334 states and 421 transitions. Word has length 37 [2022-11-20 21:08:02,319 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:02,319 INFO L495 AbstractCegarLoop]: Abstraction has 334 states and 421 transitions. [2022-11-20 21:08:02,320 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 3.375) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-20 21:08:02,321 INFO L276 IsEmpty]: Start isEmpty. Operand 334 states and 421 transitions. [2022-11-20 21:08:02,328 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-11-20 21:08:02,332 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:02,332 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:02,333 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-20 21:08:02,333 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:02,335 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:02,335 INFO L85 PathProgramCache]: Analyzing trace with hash 1370706086, now seen corresponding path program 1 times [2022-11-20 21:08:02,335 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:02,336 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1584810569] [2022-11-20 21:08:02,336 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:02,336 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:02,360 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:02,824 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-20 21:08:02,825 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:02,826 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1584810569] [2022-11-20 21:08:02,826 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1584810569] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 21:08:02,827 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 21:08:02,827 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-20 21:08:02,827 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1279915728] [2022-11-20 21:08:02,827 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 21:08:02,828 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-20 21:08:02,829 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:02,829 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-20 21:08:02,830 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2022-11-20 21:08:02,830 INFO L87 Difference]: Start difference. First operand 334 states and 421 transitions. Second operand has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-20 21:08:03,726 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:03,726 INFO L93 Difference]: Finished difference Result 842 states and 1085 transitions. [2022-11-20 21:08:03,727 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2022-11-20 21:08:03,727 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Word has length 40 [2022-11-20 21:08:03,728 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:03,757 INFO L225 Difference]: With dead ends: 842 [2022-11-20 21:08:03,757 INFO L226 Difference]: Without dead ends: 584 [2022-11-20 21:08:03,758 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=66, Invalid=174, Unknown=0, NotChecked=0, Total=240 [2022-11-20 21:08:03,767 INFO L413 NwaCegarLoop]: 69 mSDtfsCounter, 231 mSDsluCounter, 209 mSDsCounter, 0 mSdLazyCounter, 409 mSolverCounterSat, 117 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 244 SdHoareTripleChecker+Valid, 278 SdHoareTripleChecker+Invalid, 526 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 117 IncrementalHoareTripleChecker+Valid, 409 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:03,770 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [244 Valid, 278 Invalid, 526 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [117 Valid, 409 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-11-20 21:08:03,773 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 584 states. [2022-11-20 21:08:03,855 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 584 to 542. [2022-11-20 21:08:03,857 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 542 states, 360 states have (on average 1.2805555555555554) internal successors, (461), 398 states have internal predecessors, (461), 98 states have call successors, (98), 74 states have call predecessors, (98), 83 states have return successors, (129), 95 states have call predecessors, (129), 98 states have call successors, (129) [2022-11-20 21:08:03,863 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 542 states to 542 states and 688 transitions. [2022-11-20 21:08:03,864 INFO L78 Accepts]: Start accepts. Automaton has 542 states and 688 transitions. Word has length 40 [2022-11-20 21:08:03,866 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:03,866 INFO L495 AbstractCegarLoop]: Abstraction has 542 states and 688 transitions. [2022-11-20 21:08:03,866 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-20 21:08:03,867 INFO L276 IsEmpty]: Start isEmpty. Operand 542 states and 688 transitions. [2022-11-20 21:08:03,871 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-20 21:08:03,872 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:03,874 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:03,874 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-20 21:08:03,874 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:03,875 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:03,875 INFO L85 PathProgramCache]: Analyzing trace with hash -1785497398, now seen corresponding path program 1 times [2022-11-20 21:08:03,875 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:03,876 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1926284493] [2022-11-20 21:08:03,876 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:03,877 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:03,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:03,947 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 15 proven. 0 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-11-20 21:08:03,947 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:03,947 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1926284493] [2022-11-20 21:08:03,947 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1926284493] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 21:08:03,948 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 21:08:03,948 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-20 21:08:03,948 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1487976932] [2022-11-20 21:08:03,948 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 21:08:03,949 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-20 21:08:03,950 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:03,950 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-20 21:08:03,950 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-20 21:08:03,951 INFO L87 Difference]: Start difference. First operand 542 states and 688 transitions. Second operand has 4 states, 3 states have (on average 15.0) internal successors, (45), 4 states have internal predecessors, (45), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-20 21:08:04,141 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:04,141 INFO L93 Difference]: Finished difference Result 907 states and 1150 transitions. [2022-11-20 21:08:04,142 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-20 21:08:04,142 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 15.0) internal successors, (45), 4 states have internal predecessors, (45), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) Word has length 62 [2022-11-20 21:08:04,142 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:04,144 INFO L225 Difference]: With dead ends: 907 [2022-11-20 21:08:04,145 INFO L226 Difference]: Without dead ends: 367 [2022-11-20 21:08:04,146 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-20 21:08:04,152 INFO L413 NwaCegarLoop]: 85 mSDtfsCounter, 99 mSDsluCounter, 49 mSDsCounter, 0 mSdLazyCounter, 88 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 99 SdHoareTripleChecker+Valid, 134 SdHoareTripleChecker+Invalid, 92 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 88 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:04,152 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [99 Valid, 134 Invalid, 92 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 88 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 21:08:04,154 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 367 states. [2022-11-20 21:08:04,216 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 367 to 361. [2022-11-20 21:08:04,217 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 361 states, 242 states have (on average 1.2603305785123966) internal successors, (305), 268 states have internal predecessors, (305), 64 states have call successors, (64), 50 states have call predecessors, (64), 54 states have return successors, (79), 62 states have call predecessors, (79), 64 states have call successors, (79) [2022-11-20 21:08:04,220 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 361 states to 361 states and 448 transitions. [2022-11-20 21:08:04,221 INFO L78 Accepts]: Start accepts. Automaton has 361 states and 448 transitions. Word has length 62 [2022-11-20 21:08:04,222 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:04,222 INFO L495 AbstractCegarLoop]: Abstraction has 361 states and 448 transitions. [2022-11-20 21:08:04,222 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 15.0) internal successors, (45), 4 states have internal predecessors, (45), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-20 21:08:04,223 INFO L276 IsEmpty]: Start isEmpty. Operand 361 states and 448 transitions. [2022-11-20 21:08:04,225 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 71 [2022-11-20 21:08:04,225 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:04,225 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:04,226 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-20 21:08:04,226 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:04,226 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:04,227 INFO L85 PathProgramCache]: Analyzing trace with hash -1401071438, now seen corresponding path program 1 times [2022-11-20 21:08:04,227 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:04,227 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1270946859] [2022-11-20 21:08:04,227 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:04,227 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:04,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:04,510 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 8 proven. 13 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-11-20 21:08:04,510 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:04,511 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1270946859] [2022-11-20 21:08:04,511 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1270946859] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 21:08:04,511 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1632901237] [2022-11-20 21:08:04,511 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:04,512 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-20 21:08:04,512 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 [2022-11-20 21:08:04,519 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-20 21:08:04,530 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-20 21:08:04,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:04,699 INFO L263 TraceCheckSpWp]: Trace formula consists of 342 conjuncts, 22 conjunts are in the unsatisfiable core [2022-11-20 21:08:04,707 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 21:08:04,962 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 31 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-20 21:08:04,962 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 21:08:05,214 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 16 proven. 