./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 4e7fbc69 Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/config/TaipanReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/config/svcomp-Reach-32bit-Taipan_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Taipan --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 88f09ec5af0f641c9edfe2f7047937341e46c7f8baabeed0fd38f069cd3b5278 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-4e7fbc6 [2022-11-23 14:54:59,449 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-23 14:54:59,451 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-23 14:54:59,472 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-23 14:54:59,473 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-23 14:54:59,474 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-23 14:54:59,475 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-23 14:54:59,477 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-23 14:54:59,479 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-23 14:54:59,480 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-23 14:54:59,481 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-23 14:54:59,482 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-23 14:54:59,483 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-23 14:54:59,484 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-23 14:54:59,485 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-23 14:54:59,486 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-23 14:54:59,487 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-23 14:54:59,488 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-23 14:54:59,490 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-23 14:54:59,492 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-23 14:54:59,494 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-23 14:54:59,495 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-23 14:54:59,497 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-23 14:54:59,498 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-23 14:54:59,501 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-23 14:54:59,502 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-23 14:54:59,502 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-23 14:54:59,503 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-23 14:54:59,504 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-23 14:54:59,505 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-23 14:54:59,505 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-23 14:54:59,506 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-23 14:54:59,507 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-23 14:54:59,508 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-23 14:54:59,509 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-23 14:54:59,509 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-23 14:54:59,510 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-23 14:54:59,511 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-23 14:54:59,511 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-23 14:54:59,512 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-23 14:54:59,513 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-23 14:54:59,514 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/config/svcomp-Reach-32bit-Taipan_Default.epf [2022-11-23 14:54:59,542 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-23 14:54:59,552 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-23 14:54:59,553 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-23 14:54:59,554 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-23 14:54:59,555 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-23 14:54:59,555 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-23 14:54:59,556 INFO L138 SettingsManager]: * User list type=DISABLED [2022-11-23 14:54:59,556 INFO L136 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2022-11-23 14:54:59,556 INFO L138 SettingsManager]: * Explicit value domain=true [2022-11-23 14:54:59,556 INFO L138 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2022-11-23 14:54:59,557 INFO L138 SettingsManager]: * Octagon Domain=false [2022-11-23 14:54:59,558 INFO L138 SettingsManager]: * Abstract domain=CompoundDomain [2022-11-23 14:54:59,558 INFO L138 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2022-11-23 14:54:59,558 INFO L138 SettingsManager]: * Use the RCFG-of-the-future interface=true [2022-11-23 14:54:59,558 INFO L138 SettingsManager]: * Interval Domain=false [2022-11-23 14:54:59,559 INFO L136 SettingsManager]: Preferences of Sifa differ from their defaults: [2022-11-23 14:54:59,559 INFO L138 SettingsManager]: * Call Summarizer=TopInputCallSummarizer [2022-11-23 14:54:59,559 INFO L138 SettingsManager]: * Simplification Technique=POLY_PAC [2022-11-23 14:54:59,560 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-23 14:54:59,560 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-23 14:54:59,560 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-23 14:54:59,560 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-23 14:54:59,561 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-23 14:54:59,561 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-11-23 14:54:59,561 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-23 14:54:59,561 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-11-23 14:54:59,561 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-23 14:54:59,562 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-11-23 14:54:59,562 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-23 14:54:59,562 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-11-23 14:54:59,562 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-23 14:54:59,563 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-23 14:54:59,563 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-23 14:54:59,563 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-23 14:54:59,563 INFO L138 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2022-11-23 14:54:59,564 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-23 14:54:59,564 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-11-23 14:54:59,564 INFO L138 SettingsManager]: * Trace refinement strategy=SIFA_TAIPAN [2022-11-23 14:54:59,564 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-23 14:54:59,564 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-11-23 14:54:59,565 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2022-11-23 14:54:59,565 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Taipan Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 88f09ec5af0f641c9edfe2f7047937341e46c7f8baabeed0fd38f069cd3b5278 [2022-11-23 14:54:59,840 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-23 14:54:59,871 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-23 14:54:59,874 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-23 14:54:59,876 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-23 14:54:59,876 INFO L275 PluginConnector]: CDTParser initialized [2022-11-23 14:54:59,878 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/../../sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c [2022-11-23 14:55:03,053 INFO L500 CDTParser]: Created temporary CDT project at NULL [2022-11-23 14:55:03,306 INFO L351 CDTParser]: Found 1 translation units. [2022-11-23 14:55:03,307 INFO L172 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c [2022-11-23 14:55:03,319 INFO L394 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/data/cc1c9484a/19d0b5c15ceb4ae7ac4960e554b5f15d/FLAGbd18a9f6d [2022-11-23 14:55:03,341 INFO L402 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/data/cc1c9484a/19d0b5c15ceb4ae7ac4960e554b5f15d [2022-11-23 14:55:03,344 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-23 14:55:03,346 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-23 14:55:03,348 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-23 14:55:03,348 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-23 14:55:03,352 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-23 14:55:03,353 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,354 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1ff25f3b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03, skipping insertion in model container [2022-11-23 14:55:03,354 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,362 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-23 14:55:03,420 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-23 14:55:03,614 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c[3971,3984] [2022-11-23 14:55:03,744 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-23 14:55:03,755 INFO L203 MainTranslator]: Completed pre-run [2022-11-23 14:55:03,778 WARN L237 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/sv-benchmarks/c/product-lines/minepump_spec5_product54.cil.c[3971,3984] [2022-11-23 14:55:03,829 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-23 14:55:03,848 INFO L208 MainTranslator]: Completed translation [2022-11-23 14:55:03,848 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03 WrapperNode [2022-11-23 14:55:03,849 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-23 14:55:03,850 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-23 14:55:03,850 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-23 14:55:03,850 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-23 14:55:03,858 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,872 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,899 INFO L138 Inliner]: procedures = 59, calls = 106, calls flagged for inlining = 26, calls inlined = 23, statements flattened = 233 [2022-11-23 14:55:03,899 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-23 14:55:03,900 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-23 14:55:03,900 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-23 14:55:03,900 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-23 14:55:03,910 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,910 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,915 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,916 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,921 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,926 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,928 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,930 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,933 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-23 14:55:03,934 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-23 14:55:03,934 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-23 14:55:03,934 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-23 14:55:03,935 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (1/1) ... [2022-11-23 14:55:03,941 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-23 14:55:03,954 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 [2022-11-23 14:55:03,972 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-23 14:55:03,984 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-23 14:55:04,023 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-23 14:55:04,023 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-11-23 14:55:04,023 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-11-23 14:55:04,024 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-11-23 14:55:04,024 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-11-23 14:55:04,024 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-11-23 14:55:04,024 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-11-23 14:55:04,024 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-11-23 14:55:04,024 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-11-23 14:55:04,025 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-11-23 14:55:04,025 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-11-23 14:55:04,025 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-23 14:55:04,025 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-11-23 14:55:04,025 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2022-11-23 14:55:04,025 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2022-11-23 14:55:04,026 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-11-23 14:55:04,026 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-11-23 14:55:04,026 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-11-23 14:55:04,026 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-11-23 14:55:04,026 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-11-23 14:55:04,026 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-23 14:55:04,032 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-23 14:55:04,130 INFO L235 CfgBuilder]: Building ICFG [2022-11-23 14:55:04,133 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-23 14:55:04,582 INFO L276 CfgBuilder]: Performing block encoding [2022-11-23 14:55:04,745 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-23 14:55:04,745 INFO L300 CfgBuilder]: Removed 2 assume(true) statements. [2022-11-23 14:55:04,748 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 02:55:04 BoogieIcfgContainer [2022-11-23 14:55:04,748 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-23 14:55:04,758 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-23 14:55:04,759 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-23 14:55:04,762 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-23 14:55:04,764 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 02:55:03" (1/3) ... [2022-11-23 14:55:04,766 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@532b2df and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 02:55:04, skipping insertion in model container [2022-11-23 14:55:04,767 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 02:55:03" (2/3) ... [2022-11-23 14:55:04,768 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@532b2df and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 02:55:04, skipping insertion in model container [2022-11-23 14:55:04,768 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 02:55:04" (3/3) ... [2022-11-23 14:55:04,773 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product54.cil.c [2022-11-23 14:55:04,793 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-23 14:55:04,793 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-11-23 14:55:04,866 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-23 14:55:04,873 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@6b06a6be, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-23 14:55:04,874 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-11-23 14:55:04,879 INFO L276 IsEmpty]: Start isEmpty. Operand has 69 states, 42 states have (on average 1.4285714285714286) internal successors, (60), 52 states have internal predecessors, (60), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2022-11-23 14:55:04,892 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-23 14:55:04,893 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:04,893 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:04,894 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:04,899 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:04,899 INFO L85 PathProgramCache]: Analyzing trace with hash -1377510126, now seen corresponding path program 1 times [2022-11-23 14:55:04,909 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:04,909 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [644760761] [2022-11-23 14:55:04,909 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:04,933 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:05,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:05,099 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-23 14:55:05,099 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:05,100 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [644760761] [2022-11-23 14:55:05,100 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [644760761] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:05,100 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:05,101 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-11-23 14:55:05,102 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2086789388] [2022-11-23 14:55:05,103 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:05,107 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-11-23 14:55:05,108 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:05,142 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-11-23 14:55:05,143 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-23 14:55:05,145 INFO L87 Difference]: Start difference. First operand has 69 states, 42 states have (on average 1.4285714285714286) internal successors, (60), 52 states have internal predecessors, (60), 16 states have call successors, (16), 9 states have call predecessors, (16), 9 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) Second operand has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-23 14:55:05,231 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:05,231 INFO L93 Difference]: Finished difference Result 136 states and 185 transitions. [2022-11-23 14:55:05,233 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-11-23 14:55:05,234 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 21 [2022-11-23 14:55:05,234 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:05,247 INFO L225 Difference]: With dead ends: 136 [2022-11-23 14:55:05,248 INFO L226 Difference]: Without dead ends: 64 [2022-11-23 14:55:05,255 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-11-23 14:55:05,259 INFO L413 NwaCegarLoop]: 71 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 18 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 71 SdHoareTripleChecker+Invalid, 19 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 18 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:05,260 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 71 Invalid, 19 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 18 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-23 14:55:05,278 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2022-11-23 14:55:05,301 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 64. [2022-11-23 14:55:05,303 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 64 states, 39 states have (on average 1.3333333333333333) internal successors, (52), 48 states have internal predecessors, (52), 16 states have call successors, (16), 9 states have call predecessors, (16), 8 states have return successors, (15), 10 states have call predecessors, (15), 15 states have call successors, (15) [2022-11-23 14:55:05,305 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 83 transitions. [2022-11-23 14:55:05,311 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 83 transitions. Word has length 21 [2022-11-23 14:55:05,311 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:05,311 INFO L495 AbstractCegarLoop]: Abstraction has 64 states and 83 transitions. [2022-11-23 14:55:05,311 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.0) internal successors, (14), 2 states have internal predecessors, (14), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-23 14:55:05,312 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 83 transitions. [2022-11-23 14:55:05,314 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-11-23 14:55:05,314 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:05,315 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:05,315 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-11-23 14:55:05,315 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:05,316 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:05,316 INFO L85 PathProgramCache]: Analyzing trace with hash -1985979574, now seen corresponding path program 1 times [2022-11-23 14:55:05,316 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:05,317 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [875104499] [2022-11-23 14:55:05,317 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:05,317 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:05,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:05,595 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-11-23 14:55:05,596 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:05,596 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [875104499] [2022-11-23 14:55:05,596 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [875104499] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:05,596 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:05,597 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-23 14:55:05,597 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1973282273] [2022-11-23 14:55:05,597 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:05,599 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-23 14:55:05,599 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:05,600 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-23 14:55:05,600 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-11-23 14:55:05,600 INFO L87 Difference]: Start difference. First operand 64 states and 83 transitions. Second operand has 6 states, 5 states have (on average 3.8) internal successors, (19), 5 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-23 14:55:05,824 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:05,824 INFO L93 Difference]: Finished difference Result 176 states and 252 transitions. [2022-11-23 14:55:05,825 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-11-23 14:55:05,825 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 3.8) internal successors, (19), 5 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 24 [2022-11-23 14:55:05,825 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:05,827 INFO L225 Difference]: With dead ends: 176 [2022-11-23 14:55:05,828 INFO L226 Difference]: Without dead ends: 114 [2022-11-23 14:55:05,829 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-11-23 14:55:05,831 INFO L413 NwaCegarLoop]: 92 mSDtfsCounter, 52 mSDsluCounter, 297 mSDsCounter, 0 mSdLazyCounter, 140 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 53 SdHoareTripleChecker+Valid, 389 SdHoareTripleChecker+Invalid, 148 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 140 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:05,831 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [53 Valid, 389 Invalid, 148 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 140 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-11-23 14:55:05,832 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 114 states. [2022-11-23 14:55:05,851 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 114 to 110. [2022-11-23 14:55:05,852 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 110 states, 70 states have (on average 1.2571428571428571) internal successors, (88), 78 states have internal predecessors, (88), 24 states have call successors, (24), 17 states have call predecessors, (24), 15 states have return successors, (32), 20 states have call predecessors, (32), 22 states have call successors, (32) [2022-11-23 14:55:05,854 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 110 states to 110 states and 144 transitions. [2022-11-23 14:55:05,855 INFO L78 Accepts]: Start accepts. Automaton has 110 states and 144 transitions. Word has length 24 [2022-11-23 14:55:05,855 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:05,856 INFO L495 AbstractCegarLoop]: Abstraction has 110 states and 144 transitions. [2022-11-23 14:55:05,856 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 3.8) internal successors, (19), 5 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-11-23 14:55:05,856 INFO L276 IsEmpty]: Start isEmpty. Operand 110 states and 144 transitions. [2022-11-23 14:55:05,858 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-11-23 14:55:05,858 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:05,858 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:05,859 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-11-23 14:55:05,859 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:05,859 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:05,860 INFO L85 PathProgramCache]: Analyzing trace with hash 998528266, now seen corresponding path program 1 times [2022-11-23 14:55:05,860 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:05,860 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1441347613] [2022-11-23 14:55:05,860 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:05,861 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:05,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:05,977 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-23 14:55:05,978 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:05,978 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1441347613] [2022-11-23 14:55:05,978 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1441347613] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:05,980 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:05,980 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-23 14:55:05,981 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1043764123] [2022-11-23 14:55:05,981 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:05,983 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-11-23 14:55:05,984 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:05,985 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-11-23 14:55:05,985 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-23 14:55:05,985 INFO L87 Difference]: Start difference. First operand 110 states and 144 transitions. Second operand has 3 states, 3 states have (on average 8.0) internal successors, (24), 3 states have internal predecessors, (24), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-23 14:55:06,043 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:06,043 INFO L93 Difference]: Finished difference Result 176 states and 226 transitions. [2022-11-23 14:55:06,043 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-11-23 14:55:06,044 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.0) internal successors, (24), 3 states have internal predecessors, (24), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 35 [2022-11-23 14:55:06,044 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:06,045 INFO L225 Difference]: With dead ends: 176 [2022-11-23 14:55:06,045 INFO L226 Difference]: Without dead ends: 94 [2022-11-23 14:55:06,047 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-11-23 14:55:06,048 INFO L413 NwaCegarLoop]: 57 mSDtfsCounter, 7 mSDsluCounter, 48 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 105 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:06,049 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [10 Valid, 105 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-23 14:55:06,049 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 94 states. [2022-11-23 14:55:06,061 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 94 to 94. [2022-11-23 14:55:06,061 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 94 states, 60 states have (on average 1.2666666666666666) internal successors, (76), 68 states have internal predecessors, (76), 18 states have call successors, (18), 15 states have call predecessors, (18), 15 states have return successors, (24), 16 states have call predecessors, (24), 18 states have call successors, (24) [2022-11-23 14:55:06,063 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 94 states to 94 states and 118 transitions. [2022-11-23 14:55:06,063 INFO L78 Accepts]: Start accepts. Automaton has 94 states and 118 transitions. Word has length 35 [2022-11-23 14:55:06,063 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:06,064 INFO L495 AbstractCegarLoop]: Abstraction has 94 states and 118 transitions. [2022-11-23 14:55:06,064 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.0) internal successors, (24), 3 states have internal predecessors, (24), 2 states have call successors, (6), 2 states have call predecessors, (6), 1 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-23 14:55:06,064 INFO L276 IsEmpty]: Start isEmpty. Operand 94 states and 118 transitions. [2022-11-23 14:55:06,065 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-11-23 14:55:06,065 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:06,065 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:06,066 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-11-23 14:55:06,066 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:06,066 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:06,066 INFO L85 PathProgramCache]: Analyzing trace with hash 1279318241, now seen corresponding path program 1 times [2022-11-23 14:55:06,067 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:06,067 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [518324478] [2022-11-23 14:55:06,067 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:06,067 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:06,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:06,470 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-23 14:55:06,470 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:06,470 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [518324478] [2022-11-23 14:55:06,471 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [518324478] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:06,471 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:06,471 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-11-23 14:55:06,471 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [746268504] [2022-11-23 14:55:06,471 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:06,472 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-11-23 14:55:06,472 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:06,472 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-11-23 14:55:06,473 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-11-23 