1 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-11-20 21:08:05,215 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1632901237] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-20 21:08:05,215 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [1818479864] [2022-11-20 21:08:05,242 INFO L159 IcfgInterpreter]: Started Sifa with 41 locations of interest [2022-11-20 21:08:05,242 INFO L166 IcfgInterpreter]: Building call graph [2022-11-20 21:08:05,247 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-20 21:08:05,254 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-20 21:08:05,255 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-20 21:08:08,199 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 50 for LOIs [2022-11-20 21:08:08,211 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 31 for LOIs [2022-11-20 21:08:08,725 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 43 for LOIs [2022-11-20 21:08:08,733 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 26 for LOIs [2022-11-20 21:08:08,917 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 28 for LOIs [2022-11-20 21:08:08,921 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-20 21:08:15,467 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '7703#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| |timeShift_getWaterLevel_#res#1|) (= |timeShift_getWaterLevel_~retValue_acc~7#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 0)) (<= 0 |old(~switchedOnBeforeTS~0)|) (= ~head~0.offset 0) (<= 1 ~systemActive~0) (<= |#NULL.offset| 0) (<= |old(~switchedOnBeforeTS~0)| 0) (= |old(~pumpRunning~0)| 0) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 1) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| 2)) (<= 2 |old(~waterLevel~0)|) (<= ~methaneLevelCritical~0 0) (<= 0 ~head~0.base) (= |timeShift_getWaterLevel_~retValue_acc~7#1| ~waterLevel~0) (<= 0 ~methaneLevelCritical~0) (<= |timeShift_getWaterLevel_#res#1| 2147483647) (<= 2 |timeShift_getWaterLevel_#res#1|) (<= ~head~0.base 0) (<= 0 |#NULL.offset|) (<= 0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1|) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~pumpRunning~0 1) (<= ~systemActive~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0))' at error location [2022-11-20 21:08:15,468 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-20 21:08:15,468 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-20 21:08:15,468 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 6, 6] total 16 [2022-11-20 21:08:15,468 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [28585117] [2022-11-20 21:08:15,468 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-20 21:08:15,469 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 16 states [2022-11-20 21:08:15,469 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:15,470 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2022-11-20 21:08:15,471 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=287, Invalid=1875, Unknown=0, NotChecked=0, Total=2162 [2022-11-20 21:08:15,471 INFO L87 Difference]: Start difference. First operand 361 states and 448 transitions. Second operand has 16 states, 14 states have (on average 6.285714285714286) internal successors, (88), 15 states have internal predecessors, (88), 7 states have call successors, (19), 4 states have call predecessors, (19), 6 states have return successors, (18), 7 states have call predecessors, (18), 7 states have call successors, (18) [2022-11-20 21:08:23,098 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:23,098 INFO L93 Difference]: Finished difference Result 4417 states and 5683 transitions. [2022-11-20 21:08:23,099 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 134 states. [2022-11-20 21:08:23,099 INFO L78 Accepts]: Start accepts. Automaton has has 16 states, 14 states have (on average 6.285714285714286) internal successors, (88), 15 states have internal predecessors, (88), 7 states have call successors, (19), 4 states have call predecessors, (19), 6 states have return successors, (18), 7 states have call predecessors, (18), 7 states have call successors, (18) Word has length 70 [2022-11-20 21:08:23,099 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:23,115 INFO L225 Difference]: With dead ends: 4417 [2022-11-20 21:08:23,115 INFO L226 Difference]: Without dead ends: 3090 [2022-11-20 21:08:23,128 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 384 GetRequests, 215 SyntacticMatches, 1 SemanticMatches, 168 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 11583 ImplicationChecksByTransitivity, 9.8s TimeCoverageRelationStatistics Valid=2480, Invalid=26250, Unknown=0, NotChecked=0, Total=28730 [2022-11-20 21:08:23,129 INFO L413 NwaCegarLoop]: 497 mSDtfsCounter, 1486 mSDsluCounter, 2691 mSDsCounter, 0 mSdLazyCounter, 4450 mSolverCounterSat, 1548 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1496 SdHoareTripleChecker+Valid, 3188 SdHoareTripleChecker+Invalid, 5998 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.1s SdHoareTripleChecker+Time, 1548 IncrementalHoareTripleChecker+Valid, 4450 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:23,129 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1496 Valid, 3188 Invalid, 5998 Unknown, 0 Unchecked, 0.1s Time], IncrementalHoareTripleChecker [1548 Valid, 4450 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-11-20 21:08:23,133 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 3090 states. [2022-11-20 21:08:23,367 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 3090 to 1883. [2022-11-20 21:08:23,371 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1883 states, 1282 states have (on average 1.2301092043681747) internal successors, (1577), 1394 states have internal predecessors, (1577), 307 states have call successors, (307), 268 states have call predecessors, (307), 293 states have return successors, (409), 300 states have call predecessors, (409), 307 states have call successors, (409) [2022-11-20 21:08:23,380 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1883 states to 1883 states and 2293 transitions. [2022-11-20 21:08:23,381 INFO L78 Accepts]: Start accepts. Automaton has 1883 states and 2293 transitions. Word has length 70 [2022-11-20 21:08:23,381 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:23,382 INFO L495 AbstractCegarLoop]: Abstraction has 1883 states and 2293 transitions. [2022-11-20 21:08:23,382 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 16 states, 14 states have (on average 6.285714285714286) internal successors, (88), 15 states have internal predecessors, (88), 7 states have call successors, (19), 4 states have call predecessors, (19), 6 states have return successors, (18), 7 states have call predecessors, (18), 7 states have call successors, (18) [2022-11-20 21:08:23,382 INFO L276 IsEmpty]: Start isEmpty. Operand 1883 states and 2293 transitions. [2022-11-20 21:08:23,387 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 74 [2022-11-20 21:08:23,388 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:23,388 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:23,397 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-11-20 21:08:23,594 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable7 [2022-11-20 21:08:23,595 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:23,595 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:23,595 INFO L85 PathProgramCache]: Analyzing trace with hash 1642701670, now seen corresponding path program 1 times [2022-11-20 21:08:23,595 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:23,596 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [274861908] [2022-11-20 21:08:23,596 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:23,596 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:23,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:23,894 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 5 proven. 16 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2022-11-20 21:08:23,894 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:23,894 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [274861908] [2022-11-20 21:08:23,894 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [274861908] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 21:08:23,895 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1275039937] [2022-11-20 21:08:23,895 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:23,895 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-20 21:08:23,895 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 [2022-11-20 21:08:23,896 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-20 21:08:23,925 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-20 21:08:24,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:24,010 INFO L263 TraceCheckSpWp]: Trace formula consists of 331 conjuncts, 13 conjunts are in the unsatisfiable core [2022-11-20 21:08:24,013 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 21:08:24,089 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 16 proven. 1 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-11-20 21:08:24,089 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 21:08:24,232 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 7 proven. 1 refuted. 0 times theorem prover too weak. 20 trivial. 