14:55:06,473 INFO L87 Difference]: Start difference. First operand 94 states and 118 transitions. Second operand has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-23 14:55:06,693 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:06,694 INFO L93 Difference]: Finished difference Result 273 states and 341 transitions. [2022-11-23 14:55:06,695 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-23 14:55:06,695 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) Word has length 37 [2022-11-23 14:55:06,695 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:06,705 INFO L225 Difference]: With dead ends: 273 [2022-11-23 14:55:06,705 INFO L226 Difference]: Without dead ends: 181 [2022-11-23 14:55:06,709 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=16, Invalid=26, Unknown=0, NotChecked=0, Total=42 [2022-11-23 14:55:06,713 INFO L413 NwaCegarLoop]: 91 mSDtfsCounter, 127 mSDsluCounter, 104 mSDsCounter, 0 mSdLazyCounter, 100 mSolverCounterSat, 41 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 128 SdHoareTripleChecker+Valid, 195 SdHoareTripleChecker+Invalid, 141 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 41 IncrementalHoareTripleChecker+Valid, 100 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:06,717 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [128 Valid, 195 Invalid, 141 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [41 Valid, 100 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-23 14:55:06,719 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 181 states. [2022-11-23 14:55:06,744 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 181 to 177. [2022-11-23 14:55:06,744 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 177 states, 112 states have (on average 1.2321428571428572) internal successors, (138), 125 states have internal predecessors, (138), 34 states have call successors, (34), 29 states have call predecessors, (34), 30 states have return successors, (46), 31 states have call predecessors, (46), 34 states have call successors, (46) [2022-11-23 14:55:06,747 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 177 states to 177 states and 218 transitions. [2022-11-23 14:55:06,747 INFO L78 Accepts]: Start accepts. Automaton has 177 states and 218 transitions. Word has length 37 [2022-11-23 14:55:06,747 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:06,747 INFO L495 AbstractCegarLoop]: Abstraction has 177 states and 218 transitions. [2022-11-23 14:55:06,748 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-23 14:55:06,748 INFO L276 IsEmpty]: Start isEmpty. Operand 177 states and 218 transitions. [2022-11-23 14:55:06,750 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-11-23 14:55:06,750 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:06,750 INFO L195 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:06,750 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-11-23 14:55:06,751 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:06,751 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:06,751 INFO L85 PathProgramCache]: Analyzing trace with hash -637786689, now seen corresponding path program 1 times [2022-11-23 14:55:06,752 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:06,752 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [578604999] [2022-11-23 14:55:06,752 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:06,752 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:06,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:07,123 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-11-23 14:55:07,123 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:07,124 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [578604999] [2022-11-23 14:55:07,125 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [578604999] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:07,125 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:07,127 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-11-23 14:55:07,129 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [516531721] [2022-11-23 14:55:07,130 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:07,130 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-23 14:55:07,131 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:07,132 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-23 14:55:07,133 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=39, Unknown=0, NotChecked=0, Total=56 [2022-11-23 14:55:07,133 INFO L87 Difference]: Start difference. First operand 177 states and 218 transitions. Second operand has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-23 14:55:07,713 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:07,719 INFO L93 Difference]: Finished difference Result 413 states and 522 transitions. [2022-11-23 14:55:07,719 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-11-23 14:55:07,719 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Word has length 40 [2022-11-23 14:55:07,720 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:07,726 INFO L225 Difference]: With dead ends: 413 [2022-11-23 14:55:07,726 INFO L226 Difference]: Without dead ends: 291 [2022-11-23 14:55:07,728 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=67, Invalid=143, Unknown=0, NotChecked=0, Total=210 [2022-11-23 14:55:07,730 INFO L413 NwaCegarLoop]: 70 mSDtfsCounter, 206 mSDsluCounter, 179 mSDsCounter, 0 mSdLazyCounter, 384 mSolverCounterSat, 81 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 214 SdHoareTripleChecker+Valid, 249 SdHoareTripleChecker+Invalid, 465 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 81 IncrementalHoareTripleChecker+Valid, 384 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:07,734 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [214 Valid, 249 Invalid, 465 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [81 Valid, 384 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-23 14:55:07,736 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 291 states. [2022-11-23 14:55:07,801 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 291 to 261. [2022-11-23 14:55:07,804 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 261 states, 170 states have (on average 1.2411764705882353) internal successors, (211), 188 states have internal predecessors, (211), 47 states have call successors, (47), 36 states have call predecessors, (47), 43 states have return successors, (66), 48 states have call predecessors, (66), 47 states have call successors, (66) [2022-11-23 14:55:07,809 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 261 states to 261 states and 324 transitions. [2022-11-23 14:55:07,810 INFO L78 Accepts]: Start accepts. Automaton has 261 states and 324 transitions. Word has length 40 [2022-11-23 14:55:07,810 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:07,810 INFO L495 AbstractCegarLoop]: Abstraction has 261 states and 324 transitions. [2022-11-23 14:55:07,811 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 4.0) internal successors, (28), 7 states have internal predecessors, (28), 5 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-11-23 14:55:07,811 INFO L276 IsEmpty]: Start isEmpty. Operand 261 states and 324 transitions. [2022-11-23 14:55:07,818 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2022-11-23 14:55:07,818 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:07,819 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:07,819 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-11-23 14:55:07,819 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:07,820 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:07,821 INFO L85 PathProgramCache]: Analyzing trace with hash 1585403647, now seen corresponding path program 1 times [2022-11-23 14:55:07,822 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:07,822 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1258013429] [2022-11-23 14:55:07,822 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:07,822 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:07,862 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:08,047 INFO L134 CoverageAnalysis]: Checked inductivity of 19 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-11-23 14:55:08,048 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:08,048 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1258013429] [2022-11-23 14:55:08,048 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1258013429] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:08,048 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:08,048 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-23 14:55:08,049 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [589717603] [2022-11-23 14:55:08,049 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:08,049 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-23 14:55:08,049 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:08,050 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-23 14:55:08,050 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-23 14:55:08,050 INFO L87 Difference]: Start difference. First operand 261 states and 324 transitions. Second operand has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-11-23 14:55:08,151 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:08,151 INFO L93 Difference]: Finished difference Result 520 states and 652 transitions. [2022-11-23 14:55:08,151 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-23 14:55:08,152 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 57 [2022-11-23 14:55:08,154 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:08,157 INFO L225 Difference]: With dead ends: 520 [2022-11-23 14:55:08,157 INFO L226 Difference]: Without dead ends: 261 [2022-11-23 14:55:08,158 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-11-23 14:55:08,161 INFO L413 NwaCegarLoop]: 54 mSDtfsCounter, 54 mSDsluCounter, 53 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 55 SdHoareTripleChecker+Valid, 107 SdHoareTripleChecker+Invalid, 36 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:08,164 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [55 Valid, 107 Invalid, 36 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-23 14:55:08,165 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 261 states. [2022-11-23 14:55:08,216 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 261 to 261. [2022-11-23 14:55:08,217 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 261 states, 170 states have (on average 1.2117647058823529) internal successors, (206), 188 states have internal predecessors, (206), 47 states have call successors, (47), 36 states have call predecessors, (47), 43 states have return successors, (66), 48 states have call predecessors, (66), 47 states have call successors, (66) [2022-11-23 14:55:08,221 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 261 states to 261 states and 319 transitions. [2022-11-23 14:55:08,222 INFO L78 Accepts]: Start accepts. Automaton has 261 states and 319 transitions. Word has length 57 [2022-11-23 14:55:08,223 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:08,223 INFO L495 AbstractCegarLoop]: Abstraction has 261 states and 319 transitions. [2022-11-23 14:55:08,223 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-11-23 14:55:08,223 INFO L276 IsEmpty]: Start isEmpty. Operand 261 states and 319 transitions. [2022-11-23 14:55:08,227 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-23 14:55:08,227 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:08,227 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:08,229 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-11-23 14:55:08,229 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:08,230 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:08,230 INFO L85 PathProgramCache]: Analyzing trace with hash -1087355715, now seen corresponding path program 1 times [2022-11-23 14:55:08,230 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:08,231 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1976958160] [2022-11-23 14:55:08,231 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:08,231 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:08,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:08,358 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 8 proven. 0 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-11-23 14:55:08,359 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:08,359 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1976958160] [2022-11-23 14:55:08,359 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1976958160] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:08,360 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:08,360 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-23 14:55:08,360 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [892927337] [2022-11-23 14:55:08,360 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:08,362 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-23 14:55:08,362 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:08,363 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-23 14:55:08,363 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-23 14:55:08,364 INFO L87 Difference]: Start difference. First operand 261 states and 319 transitions. Second operand has 5 states, 5 states have (on average 7.6) internal successors, (38), 5 states have internal predecessors, (38), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-23 14:55:08,590 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:08,590 INFO L93 Difference]: Finished difference Result 407 states and 499 transitions. [2022-11-23 14:55:08,590 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-23 14:55:08,591 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.6) internal successors, (38), 5 states have internal predecessors, (38), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) Word has length 71 [2022-11-23 14:55:08,591 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:08,592 INFO L225 Difference]: With dead ends: 407 [2022-11-23 14:55:08,592 INFO L226 Difference]: Without dead ends: 267 [2022-11-23 14:55:08,593 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2022-11-23 14:55:08,596 INFO L413 NwaCegarLoop]: 81 mSDtfsCounter, 121 mSDsluCounter, 93 mSDsCounter, 0 mSdLazyCounter, 154 mSolverCounterSat, 54 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 124 SdHoareTripleChecker+Valid, 174 SdHoareTripleChecker+Invalid, 208 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 54 IncrementalHoareTripleChecker+Valid, 154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:08,596 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [124 Valid, 174 Invalid, 208 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [54 Valid, 154 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-23 14:55:08,598 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 267 states. [2022-11-23 14:55:08,637 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 267 to 265. [2022-11-23 14:55:08,638 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 265 states, 172 states have (on average 1.1744186046511629) internal successors, (202), 189 states have internal predecessors, (202), 46 states have call successors, (46), 38 states have call predecessors, (46), 46 states have return successors, (57), 49 states have call predecessors, (57), 46 states have call successors, (57) [2022-11-23 14:55:08,641 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 265 states to 265 states and 305 transitions. [2022-11-23 14:55:08,641 INFO L78 Accepts]: Start accepts. Automaton has 265 states and 305 transitions. Word has length 71 [2022-11-23 14:55:08,643 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:08,643 INFO L495 AbstractCegarLoop]: Abstraction has 265 states and 305 transitions. [2022-11-23 14:55:08,643 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.6) internal successors, (38), 5 states have internal predecessors, (38), 4 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (8), 3 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-23 14:55:08,643 INFO L276 IsEmpty]: Start isEmpty. Operand 265 states and 305 transitions. [2022-11-23 14:55:08,645 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 75 [2022-11-23 14:55:08,645 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:08,646 INFO L195 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:08,646 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-11-23 14:55:08,646 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:08,647 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:08,647 INFO L85 PathProgramCache]: Analyzing trace with hash -1304573635, now seen corresponding path program 1 times [2022-11-23 14:55:08,647 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:08,647 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [829030412] [2022-11-23 14:55:08,647 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:08,647 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:08,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:08,809 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 7 proven. 1 refuted. 0 times theorem prover too weak. 21 trivial. 0 not checked. [2022-11-23 14:55:08,809 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:08,809 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [829030412] [2022-11-23 14:55:08,809 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [829030412] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-23 14:55:08,809 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [542815277] [2022-11-23 14:55:08,810 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:08,810 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-23 14:55:08,810 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 [2022-11-23 14:55:08,815 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-23 14:55:08,821 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-11-23 14:55:08,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:08,941 INFO L263 TraceCheckSpWp]: Trace formula consists of 342 conjuncts, 8 conjunts are in the unsatisfiable core [2022-11-23 14:55:08,951 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-23 14:55:09,237 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 20 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-23 14:55:09,237 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-23 14:55:09,516 INFO L134 CoverageAnalysis]: Checked inductivity of 29 backedges. 13 proven. 8 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2022-11-23 14:55:09,517 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [542815277] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-23 14:55:09,517 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [908634774] [2022-11-23 14:55:09,604 INFO L159 IcfgInterpreter]: Started Sifa with 48 locations of interest [2022-11-23 14:55:09,604 INFO L166 IcfgInterpreter]: Building call graph [2022-11-23 14:55:09,611 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-23 14:55:09,617 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-23 14:55:09,617 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-23 14:55:13,834 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 126 for LOIs [2022-11-23 14:55:13,857 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 29 for LOIs [2022-11-23 14:55:14,247 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__lowWaterSensor with input of size 64 for LOIs [2022-11-23 14:55:14,812 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 57 for LOIs [2022-11-23 14:55:14,900 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 53 for LOIs [2022-11-23 14:55:14,912 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__base with input of size 39 for LOIs [2022-11-23 14:55:14,916 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-23 14:55:23,643 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '5814#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~1#1| ~waterLevel~0) (<= 0 (+ 2147483648 |old(~pumpRunning~0)|)) (= ~head~0.offset 0) (<= 1 ~systemActive~0) (<= |old(~pumpRunning~0)| 2147483647) (<= |#NULL.offset| 0) (= |timeShift_getWaterLevel_~retValue_acc~1#1| |timeShift_getWaterLevel_#res#1|) (<= ~methaneLevelCritical~0 0) (<= 0 ~head~0.base) (<= 0 ~methaneLevelCritical~0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 2147483648)) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 2147483647) (<= ~head~0.base 0) (<= 0 |#NULL.offset|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= |timeShift_getWaterLevel_~retValue_acc~1#1| 2147483647) (<= ~systemActive~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-23 14:55:23,643 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-23 14:55:23,643 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-23 14:55:23,643 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6, 6] total 11 [2022-11-23 14:55:23,644 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1705976957] [2022-11-23 14:55:23,644 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-23 14:55:23,644 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-11-23 14:55:23,645 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:23,645 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-11-23 14:55:23,646 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=217, Invalid=1763, Unknown=0, NotChecked=0, Total=1980 [2022-11-23 14:55:23,646 INFO L87 Difference]: Start difference. First operand 265 states and 305 transitions. Second operand has 11 states, 8 states have (on average 9.625) internal successors, (77), 9 states have internal predecessors, (77), 4 states have call successors, (18), 3 states have call predecessors, (18), 6 states have return successors, (21), 6 states have call predecessors, (21), 4 states have call successors, (21) [2022-11-23 14:55:24,580 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:24,581 INFO L93 Difference]: Finished difference Result 340 states and 396 transitions. [2022-11-23 14:55:24,581 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 22 states. [2022-11-23 14:55:24,581 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 8 states have (on average 9.625) internal successors, (77), 9 states have internal predecessors, (77), 4 states have call successors, (18), 3 states have call predecessors, (18), 6 states have return successors, (21), 6 states have call predecessors, (21), 4 states have call successors, (21) Word has length 74 [2022-11-23 14:55:24,582 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:24,584 INFO L225 Difference]: With dead ends: 340 [2022-11-23 14:55:24,584 INFO L226 Difference]: Without dead ends: 338 [2022-11-23 14:55:24,585 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 243 GetRequests, 171 SyntacticMatches, 15 SemanticMatches, 57 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1256 ImplicationChecksByTransitivity, 9.2s TimeCoverageRelationStatistics Valid=321, Invalid=3101, Unknown=0, NotChecked=0, Total=3422 [2022-11-23 14:55:24,586 INFO L413 NwaCegarLoop]: 147 mSDtfsCounter, 156 mSDsluCounter, 678 mSDsCounter, 0 mSdLazyCounter, 796 mSolverCounterSat, 76 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 162 SdHoareTripleChecker+Valid, 825 SdHoareTripleChecker+Invalid, 872 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 76 IncrementalHoareTripleChecker+Valid, 796 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:24,586 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [162 Valid, 825 Invalid, 872 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [76 Valid, 796 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-11-23 14:55:24,587 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 338 states. [2022-11-23 14:55:24,617 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 338 to 301. [2022-11-23 14:55:24,618 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 301 states, 193 states have (on average 1.16580310880829) internal successors, (225), 215 states have internal predecessors, (225), 54 states have call successors, (54), 46 states have call predecessors, (54), 53 states have return successors, (69), 55 states have call predecessors, (69), 54 states have call successors, (69) [2022-11-23 14:55:24,619 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 301 states to 301 states and 348 transitions. [2022-11-23 14:55:24,620 INFO L78 Accepts]: Start accepts. Automaton has 301 states and 348 transitions. Word has length 74 [2022-11-23 14:55:24,620 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:24,620 INFO L495 AbstractCegarLoop]: Abstraction has 301 states and 348 transitions. [2022-11-23 14:55:24,621 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 8 states have (on average 9.625) internal successors, (77), 9 states have internal predecessors, (77), 4 states have call successors, (18), 3 states have call predecessors, (18), 6 states have return successors, (21), 6 states have call predecessors, (21), 4 states have call successors, (21) [2022-11-23 14:55:24,621 INFO L276 IsEmpty]: Start isEmpty. Operand 301 states and 348 transitions. [2022-11-23 14:55:24,622 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 94 [2022-11-23 14:55:24,623 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:24,623 INFO L195 NwaCegarLoop]: trace histogram [4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:24,642 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-11-23 14:55:24,829 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-23 14:55:24,829 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:24,830 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:24,830 INFO L85 PathProgramCache]: Analyzing trace with hash 167762817, now seen corresponding path program 1 times [2022-11-23 14:55:24,830 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:24,830 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [106332806] [2022-11-23 14:55:24,830 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:24,830 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:24,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:24,992 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 36 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-11-23 14:55:24,992 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:24,992 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [106332806] [2022-11-23 14:55:24,993 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [106332806] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-23 14:55:24,993 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-23 14:55:24,993 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-23 14:55:24,993 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1626418945] [2022-11-23 14:55:24,993 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-23 14:55:24,994 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-23 14:55:24,994 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:24,994 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-23 14:55:24,994 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-23 14:55:24,995 INFO L87 Difference]: Start difference. First operand 301 states and 348 transitions. Second operand has 5 states, 5 states have (on average 10.0) internal successors, (50), 5 states have internal predecessors, (50), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-23 14:55:25,200 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:25,200 INFO L93 Difference]: Finished difference Result 740 states and 866 transitions. [2022-11-23 14:55:25,201 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-23 14:55:25,201 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.0) internal successors, (50), 5 states have internal predecessors, (50), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) Word has length 93 [2022-11-23 14:55:25,201 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:25,204 INFO L225 Difference]: With dead ends: 740 [2022-11-23 14:55:25,204 INFO L226 Difference]: Without dead ends: 551 [2022-11-23 14:55:25,205 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-11-23 14:55:25,208 INFO L413 NwaCegarLoop]: 107 mSDtfsCounter, 125 mSDsluCounter, 114 mSDsCounter, 0 mSdLazyCounter, 189 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 125 SdHoareTripleChecker+Valid, 221 SdHoareTripleChecker+Invalid, 199 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 189 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:25,208 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [125 Valid, 221 Invalid, 199 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 189 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-23 14:55:25,209 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 551 states. [2022-11-23 14:55:25,263 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 551 to 540. [2022-11-23 14:55:25,264 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 540 states, 349 states have (on average 1.151862464183381) internal successors, (402), 384 states have internal predecessors, (402), 94 states have call successors, (94), 84 states have call predecessors, (94), 96 states have return successors, (118), 99 states have call predecessors, (118), 94 states have call successors, (118) [2022-11-23 14:55:25,270 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 540 states to 540 states and 614 transitions. [2022-11-23 14:55:25,272 INFO L78 Accepts]: Start accepts. Automaton has 540 states and 614 transitions. Word has length 93 [2022-11-23 14:55:25,272 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:25,272 INFO L495 AbstractCegarLoop]: Abstraction has 540 states and 614 transitions. [2022-11-23 14:55:25,272 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 10.0) internal successors, (50), 5 states have internal predecessors, (50), 4 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (10), 4 states have call predecessors, (10), 4 states have call successors, (10) [2022-11-23 14:55:25,273 INFO L276 IsEmpty]: Start isEmpty. Operand 540 states and 614 transitions. [2022-11-23 14:55:25,277 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-11-23 14:55:25,278 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:25,278 INFO L195 NwaCegarLoop]: trace histogram [4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:25,278 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-11-23 14:55:25,278 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:25,279 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:25,279 INFO L85 PathProgramCache]: Analyzing trace with hash 1773303535, now seen corresponding path program 1 times [2022-11-23 14:55:25,279 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:25,279 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [939504522] [2022-11-23 14:55:25,280 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:25,280 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:25,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:25,926 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 43 proven. 