0 not checked. [2022-11-20 21:08:24,233 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1275039937] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-20 21:08:24,247 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [287653215] [2022-11-20 21:08:24,249 INFO L159 IcfgInterpreter]: Started Sifa with 48 locations of interest [2022-11-20 21:08:24,250 INFO L166 IcfgInterpreter]: Building call graph [2022-11-20 21:08:24,250 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-20 21:08:24,251 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-20 21:08:24,251 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-20 21:08:28,353 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 50 for LOIs [2022-11-20 21:08:28,362 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 34 for LOIs [2022-11-20 21:08:28,892 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 53 for LOIs [2022-11-20 21:08:28,904 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 34 for LOIs [2022-11-20 21:08:29,126 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 60 for LOIs [2022-11-20 21:08:29,141 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__base with input of size 32 for LOIs [2022-11-20 21:08:29,143 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-20 21:08:36,577 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '18053#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| |timeShift_getWaterLevel_#res#1|) (= |timeShift_getWaterLevel_~retValue_acc~7#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 0)) (= ~methaneLevelCritical~0 0) (<= 0 (+ 2147483648 |old(~pumpRunning~0)|)) (= ~head~0.offset 0) (<= |old(~switchedOnBeforeTS~0)| 2147483647) (<= |old(~pumpRunning~0)| 2147483647) (= 1 ~systemActive~0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| 2)) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1|) (<= 0 (+ |old(~switchedOnBeforeTS~0)| 2147483648)) (= |timeShift_getWaterLevel_~retValue_acc~7#1| ~waterLevel~0) (<= |timeShift_getWaterLevel_#res#1| 2147483647) (= ~head~0.base 0) (= |#NULL.offset| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 2147483648)) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 2147483647) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= 0 (+ |timeShift_getWaterLevel_~retValue_acc~7#1| 2147483648)) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0))' at error location [2022-11-20 21:08:36,579 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-20 21:08:36,579 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-20 21:08:36,579 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 6, 6] total 18 [2022-11-20 21:08:36,579 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [563215740] [2022-11-20 21:08:36,580 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-20 21:08:36,580 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 18 states [2022-11-20 21:08:36,580 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:36,581 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 18 interpolants. [2022-11-20 21:08:36,582 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=378, Invalid=2484, Unknown=0, NotChecked=0, Total=2862 [2022-11-20 21:08:36,582 INFO L87 Difference]: Start difference. First operand 1883 states and 2293 transitions. Second operand has 18 states, 14 states have (on average 5.714285714285714) internal successors, (80), 14 states have internal predecessors, (80), 6 states have call successors, (18), 3 states have call predecessors, (18), 7 states have return successors, (20), 9 states have call predecessors, (20), 6 states have call successors, (20) [2022-11-20 21:08:41,637 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:08:41,638 INFO L93 Difference]: Finished difference Result 4928 states and 6200 transitions. [2022-11-20 21:08:41,638 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 118 states. [2022-11-20 21:08:41,639 INFO L78 Accepts]: Start accepts. Automaton has has 18 states, 14 states have (on average 5.714285714285714) internal successors, (80), 14 states have internal predecessors, (80), 6 states have call successors, (18), 3 states have call predecessors, (18), 7 states have return successors, (20), 9 states have call predecessors, (20), 6 states have call successors, (20) Word has length 73 [2022-11-20 21:08:41,639 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:08:41,703 INFO L225 Difference]: With dead ends: 4928 [2022-11-20 21:08:41,704 INFO L226 Difference]: Without dead ends: 3975 [2022-11-20 21:08:41,715 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 370 GetRequests, 202 SyntacticMatches, 5 SemanticMatches, 163 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10844 ImplicationChecksByTransitivity, 10.1s TimeCoverageRelationStatistics Valid=2243, Invalid=24817, Unknown=0, NotChecked=0, Total=27060 [2022-11-20 21:08:41,717 INFO L413 NwaCegarLoop]: 326 mSDtfsCounter, 1053 mSDsluCounter, 1562 mSDsCounter, 0 mSdLazyCounter, 2794 mSolverCounterSat, 870 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1064 SdHoareTripleChecker+Valid, 1888 SdHoareTripleChecker+Invalid, 3664 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 870 IncrementalHoareTripleChecker+Valid, 2794 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-11-20 21:08:41,721 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1064 Valid, 1888 Invalid, 3664 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [870 Valid, 2794 Invalid, 0 Unknown, 0 Unchecked, 2.0s Time] [2022-11-20 21:08:41,725 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 3975 states. [2022-11-20 21:08:42,038 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 3975 to 2911. [2022-11-20 21:08:42,043 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2911 states, 1982 states have (on average 1.2285570131180625) internal successors, (2435), 2163 states have internal predecessors, (2435), 477 states have call successors, (477), 414 states have call predecessors, (477), 451 states have return successors, (681), 448 states have call predecessors, (681), 477 states have call successors, (681) [2022-11-20 21:08:42,054 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2911 states to 2911 states and 3593 transitions. [2022-11-20 21:08:42,055 INFO L78 Accepts]: Start accepts. Automaton has 2911 states and 3593 transitions. Word has length 73 [2022-11-20 21:08:42,056 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:08:42,056 INFO L495 AbstractCegarLoop]: Abstraction has 2911 states and 3593 transitions. [2022-11-20 21:08:42,056 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 18 states, 14 states have (on average 5.714285714285714) internal successors, (80), 14 states have internal predecessors, (80), 6 states have call successors, (18), 3 states have call predecessors, (18), 7 states have return successors, (20), 9 states have call predecessors, (20), 6 states have call successors, (20) [2022-11-20 21:08:42,056 INFO L276 IsEmpty]: Start isEmpty. Operand 2911 states and 3593 transitions. [2022-11-20 21:08:42,061 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 104 [2022-11-20 21:08:42,061 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 21:08:42,062 INFO L195 NwaCegarLoop]: trace histogram [5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:08:42,080 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-20 21:08:42,268 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-20 21:08:42,269 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-20 21:08:42,270 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 21:08:42,270 INFO L85 PathProgramCache]: Analyzing trace with hash 977576474, now seen corresponding path program 1 times [2022-11-20 21:08:42,270 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-20 21:08:42,270 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2099574145] [2022-11-20 21:08:42,270 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:42,271 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-20 21:08:42,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:42,416 INFO L134 CoverageAnalysis]: Checked inductivity of 87 backedges. 42 proven. 1 refuted. 0 times theorem prover too weak. 44 trivial. 0 not checked. [2022-11-20 21:08:42,417 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-20 21:08:42,417 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2099574145] [2022-11-20 21:08:42,417 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2099574145] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 21:08:42,417 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [566871266] [2022-11-20 21:08:42,417 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 21:08:42,418 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-20 21:08:42,418 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 [2022-11-20 21:08:42,419 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-20 21:08:42,435 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-20 21:08:42,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 21:08:42,545 INFO L263 TraceCheckSpWp]: Trace formula consists of 448 conjuncts, 34 conjunts are in the unsatisfiable core [2022-11-20 21:08:42,550 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 21:08:42,979 INFO L134 CoverageAnalysis]: Checked inductivity of 87 backedges. 43 proven. 42 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-20 21:08:42,980 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 21:08:43,788 INFO L134 CoverageAnalysis]: Checked inductivity of 87 backedges. 54 proven. 5 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-11-20 21:08:43,788 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [566871266] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-20 21:08:43,788 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [972298607] [2022-11-20 21:08:43,791 INFO L159 IcfgInterpreter]: Started Sifa with 47 locations of interest [2022-11-20 21:08:43,791 INFO L166 IcfgInterpreter]: Building call graph [2022-11-20 21:08:43,791 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-20 21:08:43,792 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-20 21:08:43,792 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-20 21:08:45,709 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 43 for LOIs [2022-11-20 21:08:45,717 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 30 for LOIs [2022-11-20 21:08:46,051 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 42 for LOIs [2022-11-20 21:08:46,058 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__methaneQuery with input of size 29 for LOIs [2022-11-20 21:08:46,171 INFO L197 IcfgInterpreter]: Interpreting procedure isMethaneAlarm with input of size 58 for LOIs [2022-11-20 21:08:46,185 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-20 21:08:52,187 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '30944#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| |timeShift_getWaterLevel_#res#1|) (= |timeShift_getWaterLevel_~retValue_acc~7#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 0)) (<= 0 |old(~pumpRunning~0)|) (= ~head~0.offset 0) (= 1 ~systemActive~0) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1| 1) (<= |old(~pumpRunning~0)| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| 2)) (<= 2 |old(~waterLevel~0)|) (<= ~methaneLevelCritical~0 0) (<= 0 ~head~0.base) (= |timeShift_getWaterLevel_~retValue_acc~7#1| ~waterLevel~0) (<= 0 ~methaneLevelCritical~0) (<= |timeShift_getWaterLevel_#res#1| 2147483647) (<= 2 |timeShift_getWaterLevel_#res#1|) (<= ~head~0.base 0) (= |#NULL.offset| 0) (<= 0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~2#1|) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (= ~pumpRunning~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0))' at error location [2022-11-20 21:08:52,187 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-20 21:08:52,187 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-20 21:08:52,188 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 13, 11] total 26 [2022-11-20 21:08:52,188 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1798097462] [2022-11-20 21:08:52,191 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-20 21:08:52,193 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 26 states [2022-11-20 21:08:52,193 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-20 21:08:52,194 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2022-11-20 21:08:52,194 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=400, Invalid=3022, Unknown=0, NotChecked=0, Total=3422 [2022-11-20 21:08:52,195 INFO L87 Difference]: Start difference. First operand 