10 refuted. 0 times theorem prover too weak. 17 trivial. 0 not checked. [2022-11-23 14:55:25,926 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:25,926 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [939504522] [2022-11-23 14:55:25,927 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [939504522] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-23 14:55:25,927 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1190840565] [2022-11-23 14:55:25,927 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:25,927 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-23 14:55:25,927 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 [2022-11-23 14:55:25,928 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-23 14:55:25,951 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-11-23 14:55:26,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:26,043 INFO L263 TraceCheckSpWp]: Trace formula consists of 413 conjuncts, 18 conjunts are in the unsatisfiable core [2022-11-23 14:55:26,046 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-23 14:55:26,315 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 63 proven. 3 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-23 14:55:26,316 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-23 14:55:26,679 INFO L134 CoverageAnalysis]: Checked inductivity of 70 backedges. 45 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-11-23 14:55:26,680 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1190840565] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-23 14:55:26,681 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [911408935] [2022-11-23 14:55:26,683 INFO L159 IcfgInterpreter]: Started Sifa with 48 locations of interest [2022-11-23 14:55:26,692 INFO L166 IcfgInterpreter]: Building call graph [2022-11-23 14:55:26,693 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-23 14:55:26,693 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-23 14:55:26,693 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-23 14:55:31,174 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 130 for LOIs [2022-11-23 14:55:31,189 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 48 for LOIs [2022-11-23 14:55:31,907 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__lowWaterSensor with input of size 27 for LOIs [2022-11-23 14:55:31,948 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 27 for LOIs [2022-11-23 14:55:31,970 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 23 for LOIs [2022-11-23 14:55:31,972 INFO L197 IcfgInterpreter]: Interpreting procedure changeMethaneLevel with input of size 50 for LOIs [2022-11-23 14:55:31,981 INFO L197 IcfgInterpreter]: Interpreting procedure deactivatePump with input of size 34 for LOIs [2022-11-23 14:55:31,984 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-23 14:55:40,273 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '9479#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 0)) (<= ~methaneLevelCritical~0 1) (<= 0 |old(~pumpRunning~0)|) (<= |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1| 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~1#1| ~waterLevel~0) (= ~head~0.offset 0) (<= |old(~pumpRunning~0)| 2147483647) (= 1 ~systemActive~0) (= |timeShift_getWaterLevel_~retValue_acc~1#1| |timeShift_getWaterLevel_#res#1|) (<= 0 ~methaneLevelCritical~0) (<= 0 ~pumpRunning~0) (= ~head~0.base 0) (= |#NULL.offset| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= |timeShift_getWaterLevel_~retValue_acc~1#1| 2147483647) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-23 14:55:40,273 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-23 14:55:40,273 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-23 14:55:40,274 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9, 9] total 24 [2022-11-23 14:55:40,274 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2069750351] [2022-11-23 14:55:40,274 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-23 14:55:40,275 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 24 states [2022-11-23 14:55:40,275 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:40,275 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 24 interpolants. [2022-11-23 14:55:40,276 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=330, Invalid=3092, Unknown=0, NotChecked=0, Total=3422 [2022-11-23 14:55:40,277 INFO L87 Difference]: Start difference. First operand 540 states and 614 transitions. Second operand has 24 states, 24 states have (on average 4.5) internal successors, (108), 24 states have internal predecessors, (108), 11 states have call successors, (23), 5 states have call predecessors, (23), 9 states have return successors, (26), 12 states have call predecessors, (26), 11 states have call successors, (26) [2022-11-23 14:55:42,886 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:42,886 INFO L93 Difference]: Finished difference Result 1434 states and 1809 transitions. [2022-11-23 14:55:42,886 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 37 states. [2022-11-23 14:55:42,887 INFO L78 Accepts]: Start accepts. Automaton has has 24 states, 24 states have (on average 4.5) internal successors, (108), 24 states have internal predecessors, (108), 11 states have call successors, (23), 5 states have call predecessors, (23), 9 states have return successors, (26), 12 states have call predecessors, (26), 11 states have call successors, (26) Word has length 96 [2022-11-23 14:55:42,887 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:42,892 INFO L225 Difference]: With dead ends: 1434 [2022-11-23 14:55:42,892 INFO L226 Difference]: Without dead ends: 884 [2022-11-23 14:55:42,896 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 346 GetRequests, 251 SyntacticMatches, 5 SemanticMatches, 90 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2890 ImplicationChecksByTransitivity, 10.0s TimeCoverageRelationStatistics Valid=792, Invalid=7580, Unknown=0, NotChecked=0, Total=8372 [2022-11-23 14:55:42,897 INFO L413 NwaCegarLoop]: 80 mSDtfsCounter, 469 mSDsluCounter, 518 mSDsCounter, 0 mSdLazyCounter, 1498 mSolverCounterSat, 322 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 471 SdHoareTripleChecker+Valid, 598 SdHoareTripleChecker+Invalid, 1820 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 322 IncrementalHoareTripleChecker+Valid, 1498 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:42,897 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [471 Valid, 598 Invalid, 1820 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [322 Valid, 1498 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-11-23 14:55:42,898 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 884 states. [2022-11-23 14:55:42,985 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 884 to 542. [2022-11-23 14:55:42,987 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 542 states, 351 states have (on average 1.1452991452991452) internal successors, (402), 390 states have internal predecessors, (402), 91 states have call successors, (91), 81 states have call predecessors, (91), 99 states have return successors, (122), 99 states have call predecessors, (122), 91 states have call successors, (122) [2022-11-23 14:55:42,989 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 542 states to 542 states and 615 transitions. [2022-11-23 14:55:42,990 INFO L78 Accepts]: Start accepts. Automaton has 542 states and 615 transitions. Word has length 96 [2022-11-23 14:55:42,991 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:42,991 INFO L495 AbstractCegarLoop]: Abstraction has 542 states and 615 transitions. [2022-11-23 14:55:42,991 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 24 states, 24 states have (on average 4.5) internal successors, (108), 24 states have internal predecessors, (108), 11 states have call successors, (23), 5 states have call predecessors, (23), 9 states have return successors, (26), 12 states have call predecessors, (26), 11 states have call successors, (26) [2022-11-23 14:55:42,992 INFO L276 IsEmpty]: Start isEmpty. Operand 542 states and 615 transitions. [2022-11-23 14:55:42,994 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2022-11-23 14:55:42,994 INFO L187 NwaCegarLoop]: Found error trace [2022-11-23 14:55:42,995 INFO L195 NwaCegarLoop]: trace histogram [5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:55:43,006 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-11-23 14:55:43,201 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-11-23 14:55:43,202 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-11-23 14:55:43,202 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-23 14:55:43,202 INFO L85 PathProgramCache]: Analyzing trace with hash 333350692, now seen corresponding path program 1 times [2022-11-23 14:55:43,202 INFO L118 FreeRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2022-11-23 14:55:43,202 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1212755789] [2022-11-23 14:55:43,203 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:43,203 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-11-23 14:55:43,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:44,043 INFO L134 CoverageAnalysis]: Checked inductivity of 81 backedges. 34 proven. 22 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2022-11-23 14:55:44,044 INFO L136 FreeRefinementEngine]: Strategy SIFA_TAIPAN found an infeasible trace [2022-11-23 14:55:44,044 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1212755789] [2022-11-23 14:55:44,044 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1212755789] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-23 14:55:44,044 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [49865713] [2022-11-23 14:55:44,044 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-23 14:55:44,045 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-23 14:55:44,045 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 [2022-11-23 14:55:44,046 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-11-23 14:55:44,071 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-11-23 14:55:44,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-23 14:55:44,168 INFO L263 TraceCheckSpWp]: Trace formula consists of 427 conjuncts, 38 conjunts are in the unsatisfiable core [2022-11-23 14:55:44,171 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-23 14:55:44,539 INFO L134 CoverageAnalysis]: Checked inductivity of 81 backedges. 60 proven. 15 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2022-11-23 14:55:44,540 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-23 14:55:45,445 INFO L134 CoverageAnalysis]: Checked inductivity of 81 backedges. 51 proven. 5 refuted. 0 times theorem prover too weak. 25 trivial. 0 not checked. [2022-11-23 14:55:45,446 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleZ3 [49865713] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-23 14:55:45,446 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [717949889] [2022-11-23 14:55:45,448 INFO L159 IcfgInterpreter]: Started Sifa with 48 locations of interest [2022-11-23 14:55:45,449 INFO L166 IcfgInterpreter]: Building call graph [2022-11-23 14:55:45,449 INFO L171 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2022-11-23 14:55:45,449 INFO L176 IcfgInterpreter]: Starting interpretation [2022-11-23 14:55:45,449 INFO L197 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2022-11-23 14:55:48,977 INFO L197 IcfgInterpreter]: Interpreting procedure waterRise with input of size 54 for LOIs [2022-11-23 14:55:48,987 INFO L197 IcfgInterpreter]: Interpreting procedure timeShift with input of size 31 for LOIs [2022-11-23 14:55:49,342 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__lowWaterSensor with input of size 27 for LOIs [2022-11-23 14:55:49,390 INFO L197 IcfgInterpreter]: Interpreting procedure processEnvironment__wrappee__highWaterSensor with input of size 27 for LOIs [2022-11-23 14:55:49,412 INFO L197 IcfgInterpreter]: Interpreting procedure isPumpRunning with input of size 23 for LOIs [2022-11-23 14:55:49,414 INFO L197 IcfgInterpreter]: Interpreting procedure changeMethaneLevel with input of size 50 for LOIs [2022-11-23 14:55:49,422 INFO L197 IcfgInterpreter]: Interpreting procedure deactivatePump with input of size 34 for LOIs [2022-11-23 14:55:49,425 INFO L180 IcfgInterpreter]: Interpretation finished [2022-11-23 14:55:55,699 INFO L133 SifaRunner]: Sifa could not show that error location is unreachable, found '13305#(and (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| |timeShift_getWaterLevel_#res#1|) (<= ~methaneLevelCritical~0 1) (= ~pumpRunning~0 |timeShift___utac_acc__Specification5_spec__3_~tmp___0~0#1|) (= |timeShift_getWaterLevel_~retValue_acc~1#1| ~waterLevel~0) (= ~head~0.offset 0) (= 1 ~systemActive~0) (= |old(~pumpRunning~0)| 0) (= |timeShift_getWaterLevel_~retValue_acc~1#1| |timeShift_getWaterLevel_#res#1|) (<= 0 ~head~0.base) (<= 0 ~methaneLevelCritical~0) (<= ~head~0.base 0) (= |#NULL.offset| 0) (not (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2)) (= ~switchedOnBeforeTS~0 0) (<= 0 |#StackHeapBarrier|) (<= |timeShift_getWaterLevel_~retValue_acc~1#1| 2147483647) (= ~pumpRunning~0 1) (= ~cleanupTimeShifts~0 4) (= |#NULL.base| 0) (<= 0 (+ |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2147483648)))' at error location [2022-11-23 14:55:55,700 WARN L310 FreeRefinementEngine]: Interpolation failed due to KNOWN_IGNORE: ALGORITHM_FAILED [2022-11-23 14:55:55,700 INFO L184 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-11-23 14:55:55,700 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [14, 12, 11] total 29 [2022-11-23 14:55:55,700 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1945187200] [2022-11-23 14:55:55,700 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-11-23 14:55:55,701 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 29 states [2022-11-23 14:55:55,701 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy SIFA_TAIPAN [2022-11-23 