2911 states and 3593 transitions. Second operand has 26 states, 25 states have (on average 6.16) internal successors, (154), 25 states have internal predecessors, (154), 14 states have call successors, (37), 6 states have call predecessors, (37), 11 states have return successors, (35), 15 states have call predecessors, (35), 13 states have call successors, (35) [2022-11-20 21:09:01,238 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 21:09:01,239 INFO L93 Difference]: Finished difference Result 10655 states and 13681 transitions. [2022-11-20 21:09:01,239 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 132 states. [2022-11-20 21:09:01,239 INFO L78 Accepts]: Start accepts. Automaton has has 26 states, 25 states have (on average 6.16) internal successors, (154), 25 states have internal predecessors, (154), 14 states have call successors, (37), 6 states have call predecessors, (37), 11 states have return successors, (35), 15 states have call predecessors, (35), 13 states have call successors, (35) Word has length 103 [2022-11-20 21:09:01,240 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 21:09:01,243 INFO L225 Difference]: With dead ends: 10655 [2022-11-20 21:09:01,243 INFO L226 Difference]: Without dead ends: 0 [2022-11-20 21:09:01,271 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 525 GetRequests, 332 SyntacticMatches, 6 SemanticMatches, 187 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 13715 ImplicationChecksByTransitivity, 10.8s TimeCoverageRelationStatistics Valid=3452, Invalid=32080, Unknown=0, NotChecked=0, Total=35532 [2022-11-20 21:09:01,272 INFO L413 NwaCegarLoop]: 180 mSDtfsCounter, 1858 mSDsluCounter, 1556 mSDsCounter, 0 mSdLazyCounter, 5022 mSolverCounterSat, 1513 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1858 SdHoareTripleChecker+Valid, 1736 SdHoareTripleChecker+Invalid, 6535 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1513 IncrementalHoareTripleChecker+Valid, 5022 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.4s IncrementalHoareTripleChecker+Time [2022-11-20 21:09:01,272 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1858 Valid, 1736 Invalid, 6535 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1513 Valid, 5022 Invalid, 0 Unknown, 0 Unchecked, 3.4s Time] [2022-11-20 21:09:01,273 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-20 21:09:01,273 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-20 21:09:01,273 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-20 21:09:01,274 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-20 21:09:01,275 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 103 [2022-11-20 21:09:01,275 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 21:09:01,275 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-20 21:09:01,276 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 26 states, 25 states have (on average 6.16) internal successors, (154), 25 states have internal predecessors, (154), 14 states have call successors, (37), 6 states have call predecessors, (37), 11 states have return successors, (35), 15 states have call predecessors, (35), 13 states have call successors, (35) [2022-11-20 21:09:01,276 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-20 21:09:01,276 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-20 21:09:01,279 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-20 21:09:01,287 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-11-20 21:09:01,485 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-20 21:09:01,486 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-20 21:09:13,972 WARN L233 SmtUtils]: Spent 8.21s on a formula simplification. DAG size of input: 421 DAG size of output: 417 (called from [L 182] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.or) [2022-11-20 21:09:36,374 WARN L233 SmtUtils]: Spent 11.68s on a formula simplification. DAG size of input: 618 DAG size of output: 395 (called from [L 182] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.or) [2022-11-20 21:09:54,252 WARN L233 SmtUtils]: Spent 5.53s on a formula simplification. DAG size of input: 740 DAG size of output: 67 (called from [L 149] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.combineInter) [2022-11-20 21:10:05,205 WARN L233 SmtUtils]: Spent 6.13s on a formula simplification. DAG size of input: 633 DAG size of output: 73 (called from [L 149] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.combineInter) [2022-11-20 21:10:23,190 WARN L233 SmtUtils]: Spent 7.13s on a formula simplification. DAG size of input: 867 DAG size of output: 69 (called from [L 149] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.combineInter) [2022-11-20 21:10:36,229 WARN L233 SmtUtils]: Spent 7.01s on a formula simplification. DAG size of input: 656 DAG size of output: 71 (called from [L 149] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.combineInter) [2022-11-20 21:10:47,051 WARN L233 SmtUtils]: Spent 5.59s on a formula simplification. DAG size of input: 740 DAG size of output: 67 (called from [L 149] de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.HoareAnnotationComposer.combineInter) [2022-11-20 21:10:53,616 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 624 631) the Hoare annotation is: (let ((.cse1 (= |old(~pumpRunning~0)| 0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= 2 ~waterLevel~0)))) (and (or .cse0 .cse1 (not (<= ~waterLevel~0 2)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|))) (or (not (= ~pumpRunning~0 0)) .cse0 .cse2 .cse1) (or .cse0 .cse2 (not (= ~methaneLevelCritical~0 0)) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)))) [2022-11-20 21:10:53,617 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 624 631) no Hoare annotation was computed. [2022-11-20 21:10:53,617 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 540 546) no Hoare annotation was computed. [2022-11-20 21:10:53,617 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 540 546) the Hoare annotation is: true [2022-11-20 21:10:53,617 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 758 769) the Hoare annotation is: (let ((.cse1 (= |old(~methaneLevelCritical~0)| 0)) (.cse6 (= ~methaneLevelCritical~0 0))) (let ((.cse7 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse9 (not (= 0 ~systemActive~0))) (.cse3 (not .cse6)) (.cse5 (not .cse1)) (.cse8 (not (= ~pumpRunning~0 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= 2 ~waterLevel~0))) (.cse4 (not (<= ~waterLevel~0 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 .cse0 .cse4 .cse7) (or .cse5 .cse8 .cse6 .cse4 .cse7 .cse9) (or .cse8 .cse1 .cse3 .cse4 .cse7 .cse9) (or .cse5 .cse8 .cse6 .cse0 (not (<= 1 ~waterLevel~0)) (not (<= ~waterLevel~0 1))) (or .cse5 .cse6 .cse0 (not (= 2 ~waterLevel~0)) (not (= ~pumpRunning~0 1))) (or .cse8 .cse0 .cse1 .cse3 .cse4) (or .cse5 .cse8 .cse6 .cse0 .cse2 .cse4)))) [2022-11-20 21:10:53,618 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 758 769) no Hoare annotation was computed. [2022-11-20 21:10:53,618 INFO L902 garLoopResultBuilder]: At program point L833(line 833) the Hoare annotation is: true [2022-11-20 21:10:53,618 INFO L899 garLoopResultBuilder]: For program point L833-1(line 833) no Hoare annotation was computed. [2022-11-20 21:10:53,618 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 827 856) no Hoare annotation was computed. [2022-11-20 21:10:53,618 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 827 856) the Hoare annotation is: true [2022-11-20 21:10:53,618 INFO L902 garLoopResultBuilder]: At program point L852(lines 827 856) the Hoare annotation is: true [2022-11-20 21:10:53,619 INFO L899 garLoopResultBuilder]: For program point L848(line 848) no Hoare annotation was computed. [2022-11-20 21:10:53,619 INFO L899 garLoopResultBuilder]: For program point L841(lines 841 845) no Hoare annotation was computed. [2022-11-20 21:10:53,619 INFO L902 garLoopResultBuilder]: At program point L841-1(lines 841 845) the Hoare annotation is: true [2022-11-20 21:10:53,619 INFO L902 garLoopResultBuilder]: At program point L837-2(lines 837 851) the Hoare annotation is: true [2022-11-20 21:10:53,623 INFO L895 garLoopResultBuilder]: At program point L956(line 956) the Hoare annotation is: (let ((.cse11 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse6 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (= ~methaneLevelCritical~0 0)) (.cse20 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse12 (not (<= |old(~waterLevel~0)| 1))) (.cse17 (not .cse6)) (.cse7 (not (= ~switchedOnBeforeTS~0 0))) (.cse8 (= ~pumpRunning~0 0)) (.cse9 (= |timeShift_processEnvironment_~tmp~5#1| ~methaneLevelCritical~0)) (.cse10 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| ~waterLevel~0)) (.cse22 (let ((.cse23 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse23) .cse11) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse23))))) (let ((.cse3 (and .cse7 .cse8 .cse9 .cse10 .cse22)) (.cse14 (not (= |old(~pumpRunning~0)| 1))) (.cse15 (= ~pumpRunning~0 1)) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (or .cse12 .cse17) (not (<= |old(~waterLevel~0)| 0)))) (.cse18 (and .cse8 .cse10 .cse11 .cse20)) (.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse21 (not (= 0 ~systemActive~0))) (.cse4 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (not (= 1 ~systemActive~0))) (.cse13 (not .cse0)) (.cse19 (not .cse8))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse5 .cse0 .cse1 .cse6 (and .cse7 .cse8 .cse9 .cse10 .cse11)) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse0 .cse1 .cse6 .cse3) (or .cse4 .cse12 .cse1 .cse13 .cse14 .cse15) (or .cse1 .cse13 .cse14 .cse16 .cse15 (not (<= 2 |old(~waterLevel~0)|))) (or .cse17 .cse1 .cse18 .cse16) (or .cse1 .cse13 (and .cse19 .cse9 .cse10 (= ~waterLevel~0 1) .cse20) .cse2) (or .cse17 .cse5 .cse18 .cse21) (or .cse17 .cse2 .cse21) (or .cse4 .cse12 .cse1 .cse6 .cse13 (and .cse19 .cse9 .cse10 .cse22 .cse20)))))) [2022-11-20 21:10:53,624 INFO L899 garLoopResultBuilder]: For program point L956-1(line 956) no Hoare annotation was computed. [2022-11-20 21:10:53,624 INFO L895 garLoopResultBuilder]: At program point L593(line 593) the Hoare annotation is: (let ((.cse3 (= |old(~pumpRunning~0)| 0))) (let ((.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse6 (not .cse3))) (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse8 (not (= 0 ~systemActive~0))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse7 (and (or .cse1 .cse6) (not (<= |old(~waterLevel~0)| 0)))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse2 .cse3 .cse4) (or .cse2 .cse5 .cse4) (or .cse6 .cse7 .cse8) (or .cse6 .cse4 .cse8) (or .cse2 (and (= ~methaneLevelCritical~0 0) (not (= |old(~pumpRunning~0)| 1))) .cse3 .cse4) (or .cse6 .cse7 .cse2 .cse5))))) [2022-11-20 21:10:53,624 INFO L895 garLoopResultBuilder]: At program point L593-1(lines 574 598) the Hoare annotation is: (let ((.cse29 (< 0 |old(~waterLevel~0)|)) (.cse24 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse19 (and (not .cse29) .cse24)) (.cse20 (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse29)) (.cse13 (= ~methaneLevelCritical~0 0)) (.cse26 (= ~pumpRunning~0 0)) (.cse3 (= |old(~pumpRunning~0)| 0))) (let ((.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse10 (not .cse3)) (.cse5 (not .cse26)) (.cse21 (= ~waterLevel~0 1)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse28 (= 2 ~waterLevel~0)) (.cse17 (= ~pumpRunning~0 1)) (.cse27 (= 1 ~systemActive~0)) (.cse4 (not .cse13)) (.cse6 (= |timeShift_processEnvironment_~tmp~5#1| ~methaneLevelCritical~0)) (.cse7 (or .cse19 .cse20))) (let ((.cse15 (not (<= |old(~waterLevel~0)| 2))) (.cse16 (not (= |old(~pumpRunning~0)| 1))) (.cse18 (and (not (= ~switchedOnBeforeTS~0 0)) .cse26 .cse27 .cse4 (<= ~waterLevel~0 2) .cse6 .cse7)) (.cse9 (and .cse28 .cse27 .cse24 .cse17)) (.cse11 (and .cse26 .cse28 .cse13 .cse27 .cse24 .cse8)) (.cse23 (not (= 0 ~systemActive~0))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse25 (and .cse5 .cse27 .cse6 .cse7 .cse21 .cse8)) (.cse12 (not (= |old(~waterLevel~0)| 2))) (.cse22 (and (or .cse1 .cse10) (not (<= |old(~waterLevel~0)| 0)))) (.cse2 (not .cse27)) (.cse14 (and .cse26 .cse24 .cse8))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 (and .cse5 .cse6 .cse7 .cse8)) (or .cse9 .cse10 .cse2 .cse4 .cse11 .cse12) (or .cse10 .cse13 .cse2 .cse14 .cse15) (or .cse0 .cse1 .cse2 .cse4 .cse16 .cse17) (or .cse0 .cse13 .cse2 .cse3 .cse18 .cse15) (or .cse13 .cse2 .cse19 .cse3 .cse20 .cse15 (not (<= 2 |old(~waterLevel~0)|))) (or (and .cse21 .cse17) .cse2 .cse4 .cse16 .cse12) (or .cse10 .cse22 .cse23) (or .cse13 .cse2 .cse18 .cse12 .cse24) (or .cse9 .cse25 .cse2 .cse4 .cse11 .cse12) (or .cse10 .cse12 .cse23) (or .cse0 .cse25 .cse2 .cse3 .cse4 .cse12) (or .cse10 .cse22 .cse2 .cse14)))))) [2022-11-20 21:10:53,625 INFO L895 garLoopResultBuilder]: At program point L527-1(lines 527 533) the Hoare annotation is: (let ((.cse27 (< 0 |old(~waterLevel~0)|)) (.cse22 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse19 (and (not .cse27) .cse22)) (.cse20 (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse27)) (.cse13 (= ~methaneLevelCritical~0 0)) (.cse25 (= ~pumpRunning~0 0))) (let ((.cse5 (not .cse25)) (.cse21 (= ~waterLevel~0 1)) (.cse26 (= 2 ~waterLevel~0)) (.cse17 (= ~pumpRunning~0 1)) (.cse24 (= 1 ~systemActive~0)) (.cse4 (not .cse13)) (.cse6 (= |timeShift_processEnvironment_~tmp~5#1| ~methaneLevelCritical~0)) (.cse7 (or .cse19 .cse20)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse3 (= |old(~pumpRunning~0)| 0))) (let ((.cse16 (not (= |old(~pumpRunning~0)| 1))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse10 (not .cse3)) (.cse14 (and .cse25 .cse22 .cse8)) (.cse15 (not (<= |old(~waterLevel~0)| 2))) (.cse18 (and (not (= ~switchedOnBeforeTS~0 0)) .cse25 .cse24 .cse4 (<= ~waterLevel~0 2) .cse6 .cse7)) (.cse9 (and .cse26 .cse24 .cse22 .cse17)) (.cse11 (and .cse25 .cse26 .cse13 .cse24 .cse22 .cse8)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse23 (and .cse5 .cse24 .cse6 .cse7 .cse21 .cse8)) (.cse2 (not .cse24)) (.cse12 (not (= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 (and .cse5 .cse6 .cse7 .cse8)) (or .cse9 .cse10 .cse2 .cse4 .cse11 .cse12) (or .cse10 .cse13 .cse2 .cse14 .cse15) (or .cse0 .cse1 .cse2 .cse4 .cse16 .cse17) (or .cse0 .cse13 .cse2 .cse3 .cse18 .cse15) (or .cse13 .cse2 .cse19 .cse3 .cse20 .cse15 (not (<= 2 |old(~waterLevel~0)|))) (or (and .cse21 .cse17) .cse2 .cse4 .cse16 .cse12) (or .cse1 .cse10 .cse2 .cse14) (or .cse10 .cse14 .cse15 (not (= 0 ~systemActive~0))) (or .cse13 .cse2 .cse18 .cse12 .cse22) (or .cse9 .cse23 .cse2 .cse4 .cse11 .cse12) (or .cse0 .cse23 .cse2 .cse3 .cse4 .cse12)))))) [2022-11-20 21:10:53,625 INFO L895 garLoopResultBuilder]: At program point L420(line 420) the Hoare annotation is: (let ((.cse0 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (not (= |old(~waterLevel~0)| 2))) (.cse3 (not (= 0 ~systemActive~0))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) .cse0 .cse1) (or .cse0 .cse2 .cse3) (or .cse1 .cse4) (or .cse2 .cse4 .cse3) (or .cse2 .cse1 (not (<= |old(~waterLevel~0)| 2))))) [2022-11-20 21:10:53,626 INFO L895 garLoopResultBuilder]: At program point L941(line 941) the Hoare annotation is: (let ((.cse10 (= |old(~pumpRunning~0)| 0))) (let ((.cse11 (= ~methaneLevelCritical~0 0)) (.cse16 (not (= ~switchedOnBeforeTS~0 0))) (.cse1 (not .cse10)) (.cse15 (= ~pumpRunning~0 0)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse4 (and .cse15 .cse8 .cse9)) (.cse7 (not .cse15)) (.cse2 (and (or (not (<= |old(~waterLevel~0)| 1)) .cse1) (not (<= |old(~waterLevel~0)| 0)))) (.cse13 (and .cse16 .cse15)) (.cse6 (not (= 0 ~systemActive~0))) (.cse14 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (= 1 ~systemActive~0))) (.cse17 (not .cse11)) (.cse18 (not (= |old(~pumpRunning~0)| 1))) (.cse12 (not (= |old(~waterLevel~0)| 2))) (.cse19 (= ~pumpRunning~0 1))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse1 .cse4 .cse5 .cse6) (or .cse0 .cse3 (and .cse7 .cse8 .cse9) .cse10 .cse5) (or .cse7 .cse11 .cse3 .cse10 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse3 .cse12 .cse13 .cse14) (or .cse0 .cse1 (and .cse15 .cse9) .cse3 .cse5) (or .cse1 .cse2 .cse3 (and .cse16 .cse15 .cse8) .cse14) (or .cse1 (and (or (and .cse15 (<= 2 ~waterLevel~0)) .cse13) .cse8) .cse5 .cse6 .cse14) (or .cse0 .cse3 .cse17 .cse18 .cse5 .cse19) (or .cse3 .cse12 .cse8) (or .cse3 .cse17 .cse18 .cse12 .cse19))))) [2022-11-20 21:10:53,627 INFO L895 garLoopResultBuilder]: At program point L941-1(line 941) the Hoare annotation is: (let ((.cse12 (= |old(~pumpRunning~0)| 0))) (let ((.cse6 (= ~methaneLevelCritical~0 0)) (.cse9 (= ~pumpRunning~0 0)) (.cse0 (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__2_#t~ret50#1|)) (.cse16 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse15 (not (<= |old(~waterLevel~0)| 1))) (.cse4 (not .cse12))) (let ((.cse10 (not (= |old(~waterLevel~0)| 1))) (.cse7 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse8 (not (= 0 ~systemActive~0))) (.cse3 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse11 (not (= |timeShift___utac_acc__Specification5_spec__2_#t~ret50#1| 0))) (.cse13 (not (<= |old(~waterLevel~0)| 2))) (.cse5 (and (or .cse15 .cse4) (not (<= |old(~waterLevel~0)| 0)))) (.cse14 (and .cse9 .cse0 .cse16)) (.cse1 (not (= 1 ~systemActive~0))) (.cse17 (and .cse6 (not (= |old(~pumpRunning~0)| 1)))) (.cse18 (not .cse6)) (.cse2 (not (= |old(~waterLevel~0)| 2))) (.cse19 (= ~pumpRunning~0 1))) (and (or (and (= 2 ~waterLevel~0) .cse0) .cse1 .cse2) (or .cse3 .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse3 .cse1 .cse2 .cse7) (or .cse4 .cse9 .cse1 .cse2) (or .cse3 .cse10 .cse1 .cse7) (or .cse3 .cse1 .cse11 .cse12 .cse2) (or .cse3 .cse4 .cse6 .cse2 .cse7 .cse8) (or .cse4 .cse13 .cse14 .cse8) (or .cse3 .cse15 .cse1 (and .cse11 .cse0 .cse16 .cse7) .cse12) (or .cse3 .cse4 .cse10 .cse7 .cse8) (or .cse3 .cse15 .cse1 .cse17 .cse18 .cse19) (or .cse6 .cse1 .cse11 .cse12 .cse13 (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 .cse5 .cse1 .cse14) (or .cse1 .cse17 .cse18 .cse2 .cse19))))) [2022-11-20 21:10:53,627 INFO L899 garLoopResultBuilder]: For program point L520-2(lines 516 538) no Hoare annotation was computed. [2022-11-20 21:10:53,627 INFO L899 garLoopResultBuilder]: For program point L582(lines 582 590) no Hoare annotation was computed. [2022-11-20 21:10:53,627 INFO L899 garLoopResultBuilder]: For program point L578(lines 578 595) no Hoare annotation was computed. [2022-11-20 21:10:53,628 INFO L899 garLoopResultBuilder]: For program point L958(lines 958 968) no Hoare annotation was computed. [2022-11-20 21:10:53,628 INFO L899 garLoopResultBuilder]: For program point L954(lines 954 971) no Hoare annotation was computed. [2022-11-20 21:10:53,628 INFO L895 garLoopResultBuilder]: At program point L954-1(lines 946 974) the Hoare annotation is: (let ((.cse20 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse3 (= ~methaneLevelCritical~0 0)) (.cse18 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| 2)) (.cse8 (= ~pumpRunning~0 1)) (.cse5 (= |old(~pumpRunning~0)| 0)) (.cse17 (= ~pumpRunning~0 0)) (.cse23 (= 1 ~systemActive~0)) (.cse10 (= |timeShift_processEnvironment_~tmp~5#1| ~methaneLevelCritical~0)) (.cse11 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| ~waterLevel~0)) (.cse12 (let ((.cse24 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse24) .cse20) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse24))))) (let ((.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse19 (not (= 0 ~systemActive~0))) (.cse7 (not (= |old(~pumpRunning~0)| 1))) (.cse2 (and (not (= ~switchedOnBeforeTS~0 0)) .cse17 .cse23 .cse10 .cse11 .cse12)) (.cse15 (not .cse5)) (.cse14 (not (<= |old(~waterLevel~0)| 2))) (.cse22 (and .cse3 .cse23 .cse11 .cse20 .cse18 .cse8)) (.cse4 (not .cse23)) (.cse6 (not .cse3)) (.cse9 (not .cse17)) (.cse21 (= ~waterLevel~0 1)) (.cse16 (not (= |old(~waterLevel~0)| 2))) (.cse13 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse0 .cse1 .cse4 .cse6 .cse7 .cse8) (or .cse0 .cse4 .cse5 .cse6 (and .cse9 .cse10 .cse11 .cse12 .cse13) .cse14) (or .cse15 .cse16 (and .cse17 .cse11 .cse18 .cse13) .cse19) (or .cse1 .cse15 (and .cse17 .cse11 .cse20 .cse13) .cse19) (or (and .cse21 .cse8) .cse4 .cse6 .cse7 .cse16) (or .cse2 .cse3 .cse4 .cse5 .cse16) (or .cse15 .cse22 .cse4 (and .cse17 .cse23 .cse11 .cse20 .cse13) .cse14) (or .cse22 .cse4 .cse6 (and .cse9 .cse10 .cse11 .cse21 .cse13) .cse16 (and .cse17 .cse23 .cse20 .cse18 .cse13)))))) [2022-11-20 21:10:53,628 INFO L899 garLoopResultBuilder]: For program point L959(lines 959 965) no Hoare annotation was computed. [2022-11-20 21:10:53,628 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 513 539) the Hoare annotation is: (let ((.cse10 (= |old(~pumpRunning~0)| 0))) (let ((.cse11 (= ~methaneLevelCritical~0 0)) (.cse16 (not (= ~switchedOnBeforeTS~0 0))) (.cse1 (not .cse10)) (.cse15 (= ~pumpRunning~0 0)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse4 (and .cse15 .cse8 .cse9)) (.cse7 (not .cse15)) (.cse2 (and (or (not (<= |old(~waterLevel~0)| 1)) .cse1) (not (<= |old(~waterLevel~0)| 0)))) (.cse13 (and .cse16 .cse15)) (.cse6 (not (= 0 ~systemActive~0))) (.cse14 (= |old(~switchedOnBeforeTS~0)| 0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (not (<= |old(~waterLevel~0)| 2))) (.cse3 (not (= 1 ~systemActive~0))) (.cse17 (not .cse11)) (.cse18 (not (= |old(~pumpRunning~0)| 1))) (.cse12 (not (= |old(~waterLevel~0)| 2))) (.cse19 (= ~pumpRunning~0 1))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse1 .cse4 .cse5 .cse6) (or .cse0 .cse3 (and .cse7 .cse8 .cse9) .cse10 .cse5) (or .cse7 .cse11 .cse3 .cse10 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse3 .cse12 .cse13 .cse14) (or .cse0 .cse1 (and .cse15 .cse9) .cse3 .cse5) (or .cse1 .cse2 .cse3 (and .cse16 .cse15 .cse8) .cse14) (or .cse1 (and (or (and .cse15 (<= 2 ~waterLevel~0)) .cse13) .cse8) .cse5 .cse6 .cse14) (or .cse0 .cse3 .cse17 .cse18 .cse5 .cse19) (or .cse3 .cse12 .cse8) (or .cse3 .cse17 .cse18 .cse12 .cse19))))) [2022-11-20 21:10:53,629 INFO L895 garLoopResultBuilder]: At program point L588(line 588) the Hoare annotation is: (let ((.cse9 (not (<= |old(~waterLevel~0)| 1))) (.cse11 (not (= |old(~pumpRunning~0)| 0)))) (let ((.cse3 (not (= |old(~pumpRunning~0)| 1))) (.cse4 (= ~pumpRunning~0 1)) (.cse1 (and (or .cse9 .cse11) (not (<= |old(~waterLevel~0)| 0)))) (.cse12 (not (= 0 ~systemActive~0))) (.cse10 (= ~methaneLevelCritical~0 0)) (.cse8 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (not (= ~pumpRunning~0 