14:55:55,701 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 29 interpolants. [2022-11-23 14:55:55,703 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=381, Invalid=3525, Unknown=0, NotChecked=0, Total=3906 [2022-11-23 14:55:55,703 INFO L87 Difference]: Start difference. First operand 542 states and 615 transitions. Second operand has 29 states, 28 states have (on average 5.035714285714286) internal successors, (141), 29 states have internal predecessors, (141), 15 states have call successors, (29), 7 states have call predecessors, (29), 12 states have return successors, (31), 16 states have call predecessors, (31), 14 states have call successors, (31) [2022-11-23 14:55:59,120 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-23 14:55:59,120 INFO L93 Difference]: Finished difference Result 1469 states and 1705 transitions. [2022-11-23 14:55:59,120 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 46 states. [2022-11-23 14:55:59,121 INFO L78 Accepts]: Start accepts. Automaton has has 29 states, 28 states have (on average 5.035714285714286) internal successors, (141), 29 states have internal predecessors, (141), 15 states have call successors, (29), 7 states have call predecessors, (29), 12 states have return successors, (31), 16 states have call predecessors, (31), 14 states have call successors, (31) Word has length 101 [2022-11-23 14:55:59,122 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-23 14:55:59,122 INFO L225 Difference]: With dead ends: 1469 [2022-11-23 14:55:59,122 INFO L226 Difference]: Without dead ends: 0 [2022-11-23 14:55:59,128 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 384 GetRequests, 272 SyntacticMatches, 8 SemanticMatches, 104 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4035 ImplicationChecksByTransitivity, 8.1s TimeCoverageRelationStatistics Valid=1113, Invalid=10017, Unknown=0, NotChecked=0, Total=11130 [2022-11-23 14:55:59,129 INFO L413 NwaCegarLoop]: 106 mSDtfsCounter, 1417 mSDsluCounter, 686 mSDsCounter, 0 mSdLazyCounter, 1989 mSolverCounterSat, 1101 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1417 SdHoareTripleChecker+Valid, 792 SdHoareTripleChecker+Invalid, 3090 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1101 IncrementalHoareTripleChecker+Valid, 1989 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-11-23 14:55:59,129 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1417 Valid, 792 Invalid, 3090 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1101 Valid, 1989 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-11-23 14:55:59,130 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-11-23 14:55:59,130 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-11-23 14:55:59,130 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-11-23 14:55:59,131 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-11-23 14:55:59,131 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 101 [2022-11-23 14:55:59,131 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-23 14:55:59,131 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-11-23 14:55:59,132 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 29 states, 28 states have (on average 5.035714285714286) internal successors, (141), 29 states have internal predecessors, (141), 15 states have call successors, (29), 7 states have call predecessors, (29), 12 states have return successors, (31), 16 states have call predecessors, (31), 14 states have call successors, (31) [2022-11-23 14:55:59,132 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-11-23 14:55:59,132 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-11-23 14:55:59,135 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-11-23 14:55:59,145 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2022-11-23 14:55:59,341 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-11-23 14:55:59,343 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-11-23 14:56:18,732 INFO L895 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 450 457) the Hoare annotation is: (let ((.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= ~waterLevel~0 1)) .cse0 .cse1 .cse2 .cse3) (or (not (<= ~waterLevel~0 0)) .cse0 .cse1 .cse2 .cse3))) [2022-11-23 14:56:18,733 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 450 457) no Hoare annotation was computed. [2022-11-23 14:56:18,733 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 357 363) no Hoare annotation was computed. [2022-11-23 14:56:18,733 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 357 363) the Hoare annotation is: true [2022-11-23 14:56:18,733 INFO L895 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 135 146) the Hoare annotation is: (let ((.cse5 (= ~methaneLevelCritical~0 0)) (.cse2 (= |old(~methaneLevelCritical~0)| 0))) (let ((.cse10 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse0 (not (= ~waterLevel~0 1))) (.cse6 (not .cse2)) (.cse1 (not (= ~pumpRunning~0 0))) (.cse11 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse9 (not (< ~waterLevel~0 3))) (.cse7 (not (<= 2 ~waterLevel~0))) (.cse3 (not .cse5)) (.cse8 (not (<= 1 ~pumpRunning~0))) (.cse12 (not (<= ~waterLevel~0 2))) (.cse4 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 (and (or .cse6 .cse7 .cse8 .cse4 .cse9) (or .cse6 .cse10 .cse4 .cse11 .cse9))) (or .cse1 .cse2 .cse7 .cse3 .cse12 .cse4) (or .cse6 .cse1 .cse5 .cse10 .cse4 .cse9) (or .cse1 .cse2 .cse3 .cse10 .cse4 .cse9) (or .cse0 .cse6 .cse1 .cse5 .cse4) (or .cse1 .cse2 .cse3 (not (<= ~waterLevel~0 1)) .cse4 .cse11) (or .cse6 .cse1 .cse5 .cse7 .cse12 .cse4) (or .cse6 .cse1 .cse5 .cse4 .cse11 .cse9) (or .cse2 .cse7 .cse3 .cse8 .cse12 .cse4)))) [2022-11-23 14:56:18,734 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 135 146) no Hoare annotation was computed. [2022-11-23 14:56:18,734 INFO L899 garLoopResultBuilder]: For program point L85(lines 85 91) no Hoare annotation was computed. [2022-11-23 14:56:18,734 INFO L895 garLoopResultBuilder]: At program point L436(line 436) the Hoare annotation is: (let ((.cse6 (= ~pumpRunning~0 0)) (.cse7 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse3 (not (< |old(~waterLevel~0)| 3))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse5 (and .cse6 (= |old(~waterLevel~0)| ~waterLevel~0) .cse7)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse5 (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse6 (= ~waterLevel~0 1) .cse7)) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 .cse5 .cse1 .cse2 .cse3) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse4 .cse5 .cse1)))) [2022-11-23 14:56:18,735 INFO L895 garLoopResultBuilder]: At program point L436-1(lines 417 441) the Hoare annotation is: (let ((.cse30 (< 0 |old(~waterLevel~0)|)) (.cse4 (= 0 ~systemActive~0)) (.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse15 (not .cse1)) (.cse26 (<= 1 ~pumpRunning~0)) (.cse27 (<= 2 ~waterLevel~0)) (.cse28 (<= ~waterLevel~0 2)) (.cse25 (= |old(~pumpRunning~0)| 0)) (.cse14 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse29 (not .cse4)) (.cse12 (= ~pumpRunning~0 0)) (.cse22 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse30)) (.cse24 (<= 1 ~switchedOnBeforeTS~0)) (.cse23 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse7 (and .cse12 (or (and (not .cse30) .cse22) .cse21) .cse24 .cse23)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse20 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (= ~waterLevel~0 1)) (.cse11 (not (<= 2 |old(~waterLevel~0)|))) (.cse16 (and .cse12 .cse1 .cse25 .cse22 .cse14 .cse29)) (.cse17 (and .cse26 .cse1 .cse27 .cse25 .cse28 .cse22 .cse29)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse6 (not (< |old(~waterLevel~0)| 3))) (.cse3 (and .cse26 .cse27 .cse25 .cse15 .cse28 .cse22 .cse29)) (.cse18 (not (= |old(~waterLevel~0)| 2))) (.cse8 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse19 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not .cse25)) (.cse2 (and .cse12 .cse22 .cse14))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 (and (or .cse8 .cse1 .cse4 .cse5 .cse6) (or .cse1 .cse9 .cse4 .cse10 .cse11))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse4 (and .cse12 .cse13 .cse14)) (or .cse0 .cse15 .cse16 .cse17 .cse18 .cse4) (or .cse8 .cse19 .cse7 (and .cse20 (<= ~waterLevel~0 0) (or .cse21 .cse22) .cse14 .cse23) .cse4 .cse5) (or .cse9 (and .cse12 .cse13 .cse24 .cse23) .cse4 .cse10 (and .cse20 .cse13 .cse14 .cse23) .cse11) (or .cse0 .cse15 .cse16 .cse17 .cse4 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse18 .cse4) (or .cse8 .cse19 .cse0 .cse2 .cse4))))) [2022-11-23 14:56:18,735 INFO L899 garLoopResultBuilder]: For program point L337-2(lines 333 355) no Hoare annotation was computed. [2022-11-23 14:56:18,736 INFO L895 garLoopResultBuilder]: At program point L82(line 82) the Hoare annotation is: (let ((.cse3 (= 0 ~systemActive~0)) (.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse24 (<= ~waterLevel~0 1)) (.cse26 (= |old(~pumpRunning~0)| 0)) (.cse19 (not .cse1)) (.cse10 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse25 (not .cse3)) (.cse20 (= ~pumpRunning~0 0)) (.cse7 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse22 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse9 (< 0 |old(~waterLevel~0)|)) (.cse23 (<= 1 ~switchedOnBeforeTS~0)) (.cse11 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse14 (and .cse20 .cse7 (or (and (not .cse9) .cse22) (and .cse8 .cse9)) .cse23 .cse11)) (.cse2 (and .cse20 .cse7 .cse24 .cse26 .cse19 .cse22 .cse10 .cse25)) (.cse13 (not (= |old(~waterLevel~0)| 1))) (.cse4 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse12 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse0 (not .cse26)) (.cse18 (and .cse20 .cse7 .cse1 .cse24 .cse22 .cse10 .cse25)) (.cse5 (not (< |old(~waterLevel~0)| 3))) (.cse6 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse15 (not (<= 1 |old(~pumpRunning~0)|))) (.cse16 (not (<= |old(~waterLevel~0)| 2))) (.cse21 (= ~waterLevel~0 1)) (.cse17 (not (<= 2 |old(~waterLevel~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) (or (and .cse6 .cse7 .cse8 .cse9 .cse10 .cse11) .cse12 .cse13 .cse14 .cse3 .cse4) (or (and (or .cse12 .cse1 .cse3 .cse4 .cse5) (or .cse1 .cse15 .cse3 .cse16 .cse17)) .cse14) (or .cse0 (not (= |old(~waterLevel~0)| 2)) .cse3) (or .cse12 .cse0 .cse1 .cse2 .cse3 .cse5) (or .cse0 .cse18 .cse19 .cse3 .cse4 .cse5) (or .cse0 .cse13 .cse3 (and .cse20 .cse7 .cse21 .cse10)) (or .cse12 (and .cse20 .cse7 .cse22 .cse23 .cse11) (and .cse6 .cse7 .cse22 .cse10 .cse11) .cse3 (not (<= |old(~waterLevel~0)| 0)) .cse4) (or .cse12 .cse0 .cse18 .cse19 .cse3 .cse5) (or (and .cse6 .cse7 .cse21 .cse10 .cse11) .cse15 .cse3 .cse16 (and .cse20 .cse7 .cse21 .cse23 .cse11) .cse17))))) [2022-11-23 14:56:18,736 INFO L899 garLoopResultBuilder]: For program point L82-1(line 82) no Hoare annotation was computed. [2022-11-23 14:56:18,736 INFO L899 garLoopResultBuilder]: For program point L425(lines 425 433) no Hoare annotation was computed. [2022-11-23 14:56:18,737 INFO L895 garLoopResultBuilder]: At program point L421(lines 421 438) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse13 (= ~pumpRunning~0 0)) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse8 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse9 (< 0 |old(~waterLevel~0)|))) (let ((.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (not (= |old(~waterLevel~0)| 1))) (.cse6 (= ~waterLevel~0 1)) (.cse11 (or .cse13 (and (not .cse9) .cse2) (and .cse8 .cse9))) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse10 (not (= |old(~pumpRunning~0)| 0))) (.cse12 (and .cse13 .cse2 .cse3)) (.cse4 (= 0 ~systemActive~0))) (and (or .cse0 (and .cse1 .cse2 .cse3) .cse4 (not (<= |old(~waterLevel~0)| 0)) .cse5) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse4 (not (<= |old(~waterLevel~0)| 2)) (and .cse1 .cse6 .cse3) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse7 (and .cse1 .cse8 .cse9 .cse3) .cse4 .cse5) (or .cse10 (and .cse2 .cse3 .cse11) (not (= |old(~waterLevel~0)| 2)) .cse4) (or .cse10 .cse7 .cse4 (and .cse6 .cse3 .cse11)) (or .cse10 .cse12 .cse4 .cse5 (not (< |old(~waterLevel~0)| 3))) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse10 .cse12 .cse4)))) [2022-11-23 14:56:18,737 INFO L895 garLoopResultBuilder]: At program point L67(line 67) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse7 (and .cse10 .cse9 .cse2)) (.cse4 (not (< |old(~waterLevel~0)| 3))) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (and .cse10 .cse9)) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 .cse2 .cse3 .cse4) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse5 .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse6 .cse7 .cse1 .cse4) (or .cse0 (<= 2 ~waterLevel~0) .cse7 .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9 (<= 1 ~switchedOnBeforeTS~0)) .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9) (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse6 (not (= |old(~waterLevel~0)| 1)) (and .cse8 (= ~waterLevel~0 1)) .cse1) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse5 .cse1 .cse3)))) [2022-11-23 14:56:18,738 INFO L895 garLoopResultBuilder]: At program point L67-1(line 67) the Hoare annotation is: (let ((.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~pumpRunning~0 0)) (.cse4 (= |timeShift___utac_acc__Specification5_spec__2_#t~ret4#1| ~pumpRunning~0)) (.cse1 (= 0 ~systemActive~0)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (= ~waterLevel~0 1)) (.cse10 (= ~methaneLevelCritical~0 0))) (let ((.cse12 (not .cse10)) (.cse14 (let ((.cse16 (or .cse6 .cse3)) (.cse17 (not .cse1))) (or (and .cse5 .cse2 .cse16 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) .cse4 .cse17) (and .cse5 .cse2 .cse16 (<= 1 ~switchedOnBeforeTS~0) .cse4 .cse17)))) (.cse15 (< ~waterLevel~0 3))) (let ((.cse11 (and .cse12 .cse6 .cse14 .cse15)) (.cse7 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse9 (not (< |old(~waterLevel~0)| 3))) (.cse13 (and .cse10 .cse6 .cse14 .cse15))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 .cse3 .cse4)) (or .cse0 (not (= |old(~waterLevel~0)| 2)) .cse1 (and .cse2 (<= 2 ~waterLevel~0) (<= ~waterLevel~0 2) .cse4)) (or (and .cse5 .cse6 .cse4) (and (or .cse7 .cse1 .cse8 .cse9) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))))) (or .cse0 .cse10 .cse1 .cse8 .cse9 .cse11) (or .cse7 .cse0 .cse10 .cse1 .cse9 .cse11) (or .cse7 .cse0 .cse12 .cse1 .cse9 .cse13) (or .cse0 .cse12 .cse1 .cse8 .cse9 .cse13))))) [2022-11-23 14:56:18,738 INFO L895 garLoopResultBuilder]: At program point L216(line 216) the Hoare annotation is: (let ((.cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse3 (not (< |old(~waterLevel~0)| 3))) (.cse4 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse1 .cse2 .cse3) (or .cse0 .cse4 .cse1 .cse3) (or .cse4 (not (= |old(~waterLevel~0)| 2)) .cse1) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 (not (= |old(~waterLevel~0)| 1)) .cse1))) [2022-11-23 14:56:18,738 INFO L895 garLoopResultBuilder]: At program point L344-1(lines 344 350) the Hoare annotation is: (let ((.cse30 (< 0 |old(~waterLevel~0)|)) (.cse4 (= 0 ~systemActive~0)) (.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse15 (not .cse1)) (.cse26 (<= 1 ~pumpRunning~0)) (.cse27 (<= 2 ~waterLevel~0)) (.cse28 (<= ~waterLevel~0 2)) (.cse25 (= |old(~pumpRunning~0)| 0)) (.cse14 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse29 (not .cse4)) (.cse12 (= ~pumpRunning~0 0)) (.cse22 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse30)) (.cse24 (<= 1 ~switchedOnBeforeTS~0)) (.cse23 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse7 (and .cse12 (or (and (not .cse30) .cse22) .cse21) .cse24 .cse23)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse10 (not (<= |old(~waterLevel~0)| 2))) (.cse20 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (= ~waterLevel~0 1)) (.cse11 (not (<= 2 |old(~waterLevel~0)|))) (.cse16 (and .cse12 .cse1 .cse25 .cse22 .cse14 .cse29)) (.cse17 (and .cse26 .cse1 .cse27 .cse25 .cse28 .cse22 .cse29)) (.cse5 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse6 (not (< |old(~waterLevel~0)| 3))) (.cse3 (and .cse26 .cse27 .cse25 .cse15 .cse28 .cse22 .cse29)) (.cse18 (not (= |old(~waterLevel~0)| 2))) (.cse8 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse19 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not .cse25)) (.cse2 (and .cse12 .cse22 .cse14))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4 .cse5 .cse6) (or .cse7 (and (or .cse8 .cse1 .cse4 .cse5 .cse6) (or .cse1 .cse9 .cse4 .cse10 .cse11))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse4 (and .cse12 .cse13 .cse14)) (or .cse0 .cse15 .cse16 .cse17 .cse18 .cse4) (or .cse8 .cse19 .cse7 (and .cse20 (<= ~waterLevel~0 0) (or .cse21 .cse22) .cse14 .cse23) .cse4 .cse5) (or .cse9 (and .cse12 .cse13 .cse24 .cse23) .cse4 .cse10 (and .cse20 .cse13 .cse14 .cse23) .cse11) (or .cse0 .cse15 .cse16 .cse17 .cse4 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse3 .cse18 .cse4) (or .cse8 .cse19 .cse0 .cse2 .cse4))))) [2022-11-23 14:56:18,740 INFO L899 garLoopResultBuilder]: For program point L84(lines 84 94) no Hoare annotation was computed. [2022-11-23 14:56:18,740 INFO L899 garLoopResultBuilder]: For program point L80(lines 80 97) no Hoare annotation was computed. [2022-11-23 14:56:18,740 INFO L895 garLoopResultBuilder]: At program point timeShiftENTRY(lines 330 356) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (let ((.cse7 (and .cse10 .cse9 .cse2)) (.cse4 (not (< |old(~waterLevel~0)| 3))) (.cse6 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse5 (and .cse10 .cse9)) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (<= 1 |old(~switchedOnBeforeTS~0)|)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0)) .cse1 .cse2 .cse3 .cse4) (or (not (<= 1 |old(~pumpRunning~0)|)) .cse5 .cse1 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse6 .cse7 .cse1 .cse4) (or .cse0 (<= 2 ~waterLevel~0) .cse7 .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9 (<= 1 ~switchedOnBeforeTS~0)) .cse1 .cse3 .cse4) (or .cse6 (and .cse8 .cse9) (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse6 (not (= |old(~waterLevel~0)| 1)) (and .cse8 (= ~waterLevel~0 1)) .cse1) (or .cse0 (not (<= |old(~waterLevel~0)| 1)) .cse5 .cse1 .cse3)))) [2022-11-23 14:56:18,741 INFO L895 garLoopResultBuilder]: At program point L431(line 431) the Hoare annotation is: (let ((.cse6 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse0 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse8 (not (< |old(~waterLevel~0)| 3))) (.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (= ~methaneLevelCritical~0 0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0)) (.cse5 (= 0 ~systemActive~0))) (and (or .cse0 (not (<= |old(~waterLevel~0)| 1)) (and .cse1 .cse2 (<= ~waterLevel~0 0) (or (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) (< 0 |old(~waterLevel~0)|)) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse3 .cse4) .cse5 .cse6) (or .cse7 .cse5 .cse6 .cse8) (or .cse0 .cse7 .cse5 .cse8) (or .cse7 (not (= |old(~waterLevel~0)| 2)) .cse5) (or .cse7 (not (= |old(~waterLevel~0)| 1)) .cse5) (or (not (<= 1 |old(~pumpRunning~0)|)) (and .cse1 .cse2 (= ~waterLevel~0 1) .cse3 .cse4) .cse5 (not (<= |old(~waterLevel~0)| 2)) (not (<= 2 |old(~waterLevel~0)|))))) [2022-11-23 14:56:18,741 INFO L895 garLoopResultBuilder]: At program point L80-1(lines 72 100) the Hoare annotation is: (let ((.cse9 (= 0 ~systemActive~0)) (.cse11 (= ~methaneLevelCritical~0 0))) (let ((.cse20 (not .cse11)) (.cse24 (<= 1 ~pumpRunning~0)) (.cse30 (= |old(~pumpRunning~0)| 0)) (.cse28 (= 2 ~waterLevel~0)) (.cse29 (<= ~waterLevel~0 1)) (.cse4 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse31 (not .cse9)) (.cse22 (= ~pumpRunning~0 0)) (.cse1 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| ~waterLevel~0)) (.cse25 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse2 (= |old(~waterLevel~0)| (+ ~waterLevel~0 1))) (.cse3 (< 0 |old(~waterLevel~0)|)) (.cse27 (<= 1 ~switchedOnBeforeTS~0)) (.cse5 (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0))) (let ((.cse8 (and .cse22 .cse1 (or (and (not .cse3) .cse25) (and .cse2 .cse3)) .cse27 .cse5)) (.cse7 (not (= |old(~waterLevel~0)| 1))) (.cse18 (and .cse22 .cse1 .cse11 .cse29 .cse25 .cse4 .cse31)) (.cse19 (and .cse22 .cse1 .cse28 .cse11 .cse25 .cse4 .cse31)) (.cse21 (and .cse24 .cse1 .cse11 (<= 2 ~waterLevel~0) .cse30 (<= ~waterLevel~0 2) .cse25 .cse31)) (.cse6 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse16 (not .cse30)) (.cse17 (and .cse22 .cse1 .cse29 .cse30 .cse20 .cse25 .cse4 .cse31)) (.cse10 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse12 (not (< |old(~waterLevel~0)| 3))) (.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse13 (not (<= 1 |old(~pumpRunning~0)|))) (.cse14 (not (<= |old(~waterLevel~0)| 2))) (.cse23 (= ~waterLevel~0 1)) (.cse15 (not (<= 2 |old(~waterLevel~0)|)))) (and (or (and .cse0 .cse1 .cse2 .cse3 .cse4 .cse5) .cse6 .cse7 .cse8 .cse9 .cse10) (or (and (or .cse6 .cse11 .cse9 .cse10 .cse12) (or .cse11 .cse13 .cse9 .cse14 .cse15)) .cse8) (or .cse6 (not (<= |old(~waterLevel~0)| 1)) .cse16 .cse11 .cse17 .cse9) (or .cse6 .cse16 .cse18 .cse19 .cse20 .cse21 .cse9 .cse12) (or .cse16 .cse7 .cse9 (and .cse22 .cse1 .cse23 .cse4)) (or .cse16 .cse18 .cse19 .cse20 .cse21 .cse9 .cse10 .cse12) (let ((.cse26 (= |timeShift___utac_acc__Specification5_spec__3_~tmp~0#1| 2))) (or .cse16 (and .cse24 .cse25 .cse26) (and .cse22 .cse25 .cse4 .cse26) (not (= |old(~waterLevel~0)| 2)) .cse9)) (or .cse6 (and .cse22 .cse1 .cse25 .cse27 .cse5) (and .cse0 .cse1 .cse25 .cse4 .cse5) .cse9 (not (<= |old(~waterLevel~0)| 0)) .cse10) (or .cse16 (and .cse28 .cse25) .cse11 .cse17 .cse9 .cse10 .cse12) (or (and .cse0 .cse1 .cse23 .cse4 .cse5) .cse13 .cse9 .cse14 (and .cse22 .cse1 .cse23 .cse27 .cse5) .cse15))))) [2022-11-23 14:56:18,742 INFO L895 garLoopResultBuilder]: At program point L427(line 427) the Hoare annotation is: (let ((.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (<= |old(~waterLevel~0)| 2))) (.cse8 (not (<= 2 |old(~waterLevel~0)|))) (.cse4 (not (= |old(~switchedOnBeforeTS~0)| |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 |old(~switchedOnBeforeTS~0)|))) (.cse3 (not (< |old(~waterLevel~0)| 3))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse0 .cse1 .cse3) (or .cse0 (not (= |old(~waterLevel~0)| 2)) .cse1) (or .cse5 .cse6 .cse1 .cse7 .cse8) (or (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (let ((.cse9 (< 0 |old(~waterLevel~0)|))) (or (and (not .cse9) (= |old(~waterLevel~0)| ~waterLevel~0)) (and (= |old(~waterLevel~0)| (+ ~waterLevel~0 1)) .cse9))) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (= |timeShift_processEnvironment_~tmp~4#1| ~methaneLevelCritical~0)) (and (or .cse4 .cse1 .cse2 .cse3) (or .cse5 .cse1 .cse7 .cse8))) (or .cse4 .cse6 .cse1 .cse2 .cse3) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1))) [2022-11-23 14:56:18,742 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 330 356) no Hoare annotation was computed. [2022-11-23 14:56:18,743 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 216) no Hoare annotation was computed. [2022-11-23 14:56:18,743 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 223 252) no Hoare annotation was computed. [2022-11-23 14:56:18,743 INFO L902 garLoopResultBuilder]: At program point cleanupENTRY(lines 223 252) the Hoare annotation is: true [2022-11-23 14:56:18,743 INFO L902 garLoopResultBuilder]: At program point L248(lines 223 252) the Hoare annotation is: true [2022-11-23 14:56:18,743 INFO L899 garLoopResultBuilder]: For program point L244(line 244) no Hoare annotation was computed. [2022-11-23 14:56:18,743 INFO L899 garLoopResultBuilder]: For program point L237(lines 237 241) no Hoare annotation was computed. [2022-11-23 14:56:18,744 INFO L902 garLoopResultBuilder]: At program point L237-1(lines 237 241) the Hoare annotation is: true [2022-11-23 14:56:18,744 INFO L902 garLoopResultBuilder]: At program point L233-2(lines 233 247) the Hoare annotation is: true [2022-11-23 14:56:18,744 INFO L902 garLoopResultBuilder]: At program point L229(line 229) the Hoare annotation is: true [2022-11-23 14:56:18,744 INFO L899 garLoopResultBuilder]: For program point L229-1(line 229) no Hoare annotation was computed. [2022-11-23 14:56:18,745 INFO L895 garLoopResultBuilder]: At program point L609-2(lines 601 614) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (<= 2 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse1 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and (<= 1 ~pumpRunning~0) .cse5 .cse0 .cse6 .cse4)) .cse7) (and .cse8 .cse0 .cse7 (= ~waterLevel~0 1) .cse4) (and .cse8 .cse0 .cse7 .cse2 .cse3 .cse4) (and .cse8 .cse5 .cse0 .cse6 .cse7 .cse4) (and .cse8 .cse0 .cse7 .cse1 .cse2 .cse4))) [2022-11-23 14:56:18,746 INFO L899 garLoopResultBuilder]: For program point L572(lines 571 618) no Hoare annotation was computed. [2022-11-23 14:56:18,747 INFO L895 garLoopResultBuilder]: At program point L593(line 593) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse0 (<= 2 ~waterLevel~0)) (.cse2 (<= ~waterLevel~0 2)) (.cse5 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse7 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse1 .cse3 (= ~waterLevel~0 1) .cse4) (and (= ~methaneLevelCritical~0 0) .cse1 .cse3 .cse6 .cse7 .cse8 .cse4) (and .cse5 .cse1 .cse3 .cse7 .cse8 .cse4) (and .cse5 .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse1 .cse3 .cse6 .cse7 .cse4))) [2022-11-23 14:56:18,747 INFO L902 garLoopResultBuilder]: At program point L622(lines 561 626) the Hoare annotation is: true [2022-11-23 14:56:18,747 INFO L899 garLoopResultBuilder]: For program point L581(lines 581 587) no Hoare annotation was computed. [2022-11-23 14:56:18,747 INFO L899 garLoopResultBuilder]: For program point L581-1(lines 581 587) no Hoare annotation was computed. [2022-11-23 14:56:18,747 INFO L902 garLoopResultBuilder]: At program point ULTIMATE.startENTRY(line -1) the Hoare annotation is: true [2022-11-23 14:56:18,747 INFO L895 garLoopResultBuilder]: At program point L619(lines 570 620) the Hoare annotation is: false [2022-11-23 14:56:18,748 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-11-23 14:56:18,748 INFO L895 garLoopResultBuilder]: At program point L310(lines 310 317) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_main_~tmp~1#1| 1) (= ~waterLevel~0 1) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (= 0 ~systemActive~0))) [2022-11-23 14:56:18,748 INFO L902 garLoopResultBuilder]: At program point L310-2(lines 310 317) the Hoare annotation is: true [2022-11-23 14:56:18,748 INFO L899 garLoopResultBuilder]: For program point L591(lines 591 597) no Hoare annotation was computed. [2022-11-23 14:56:18,748 INFO L895 garLoopResultBuilder]: At program point L591-1(lines 591 597) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (<= 2 ~waterLevel~0)) (.cse6 (<= ~waterLevel~0 2)) (.cse8 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse1 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and (<= 1 ~pumpRunning~0) .cse5 .cse0 .cse6 .cse4)) .cse7) (and .cse8 .cse0 .cse7 (= ~waterLevel~0 1) .cse4) (and .cse8 .cse0 .cse7 .cse2 .cse3 .cse4) (and .cse8 .cse5 .cse0 .cse6 .cse7 .cse4) (and .cse8 .cse0 .cse7 .cse1 .cse2 .cse4))) [2022-11-23 14:56:18,749 INFO L895 garLoopResultBuilder]: At program point L616(lines 571 618) the Hoare annotation is: (let ((.cse5 (< ~waterLevel~0 3)) (.cse6 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse3 (= ~pumpRunning~0 0)) (.cse0 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse1 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (not (= 0 ~systemActive~0)))) (or (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0) .cse0 (<= ~waterLevel~0 2) .cse1 .cse2) (and .cse3 .cse0 .cse1 (= ~waterLevel~0 1) .cse2) (and (= ~methaneLevelCritical~0 0) .cse0 .cse1 .cse4 .cse5 .cse6 .cse2) (and .cse3 .cse0 .cse1 .cse5 .cse6 .cse2) (and .cse3 (<= ~waterLevel~0 1) .cse0 .cse1 .cse4 .cse2))) [2022-11-23 14:56:18,749 INFO L895 garLoopResultBuilder]: At program point L583(line 583) the Hoare annotation is: (let ((.cse0 (<= 2 ~waterLevel~0)) (.cse2 (<= ~waterLevel~0 2)) (.cse8 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~1#1| 1)) (.cse6 (<= 1 ~switchedOnBeforeTS~0)) (.cse7 (< ~waterLevel~0 3)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse3 (or (and .cse5 .cse1 (= ~waterLevel~0 1)) (and .cse5 .cse0 .cse1 .cse2)) .cse4) (and (= ~methaneLevelCritical~0 0) .cse1 .cse3 .cse6 .cse7 .cse8 .cse4) (and .cse5 .cse1 .cse3 .cse7 .cse8 .cse4) (and .cse5 .cse1 .cse3 .cse6 .cse7 .cse4))) [2022-11-23 14:56:18,749 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 365 389) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-23 14:56:18,750 INFO L895 garLoopResultBuilder]: At program point L384(line 384) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse4 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse4 .cse1))) [2022-11-23 14:56:18,750 INFO L899 garLoopResultBuilder]: For program point L384-1(lines 365 389) no Hoare annotation was computed. [2022-11-23 14:56:18,750 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 365 389) no Hoare annotation was computed. [2022-11-23 14:56:18,751 INFO L895 garLoopResultBuilder]: At program point L379(line 379) the Hoare annotation is: (let ((.cse0 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (<= ~waterLevel~0 0)) .cse0 .cse1 .cse2 .cse3) (or (not (= ~waterLevel~0 1)) .cse0 .cse1 .cse2 .cse3) (or (not (= |old(~pumpRunning~0)| 0)) (let ((.cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0))) (and (or .cse4 (<= 2 ~waterLevel~0)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (or .cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 1)))) .cse1 (not (< ~waterLevel~0 3)) .cse3))) [2022-11-23 14:56:18,751 INFO L895 garLoopResultBuilder]: At program point L373(lines 373 381) the Hoare annotation is: (let ((.cse0 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (= 0 ~systemActive~0)) (.cse3 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (<= ~waterLevel~0 0)) .cse0 .cse1 .cse2 .cse3) (or (not (= ~waterLevel~0 1)) .cse0 .cse1 .cse2 .cse3) (or (not (= |old(~pumpRunning~0)| 0)) (let ((.cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0))) (and (or .cse4 (<= 2 ~waterLevel~0)) (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (or .cse4 (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 1)))) .cse1 (not (< ~waterLevel~0 3)) .cse3))) [2022-11-23 14:56:18,751 INFO L895 garLoopResultBuilder]: At program point L369(lines 369 386) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-23 14:56:18,751 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 123 134) no Hoare annotation was computed. [2022-11-23 14:56:18,752 INFO L895 garLoopResultBuilder]: At program point waterRiseENTRY(lines 123 134) the Hoare annotation is: (let ((.cse1 (not (<= |old(~waterLevel~0)| 2))) (.cse2 (not (<= 2 |old(~waterLevel~0)|))) (.cse6 (not (= ~pumpRunning~0 ~switchedOnBeforeTS~0))) (.cse5 (not (<= |old(~waterLevel~0)| 1))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (= 0 ~systemActive~0)) (.cse7 (not (<= 1 ~switchedOnBeforeTS~0)))) (and (or (and (or .cse0 .cse1 .cse2) (or .cse0 (not (= |old(~waterLevel~0)| 1)))) .cse3 .cse4) (or (not (<= 1 ~pumpRunning~0)) .cse3 .cse4 .cse1 .cse2) (or .cse5 .cse0 .cse6 .cse3 .cse4) (or (not (= ~methaneLevelCritical~0 0)) .cse6 .cse3 .cse4 .cse7 (not (< |old(~waterLevel~0)| 3))) (or .cse5 .cse0 .cse3 .cse4 .cse7))) [2022-11-23 14:56:18,752 INFO L895 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 391 415) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-23 14:56:18,752 INFO L895 garLoopResultBuilder]: At program point L405(line 405) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse4 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse4 .cse1))) [2022-11-23 14:56:18,753 INFO L895 garLoopResultBuilder]: At program point L401(line 401) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse4 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse4 .cse1))) [2022-11-23 14:56:18,755 INFO L899 garLoopResultBuilder]: For program point L399(lines 399 407) no Hoare annotation was computed. [2022-11-23 14:56:18,755 INFO L895 garLoopResultBuilder]: At program point L395(lines 395 412) the Hoare annotation is: (let ((.