0))) (.cse6 (= |timeShift_processEnvironment_~tmp~5#1| ~methaneLevelCritical~0)) (.cse7 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse2 (not (= 1 ~systemActive~0))) (.cse13 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse2 (and .cse5 .cse6 (= ~waterLevel~0 1) .cse7) .cse8) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 .cse3 .cse4) (or .cse2 .cse3 .cse8 .cse4) (or .cse0 .cse9 .cse10 .cse2) (or .cse11 .cse1 .cse12) (or .cse11 .cse8 .cse12) (or .cse10 .cse2 .cse8) (or .cse0 .cse2 .cse13 (and .cse5 .cse6 (let ((.cse14 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse14) (= |old(~waterLevel~0)| ~waterLevel~0)) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse14))) .cse7)) (or .cse11 .cse2 .cse13)))) [2022-11-20 21:10:53,629 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 513 539) no Hoare annotation was computed. [2022-11-20 21:10:53,629 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 420) no Hoare annotation was computed. [2022-11-20 21:10:53,629 INFO L895 garLoopResultBuilder]: At program point L584(line 584) the Hoare annotation is: (let ((.cse6 (not (= |old(~waterLevel~0)| 2))) (.cse9 (not (= 0 ~systemActive~0))) (.cse8 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (= ~pumpRunning~0 0))) (.cse10 (not (= ~methaneLevelCritical~0 0))) (.cse4 (= |timeShift_processEnvironment_~tmp~5#1| ~methaneLevelCritical~0)) (.cse2 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse3 (< 0 |old(~waterLevel~0)|)) (.cse5 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (and (or .cse0 (and .cse1 .cse2 .cse3 .cse4 .cse5) .cse6) (or .cse7 .cse8 .cse9) (or .cse0 .cse10 .cse6) (or .cse8 .cse6 .cse9) (or .cse8 .cse0 (not (<= |old(~waterLevel~0)| 2))) (or (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|)) .cse7 .cse0 (and .cse1 .cse10 .cse4 (<= ~waterLevel~0 0) (or (and .cse2 .cse3) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse5)))) [2022-11-20 21:10:53,629 INFO L895 garLoopResultBuilder]: At program point L580(line 580) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse4 (not (= |old(~pumpRunning~0)| 1))) (.cse5 (= ~pumpRunning~0 1)) (.cse1 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse9 (not (= ~pumpRunning~0 0))) (.cse10 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse11 (not (= |old(~waterLevel~0)| 2))) (.cse8 (not (= 0 ~systemActive~0))) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse6 (not (<= |old(~waterLevel~0)| 2)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or .cse2 .cse3 .cse4 .cse6 .cse5 (not (<= 2 |old(~waterLevel~0)|))) (or .cse1 .cse7 .cse8) (or .cse2 (and .cse9 (= ~waterLevel~0 1) .cse10) .cse11) (or .cse0 (and .cse9 (let ((.cse12 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse12) (= |old(~waterLevel~0)| ~waterLevel~0)) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse12))) .cse10) .cse2 .cse6) (or .cse7 .cse11 .cse8) (or .cse7 .cse2 .cse6))) [2022-11-20 21:10:53,630 INFO L899 garLoopResultBuilder]: For program point L580-1(line 580) no Hoare annotation was computed. [2022-11-20 21:10:53,630 INFO L902 garLoopResultBuilder]: At program point L494(lines 431 498) the Hoare annotation is: true [2022-11-20 21:10:53,630 INFO L899 garLoopResultBuilder]: For program point L461(lines 461 467) no Hoare annotation was computed. [2022-11-20 21:10:53,630 INFO L899 garLoopResultBuilder]: For program point L461-1(lines 461 467) no Hoare annotation was computed. [2022-11-20 21:10:53,630 INFO L895 garLoopResultBuilder]: At program point L713(line 713) the Hoare annotation is: (let ((.cse0 (not (= ~pumpRunning~0 0))) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 (<= ~waterLevel~0 1) .cse1 .cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse2))) [2022-11-20 21:10:53,630 INFO L895 garLoopResultBuilder]: At program point L453(line 453) the Hoare annotation is: (let ((.cse4 (= ~methaneLevelCritical~0 0))) (let ((.cse1 (= ~pumpRunning~0 1)) (.cse0 (not .cse4)) (.cse6 (<= ~waterLevel~0 1)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (<= ~waterLevel~0 2))) (or (and (= 2 ~waterLevel~0) (or .cse0 .cse1) .cse2 .cse3) (and .cse4 .cse2 .cse3 (= ~waterLevel~0 1) .cse1) (and .cse5 .cse6 .cse2 .cse0 .cse3) (and .cse5 .cse3 .cse7 (= 0 ~systemActive~0) .cse8) (and .cse5 .cse6 .cse2 .cse3 (<= 1 ~waterLevel~0)) (and .cse4 .cse6 .cse2 .cse3 .cse8) (and .cse5 (<= 2 ~waterLevel~0) .cse2 .cse3 .cse7)))) [2022-11-20 21:10:53,630 INFO L902 garLoopResultBuilder]: At program point ULTIMATE.startENTRY(line -1) the Hoare annotation is: true [2022-11-20 21:10:53,630 INFO L895 garLoopResultBuilder]: At program point L491(lines 440 492) the Hoare annotation is: false [2022-11-20 21:10:53,630 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-20 21:10:53,630 INFO L899 garLoopResultBuilder]: For program point L479(lines 479 485) no Hoare annotation was computed. [2022-11-20 21:10:53,631 INFO L895 garLoopResultBuilder]: At program point L479-2(lines 471 486) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 0)) (.cse2 (<= ~waterLevel~0 1)) (.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (= 2 ~waterLevel~0) .cse0 .cse1) (and .cse2 .cse0 .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and .cse3 .cse1 (<= ~waterLevel~0 2) (= 0 ~systemActive~0)) (and .cse3 .cse2 .cse0 .cse1))) [2022-11-20 21:10:53,631 INFO L899 garLoopResultBuilder]: For program point L442(lines 441 490) no Hoare annotation was computed. [2022-11-20 21:10:53,631 INFO L895 garLoopResultBuilder]: At program point L471(lines 471 486) the Hoare annotation is: (let ((.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse0 (= ~pumpRunning~0 0)) (.cse4 (<= ~waterLevel~0 1)) (.cse3 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (<= ~waterLevel~0 2) (= 0 ~systemActive~0) .cse2) (and (= 2 ~waterLevel~0) .cse3 .cse1) (and .cse4 .cse3 .cse1 .cse2) (and .cse0 .cse4 .cse3 .cse1))) [2022-11-20 21:10:53,631 INFO L895 garLoopResultBuilder]: At program point L913(lines 913 920) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) [2022-11-20 21:10:53,631 INFO L895 garLoopResultBuilder]: At program point L463(line 463) the Hoare annotation is: (let ((.cse6 (= ~methaneLevelCritical~0 0))) (let ((.cse0 (not .cse6)) (.cse3 (= ~pumpRunning~0 0)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2)) (.cse5 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (or (and (= 2 ~waterLevel~0) (or .cse0 (= ~pumpRunning~0 1)) .cse1 .cse2) (and .cse3 (<= ~waterLevel~0 1) .cse1 .cse0 .cse2) (and .cse3 .cse2 .cse4 (= 0 ~systemActive~0) .cse5) (and .cse3 .cse1 .cse2 (= ~waterLevel~0 1)) (and .cse3 (<= 2 ~waterLevel~0) .cse1 .cse2 .cse4) (and .cse6 .cse1 .cse2 .cse4 .cse5)))) [2022-11-20 21:10:53,631 INFO L902 garLoopResultBuilder]: At program point L913-2(lines 913 920) the Hoare annotation is: true [2022-11-20 21:10:53,631 INFO L895 garLoopResultBuilder]: At program point L488(lines 441 490) the Hoare annotation is: (let ((.cse7 (= ~methaneLevelCritical~0 0))) (let ((.cse1 (not .cse7)) (.cse5 (<= ~waterLevel~0 1)) (.cse6 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (= ~pumpRunning~0 0)) (.cse0 (= 2 ~waterLevel~0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 (or .cse1 (= ~pumpRunning~0 1)) .cse2 .cse3) (and .cse4 .cse5 .cse2 .cse1 .cse3) (and .cse4 .cse3 (<= ~waterLevel~0 2) (= 0 ~systemActive~0) .cse6) (and .cse7 .cse5 .cse2 .cse3 .cse6) (and .cse4 .cse2 .cse3 (= ~waterLevel~0 1)) (and .cse4 .cse0 .cse2 .cse3)))) [2022-11-20 21:10:53,632 INFO L899 garLoopResultBuilder]: For program point L711(lines 711 717) no Hoare annotation was computed. [2022-11-20 21:10:53,632 INFO L895 garLoopResultBuilder]: At program point L711-1(lines 711 717) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (and .cse0 (<= 2 ~waterLevel~0) .cse1 .cse2 (not (= 0 ~systemActive~0))) (and .cse0 (= 1 ~systemActive~0) .cse1 .cse2))) [2022-11-20 21:10:53,632 INFO L899 garLoopResultBuilder]: For program point L451(lines 451 457) no Hoare annotation was computed. [2022-11-20 21:10:53,632 INFO L899 garLoopResultBuilder]: For program point L451-1(lines 451 457) no Hoare annotation was computed. [2022-11-20 21:10:53,632 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 746 757) no Hoare annotation was computed. [2022-11-20 21:10:53,632 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 746 757) the Hoare annotation is: (let ((.cse8 (not (= ~pumpRunning~0 0))) (.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse2 (not (= ~pumpRunning~0 1))) (.cse5 (not (= |old(~waterLevel~0)| 1))) (.cse7 (= ~waterLevel~0 1)) (.cse3 (not (= |old(~waterLevel~0)| 2))) (.cse0 (not (= 1 ~systemActive~0))) (.cse6 (not .cse1)) (.cse9 (and (or (not (<= |old(~waterLevel~0)| 1)) .cse8) (not (<= |old(~waterLevel~0)| 0)))) (.cse10 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse11 (not (= 0 ~systemActive~0)))) (and (or .cse0 (and .cse1 .cse2) .cse3 .cse4) (or .cse5 .cse0 .cse6 .cse2 .cse7) (or .cse8 .cse1 .cse0 .cse9 .cse4) (or .cse5 .cse0 .cse6 .cse10 .cse7) (or .cse8 .cse5 .cse0 .cse7) (or .cse8 .cse0 .cse3 .cse4) (or .cse8 .cse10 .cse3 .cse4 .cse11) (or .cse0 .cse9 .cse6 .cse10 .cse4) (or .cse8 .cse9 .cse10 .cse4 .cse11)))) [2022-11-20 21:10:53,633 INFO L895 garLoopResultBuilder]: At program point L562(line 562) the Hoare annotation is: (let ((.cse1 (= |old(~pumpRunning~0)| 0))) (let ((.cse2 (not (<= ~waterLevel~0 2))) (.cse4 (not .cse1)) (.cse0 (not (= 1 ~systemActive~0))) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 (not (= ~methaneLevelCritical~0 0)) .cse2 .cse3) (or .cse4 (= ~pumpRunning~0 0) .cse0 .cse2 .cse3) (or .cse4 .cse0 (= |processEnvironment__wrappee__methaneQuery_~tmp~4#1| 0) (not (<= ~waterLevel~0 1)) .cse3)))) [2022-11-20 21:10:53,633 INFO L899 garLoopResultBuilder]: For program point L556(lines 556 564) no Hoare annotation was computed. [2022-11-20 21:10:53,633 INFO L895 garLoopResultBuilder]: At program point L552(lines 552 569) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2))) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 .cse2 .cse3) (or .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 .cse2 .cse3))) [2022-11-20 21:10:53,633 INFO L895 garLoopResultBuilder]: At program point L612(line 612) the Hoare annotation is: (let ((.cse1 (= |old(~pumpRunning~0)| 0))) (let ((.cse3 (not .cse1)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 (not (= ~methaneLevelCritical~0 0)) (not (<= ~waterLevel~0 2)) .cse2) (or .cse3 .cse0 (not (<= ~waterLevel~0 1)) .cse2) (or .cse3 .cse0 (not (= 2 ~waterLevel~0)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse2)))) [2022-11-20 21:10:53,634 INFO L895 garLoopResultBuilder]: At program point L612-1(line 612) the Hoare annotation is: (let ((.cse1 (= |old(~pumpRunning~0)| 0))) (let ((.cse4 (not .cse1)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (not (<= ~waterLevel~0 2))) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 .cse1 (not (= ~methaneLevelCritical~0 0)) .cse2 .cse3) (or .cse4 .cse0 (not (<= ~waterLevel~0 1)) .cse3) (or .cse4 .cse0 .cse2 (and (= |processEnvironment__wrappee__methaneQuery_activatePump_#t~ret33#1| ~methaneLevelCritical~0) (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) .cse3)))) [2022-11-20 21:10:53,634 INFO L895 garLoopResultBuilder]: At program point L567(line 567) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse2) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 .cse2))) [2022-11-20 21:10:53,634 INFO L899 garLoopResultBuilder]: For program point L567-1(lines 548 572) no Hoare annotation was computed. [2022-11-20 21:10:53,634 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__methaneQueryENTRY(lines 548 572) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (<= ~waterLevel~0 2))) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 .cse2 .cse3) (or .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 .cse2 .cse3))) [2022-11-20 21:10:53,634 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__methaneQueryEXIT(lines 548 572) no Hoare annotation was computed. [2022-11-20 21:10:53,635 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 643 651) no Hoare annotation was computed. [2022-11-20 21:10:53,635 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 643 651) the Hoare annotation is: true [2022-11-20 21:10:53,635 INFO L902 garLoopResultBuilder]: At program point isMethaneAlarmENTRY(lines 632 642) the Hoare annotation is: true [2022-11-20 21:10:53,635 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmEXIT(lines 632 642) no Hoare annotation was computed. [2022-11-20 21:10:53,638 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 21:10:53,641 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-20 21:10:53,695 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.11 09:10:53 BoogieIcfgContainer [2022-11-20 21:10:53,695 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-20 21:10:53,696 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-20 21:10:53,696 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-20 21:10:53,696 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-20 21:10:53,697 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 09:07:59" (3/4) ... [2022-11-20 21:10:53,699 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-20 21:10:53,705 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-20 21:10:53,705 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-20 21:10:53,705 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-20 21:10:53,706 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-20 21:10:53,706 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-20 21:10:53,706 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-20 21:10:53,706 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__methaneQuery [2022-11-20 21:10:53,706 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-20 21:10:53,707 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneAlarm [2022-11-20 21:10:53,713 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 47 nodes and edges [2022-11-20 21:10:53,714 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 13 nodes and edges [2022-11-20 21:10:53,714 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 6 nodes and edges [2022-11-20 21:10:53,715 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-20 21:10:53,715 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-20 21:10:53,741 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((((2 == waterLevel && pumpRunning == aux-isPumpRunning()-aux) || !(1 == systemActive)) || !(\old(waterLevel) == 2)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || methaneLevelCritical == 0) || pumpRunning == switchedOnBeforeTS) || !(0 == systemActive))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || pumpRunning == switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || pumpRunning == switchedOnBeforeTS)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(aux-isPumpRunning()-aux == 0)) || \old(pumpRunning) == 0) || !(\old(waterLevel) == 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || !(\old(waterLevel) == 2)) || pumpRunning == switchedOnBeforeTS) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || ((pumpRunning == 0 && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (((!(aux-isPumpRunning()-aux == 0) && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || \old(pumpRunning) == 0)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 1)) || pumpRunning == switchedOnBeforeTS) || !(0 == systemActive))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (methaneLevelCritical == 0 && !(\old(pumpRunning) == 1))) || !(methaneLevelCritical == 0)) || pumpRunning == 1)) && (((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(aux-isPumpRunning()-aux == 0)) || \old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) || ((pumpRunning == 0 && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || (methaneLevelCritical == 0 && !(\old(pumpRunning) == 1))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || pumpRunning == 1) [2022-11-20 21:10:53,742 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((!(pumpRunning == 0) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || pumpRunning == 1)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) <= 2))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || \old(pumpRunning) == 0) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((waterLevel == 1 && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((methaneLevelCritical == 0 || !(1 == systemActive)) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) [2022-11-20 21:10:53,742 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || pumpRunning == 1)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || ((((!(pumpRunning == 0) && tmp == methaneLevelCritical) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || (((pumpRunning == 0 && tmp == waterLevel) && tmp == 2) && pumpRunning == switchedOnBeforeTS)) || !(0 == systemActive))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(0 == systemActive))) && (((((waterLevel == 1 && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2))) && (((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || (((((methaneLevelCritical == 0 && 1 == systemActive) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2) && pumpRunning == 1)) || !(1 == systemActive)) || ((((pumpRunning == 0 && 1 == systemActive) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((((((((methaneLevelCritical == 0 && 1 == systemActive) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2) && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((((!(pumpRunning == 0) && tmp == methaneLevelCritical) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2) && pumpRunning == switchedOnBeforeTS)) [2022-11-20 21:10:53,743 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (!(1 == systemActive) || !(\old(waterLevel) == 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) [2022-11-20 21:10:53,743 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((!(pumpRunning == 0) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || pumpRunning == 1)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) <= 2))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || \old(pumpRunning) == 0) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((waterLevel == 1 && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2))) && ((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(0 == systemActive))) && ((((methaneLevelCritical == 0 || !(1 == systemActive)) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) [2022-11-20 21:10:53,743 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(1 == systemActive) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-20 21:10:53,744 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(1 == systemActive) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 1)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (aux-isMethaneAlarm()-aux == methaneLevelCritical && pumpRunning == switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-20 21:10:53,770 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/witness.graphml [2022-11-20 21:10:53,770 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-20 21:10:53,771 INFO L158 Benchmark]: Toolchain (without parser) took 176013.96ms. Allocated memory was 134.2MB in the beginning and 1.7GB in the end (delta: 1.6GB). Free memory was 94.0MB in the beginning and 950.9MB in the end (delta: -856.9MB). Peak memory consumption was 726.2MB. Max. memory is 16.1GB. [2022-11-20 21:10:53,771 INFO L158 Benchmark]: CDTParser took 0.26ms. Allocated memory is still 134.2MB. Free memory was 109.7MB in the beginning and 109.5MB in the end (delta: 211.8kB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-20 21:10:53,772 INFO L158 Benchmark]: CACSL2BoogieTranslator took 589.31ms. Allocated memory is still 134.2MB. Free memory was 94.0MB in the beginning and 74.7MB in the end (delta: 19.3MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-20 21:10:53,772 INFO L158 Benchmark]: Boogie Procedure Inliner took 58.03ms. Allocated memory is still 134.2MB. Free memory was 74.7MB in the beginning and 72.6MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-20 21:10:53,773 INFO L158 Benchmark]: Boogie Preprocessor took 36.18ms. Allocated memory is still 134.2MB. Free memory was 72.6MB in the beginning and 70.9MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-20 21:10:53,773 INFO L158 Benchmark]: RCFGBuilder took 839.91ms. Allocated memory was 134.2MB in the beginning and 188.7MB in the end (delta: 54.5MB). Free memory was 70.9MB in the beginning and 148.8MB in the end (delta: -77.8MB). Peak memory consumption was 23.7MB. Max. memory is 16.1GB. [2022-11-20 21:10:53,773 INFO L158 Benchmark]: TraceAbstraction took 174407.53ms. Allocated memory was 188.7MB in the beginning and 1.7GB in the end (delta: 1.5GB). Free memory was 148.8MB in the beginning and 956.2MB in the end (delta: -807.5MB). Peak memory consumption was 1.1GB. Max. memory is 16.1GB. [2022-11-20 21:10:53,774 INFO L158 Benchmark]: Witness Printer took 74.88ms. Allocated memory is still 1.7GB. Free memory was 956.2MB in the beginning and 950.9MB in the end (delta: 5.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-20 21:10:53,775 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.26ms. Allocated memory is still 134.2MB. Free memory was 109.7MB in the beginning and 109.5MB in the end (delta: 211.8kB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 589.31ms. Allocated memory is still 134.2MB. Free memory was 94.0MB in the beginning and 74.7MB in the end (delta: 19.3MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 58.03ms. Allocated memory is still 134.2MB. Free memory was 74.7MB in the beginning and 72.6MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 36.18ms. Allocated memory is still 134.2MB. Free memory was 72.6MB in the beginning and 70.9MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 839.91ms. Allocated memory was 134.2MB in the beginning and 188.7MB in the end (delta: 54.5MB). Free memory was 70.9MB in the beginning and 148.8MB in the end (delta: -77.8MB). Peak memory consumption was 23.7MB. Max. memory is 16.1GB. * TraceAbstraction took 174407.53ms. Allocated memory was 188.7MB in the beginning and 1.7GB in the end (delta: 1.5GB). Free memory was 148.8MB in the beginning and 956.2MB in the end (delta: -807.5MB). Peak memory consumption was 1.1GB. Max. memory is 16.1GB. * Witness Printer took 74.88ms. Allocated memory is still 1.7GB. Free memory was 956.2MB in the beginning and 950.9MB in the end (delta: 5.