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse1 (= ~pumpRunning~0 ~switchedOnBeforeTS~0)) (.cse4 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse2 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1 (not (< ~waterLevel~0 3)) .cse2) (or (not (<= ~waterLevel~0 0)) .cse3 .cse0 .cse1 .cse4 .cse2) (or (not (= ~waterLevel~0 1)) .cse3 .cse0 .cse1 .cse4 .cse2))) [2022-11-23 14:56:18,755 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 391 415) no Hoare annotation was computed. [2022-11-23 14:56:18,756 INFO L895 garLoopResultBuilder]: At program point L410(line 410) the Hoare annotation is: (let ((.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (= 0 ~systemActive~0)) (.cse3 (not (<= 1 ~switchedOnBeforeTS~0))) (.cse1 (not (= ~switchedOnBeforeTS~0 |old(~pumpRunning~0)|)))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 (= ~pumpRunning~0 ~switchedOnBeforeTS~0) (not (< ~waterLevel~0 3)) .cse1) (or (not (<= ~waterLevel~0 0)) .cse2 .cse0 .cse3 .cse1) (or (not (= ~waterLevel~0 1)) .cse2 .cse0 .cse3 .cse1))) [2022-11-23 14:56:18,756 INFO L899 garLoopResultBuilder]: For program point L410-1(lines 391 415) no Hoare annotation was computed. [2022-11-23 14:56:18,756 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 469 477) no Hoare annotation was computed. [2022-11-23 14:56:18,757 INFO L902 garLoopResultBuilder]: At program point isPumpRunningENTRY(lines 469 477) the Hoare annotation is: true [2022-11-23 14:56:18,760 INFO L444 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-23 14:56:18,762 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-23 14:56:18,852 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 23.11 02:56:18 BoogieIcfgContainer [2022-11-23 14:56:18,858 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-23 14:56:18,859 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-23 14:56:18,859 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-23 14:56:18,859 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-23 14:56:18,860 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 02:55:04" (3/4) ... [2022-11-23 14:56:18,864 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-11-23 14:56:18,869 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-11-23 14:56:18,870 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-11-23 14:56:18,870 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-11-23 14:56:18,870 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-11-23 14:56:18,870 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-11-23 14:56:18,870 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-11-23 14:56:18,871 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-11-23 14:56:18,871 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-11-23 14:56:18,871 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2022-11-23 14:56:18,888 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 56 nodes and edges [2022-11-23 14:56:18,889 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 14 nodes and edges [2022-11-23 14:56:18,890 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-11-23 14:56:18,891 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-23 14:56:18,891 INFO L915 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-11-23 14:56:18,924 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && aux-isPumpRunning()-aux == pumpRunning)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((pumpRunning == 0 && 2 <= waterLevel) && waterLevel <= 2) && aux-isPumpRunning()-aux == pumpRunning))) && (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3)) [2022-11-23 14:56:18,928 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) [2022-11-23 14:56:18,929 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || !(\old(waterLevel) == 1)) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive)) && (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) < 3))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || (((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((((!(\old(pumpRunning) == 0) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(pumpRunning) == 0) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && tmp == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == 2)) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(pumpRunning) == 0) || (2 == waterLevel && \old(waterLevel) == waterLevel)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel))) [2022-11-23 14:56:18,929 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || ((\old(waterLevel) == waterLevel && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((waterLevel == 1 && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) [2022-11-23 14:56:18,930 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) [2022-11-23 14:56:18,930 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) [2022-11-23 14:56:18,931 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-23 14:56:18,931 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-23 14:56:18,938 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || (((tmp == 0 || 2 <= waterLevel) && pumpRunning == switchedOnBeforeTS) && (tmp == 0 || tmp == 1))) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) [2022-11-23 14:56:18,989 INFO L141 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/witness.graphml [2022-11-23 14:56:18,990 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-23 14:56:18,990 INFO L158 Benchmark]: Toolchain (without parser) took 75644.80ms. Allocated memory was 176.2MB in the beginning and 704.6MB in the end (delta: 528.5MB). Free memory was 119.6MB in the beginning and 268.1MB in the end (delta: -148.5MB). Peak memory consumption was 382.0MB. Max. memory is 16.1GB. [2022-11-23 14:56:18,990 INFO L158 Benchmark]: CDTParser took 0.90ms. Allocated memory is still 117.4MB. Free memory is still 70.6MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-23 14:56:18,991 INFO L158 Benchmark]: CACSL2BoogieTranslator took 501.14ms. Allocated memory is still 176.2MB. Free memory was 119.0MB in the beginning and 100.1MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-23 14:56:18,991 INFO L158 Benchmark]: Boogie Procedure Inliner took 49.43ms. Allocated memory is still 176.2MB. Free memory was 100.1MB in the beginning and 97.5MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-23 14:56:18,991 INFO L158 Benchmark]: Boogie Preprocessor took 32.99ms. Allocated memory is still 176.2MB. Free memory was 97.5MB in the beginning and 95.9MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-23 14:56:18,992 INFO L158 Benchmark]: RCFGBuilder took 814.81ms. Allocated memory is still 176.2MB. Free memory was 95.9MB in the beginning and 68.2MB in the end (delta: 27.8MB). Peak memory consumption was 27.3MB. Max. memory is 16.1GB. [2022-11-23 14:56:18,993 INFO L158 Benchmark]: TraceAbstraction took 74099.72ms. Allocated memory was 176.2MB in the beginning and 704.6MB in the end (delta: 528.5MB). Free memory was 67.2MB in the beginning and 274.4MB in the end (delta: -207.2MB). Peak memory consumption was 349.2MB. Max. memory is 16.1GB. [2022-11-23 14:56:18,994 INFO L158 Benchmark]: Witness Printer took 131.11ms. Allocated memory is still 704.6MB. Free memory was 274.4MB in the beginning and 268.1MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-11-23 14:56:18,997 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.90ms. Allocated memory is still 117.4MB. Free memory is still 70.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 501.14ms. Allocated memory is still 176.2MB. Free memory was 119.0MB in the beginning and 100.1MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 49.43ms. Allocated memory is still 176.2MB. Free memory was 100.1MB in the beginning and 97.5MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 32.99ms. Allocated memory is still 176.2MB. Free memory was 97.5MB in the beginning and 95.9MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 814.81ms. Allocated memory is still 176.2MB. Free memory was 95.9MB in the beginning and 68.2MB in the end (delta: 27.8MB). Peak memory consumption was 27.3MB. Max. memory is 16.1GB. * TraceAbstraction took 74099.72ms. Allocated memory was 176.2MB in the beginning and 704.6MB in the end (delta: 528.5MB). Free memory was 67.2MB in the beginning and 274.4MB in the end (delta: -207.2MB). Peak memory consumption was 349.2MB. Max. memory is 16.1GB. * Witness Printer took 131.11ms. Allocated memory is still 704.6MB. Free memory was 274.4MB in the beginning and 268.1MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 216]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 69 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 73.9s, OverallIterations: 11, TraceHistogramMax: 5, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 8.9s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 19.4s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2759 SdHoareTripleChecker+Valid, 4.4s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2734 mSDsluCounter, 3726 SdHoareTripleChecker+Invalid, 3.7s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2770 mSDsCounter, 1697 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 5328 IncrementalHoareTripleChecker+Invalid, 7025 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 1697 mSolverCounterUnsat, 956 mSDtfsCounter, 5328 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 1043 GetRequests, 724 SyntacticMatches, 28 SemanticMatches, 291 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 8220 ImplicationChecksByTransitivity, 27.6s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=542occurred in iteration=10, InterpolantAutomatonStates: 156, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 11 MinimizatonAttempts, 430 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 42 LocationsWithAnnotation, 1973 PreInvPairs, 2337 NumberOfFragments, 5110 HoareAnnotationTreeSize, 1973 FomulaSimplifications, 14211 FormulaSimplificationTreeSizeReduction, 1.5s HoareSimplificationTime, 42 FomulaSimplificationsInter, 62441 FormulaSimplificationTreeSizeReductionInter, 17.8s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 5.6s InterpolantComputationTime, 920 NumberOfCodeBlocks, 920 NumberOfCodeBlocksAsserted, 14 NumberOfCheckSat, 1174 ConstructedInterpolants, 0 QuantifiedInterpolants, 3226 SizeOfPredicates, 30 NumberOfNonLiveVariables, 1182 ConjunctsInSsa, 64 ConjunctsInUnsatCore, 17 InterpolantComputations, 8 PerfectInterpolantSequences, 594/670 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 223]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 417]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) - InvariantResult [Line: -1]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 310]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 571]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive)) || ((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) && !(0 == systemActive))) || ((((((methaneLevelCritical == 0 && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((pumpRunning == 0 && waterLevel <= 1) && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) && !(0 == systemActive)) - InvariantResult [Line: 310]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0 && methaneLevelCritical == 0) && tmp == 1) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive) - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: ((((((((((((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(\old(switchedOnBeforeTS) == \old(pumpRunning))) || !(\old(waterLevel) == 1)) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) && ((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) || ((((pumpRunning == 0 && tmp == waterLevel) && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive)) && (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(\old(waterLevel) < 3))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || (((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((((!(\old(pumpRunning) == 0) || ((((((pumpRunning == 0 && tmp == waterLevel) && methaneLevelCritical == 0) && waterLevel <= 1) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((pumpRunning == 0 && tmp == waterLevel) && 2 == waterLevel) && methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || !(methaneLevelCritical == 0)) || (((((((1 <= pumpRunning && tmp == waterLevel) && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(pumpRunning) == 0) || ((1 <= pumpRunning && \old(waterLevel) == waterLevel) && tmp == 2)) || (((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == 2)) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((((pumpRunning == 0 && tmp == waterLevel) && \old(waterLevel) == waterLevel) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS)))) && ((((((!(\old(pumpRunning) == 0) || (2 == waterLevel && \old(waterLevel) == waterLevel)) || methaneLevelCritical == 0) || (((((((pumpRunning == 0 && tmp == waterLevel) && waterLevel <= 1