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 420]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 72 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 174.3s, OverallIterations: 10, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 24.2s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 112.1s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 5096 SdHoareTripleChecker+Valid, 10.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 5056 mSDsluCounter, 8204 SdHoareTripleChecker+Invalid, 8.7s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 6652 mSDsCounter, 4119 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 13196 IncrementalHoareTripleChecker+Invalid, 17315 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 4119 mSolverCounterUnsat, 1552 mSDtfsCounter, 13196 mSolverCounterSat, 0.2s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1332 GetRequests, 769 SyntacticMatches, 12 SemanticMatches, 551 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 36180 ImplicationChecksByTransitivity, 31.2s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=2911occurred in iteration=9, InterpolantAutomatonStates: 428, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 1.0s AutomataMinimizationTime, 10 MinimizatonAttempts, 2346 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 41 LocationsWithAnnotation, 10391 PreInvPairs, 13423 NumberOfFragments, 4584 HoareAnnotationTreeSize, 10391 FomulaSimplifications, 255292 FormulaSimplificationTreeSizeReduction, 35.9s HoareSimplificationTime, 41 FomulaSimplificationsInter, 637488 FormulaSimplificationTreeSizeReductionInter, 75.5s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 4.2s InterpolantComputationTime, 727 NumberOfCodeBlocks, 727 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 957 ConstructedInterpolants, 0 QuantifiedInterpolants, 2602 SizeOfPredicates, 29 NumberOfNonLiveVariables, 1121 ConjunctsInSsa, 69 ConjunctsInUnsatCore, 16 InterpolantComputations, 7 PerfectInterpolantSequences, 393/474 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 913]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS - InvariantResult [Line: 574]: Loop Invariant Derived loop invariant: ((((((((((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((!(pumpRunning == 0) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || pumpRunning == 1)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) <= 2))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || \old(pumpRunning) == 0) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((waterLevel == 1 && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2))) && ((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(0 == systemActive))) && ((((methaneLevelCritical == 0 || !(1 == systemActive)) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2))) && (((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) - InvariantResult [Line: -1]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 941]: Loop Invariant Derived loop invariant: (((((((((((((((2 == waterLevel && pumpRunning == aux-isPumpRunning()-aux) || !(1 == systemActive)) || !(\old(waterLevel) == 2)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || methaneLevelCritical == 0) || pumpRunning == switchedOnBeforeTS) || !(0 == systemActive))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(\old(waterLevel) == 2)) || pumpRunning == switchedOnBeforeTS)) && (((!(\old(pumpRunning) == 0) || pumpRunning == 0) || !(1 == systemActive)) || !(\old(waterLevel) == 2))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || pumpRunning == switchedOnBeforeTS)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || !(aux-isPumpRunning()-aux == 0)) || \old(pumpRunning) == 0) || !(\old(waterLevel) == 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || !(\old(waterLevel) == 2)) || pumpRunning == switchedOnBeforeTS) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || ((pumpRunning == 0 && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel)) || !(0 == systemActive))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (((!(aux-isPumpRunning()-aux == 0) && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || \old(pumpRunning) == 0)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || !(\old(waterLevel) == 1)) || pumpRunning == switchedOnBeforeTS) || !(0 == systemActive))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || (methaneLevelCritical == 0 && !(\old(pumpRunning) == 1))) || !(methaneLevelCritical == 0)) || pumpRunning == 1)) && (((((methaneLevelCritical == 0 || !(1 == systemActive)) || !(aux-isPumpRunning()-aux == 0)) || \old(pumpRunning) == 0) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((!(\old(pumpRunning) == 0) || ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) && !(\old(waterLevel) <= 0))) || !(1 == systemActive)) || ((pumpRunning == 0 && pumpRunning == aux-isPumpRunning()-aux) && \old(waterLevel) == waterLevel))) && ((((!(1 == systemActive) || (methaneLevelCritical == 0 && !(\old(pumpRunning) == 1))) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) || pumpRunning == 1) - InvariantResult [Line: 913]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 440]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 837]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 946]: Loop Invariant Derived loop invariant: ((((((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || pumpRunning == 1)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || ((((!(pumpRunning == 0) && tmp == methaneLevelCritical) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || (((pumpRunning == 0 && tmp == waterLevel) && tmp == 2) && pumpRunning == switchedOnBeforeTS)) || !(0 == systemActive))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || (((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(0 == systemActive))) && (((((waterLevel == 1 && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2))) && (((((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || (((((methaneLevelCritical == 0 && 1 == systemActive) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2) && pumpRunning == 1)) || !(1 == systemActive)) || ((((pumpRunning == 0 && 1 == systemActive) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && ((((((((((methaneLevelCritical == 0 && 1 == systemActive) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && tmp == 2) && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || ((((!(pumpRunning == 0) && tmp == methaneLevelCritical) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2)) || ((((pumpRunning == 0 && 1 == systemActive) && \old(waterLevel) == waterLevel) && tmp == 2) && pumpRunning == switchedOnBeforeTS)) - InvariantResult [Line: 420]: Loop Invariant Derived loop invariant: (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) && ((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(0 == systemActive))) && (!(1 == systemActive) || !(\old(waterLevel) == 2))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(\old(waterLevel) <= 2)) - InvariantResult [Line: 612]: Loop Invariant Derived loop invariant: (((((!(1 == systemActive) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 1)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || (aux-isMethaneAlarm()-aux == methaneLevelCritical && pumpRunning == switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 471]: Loop Invariant Derived loop invariant: ((((((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive) && pumpRunning == switchedOnBeforeTS) || ((2 == waterLevel && 1 == systemActive) && splverifierCounter == 0)) || (((waterLevel <= 1 && 1 == systemActive) && splverifierCounter == 0) && pumpRunning == switchedOnBeforeTS)) || (((pumpRunning == 0 && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 632]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 431]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 711]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && pumpRunning == switchedOnBeforeTS) || ((((pumpRunning == 0 && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive))) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel <= 2) - InvariantResult [Line: 527]: Loop Invariant Derived loop invariant: (((((((((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((!(pumpRunning == 0) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && pumpRunning == switchedOnBeforeTS)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && ((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || pumpRunning == 1)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || !(1 == systemActive)) || \old(pumpRunning) == 0) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) <= 2))) && ((((((methaneLevelCritical == 0 || !(1 == systemActive)) || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || \old(pumpRunning) == 0) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && (((((waterLevel == 1 && pumpRunning == 1) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || !(\old(pumpRunning) == 1)) || !(\old(waterLevel) == 2))) && (((!(\old(waterLevel) <= 1) || !(\old(pumpRunning) == 0)) || !(1 == systemActive)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) <= 2)) || !(0 == systemActive))) && ((((methaneLevelCritical == 0 || !(1 == systemActive)) || ((((((!(switchedOnBeforeTS == 0) && pumpRunning == 0) && 1 == systemActive) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || \old(waterLevel) == waterLevel)) && ((((((((2 == waterLevel && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == 1) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && 2 == waterLevel) && methaneLevelCritical == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || !(\old(waterLevel) == 2))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || (((((!(pumpRunning == 0) && 1 == systemActive) && tmp == methaneLevelCritical) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(1 == systemActive)) || \old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(\old(waterLevel) == 2)) - InvariantResult [Line: 827]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 552]: Loop Invariant Derived loop invariant: ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(1 == systemActive) || !(methaneLevelCritical == 0)) || !(waterLevel <= 2)) || pumpRunning == switchedOnBeforeTS) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 441]: Loop Invariant Derived loop invariant: (((((((2 == waterLevel && (!(methaneLevelCritical == 0) || pumpRunning == 1)) && 1 == systemActive) && splverifierCounter == 0) || ((((pumpRunning == 0 && waterLevel <= 1) && 1 == systemActive) && !(methaneLevelCritical == 0)) && splverifierCounter == 0)) || ((((pumpRunning == 0 && splverifierCounter == 0) && waterLevel <= 2) && 0 == systemActive) && pumpRunning == switchedOnBeforeTS)) || ((((methaneLevelCritical == 0 && waterLevel <= 1) && 1 == systemActive) && splverifierCounter == 0) && pumpRunning == switchedOnBeforeTS)) || (((pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0) && waterLevel == 1)) || (((pumpRunning == 0 && 2 == waterLevel) && 1 == systemActive) && splverifierCounter == 0) RESULT: Ultimate proved your program to be correct! [2022-11-20 21:10:53,819 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e533b44f-728f-4be8-92fc-73e739bc7db4/bin/utaipan-6cKwYrpEi9/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE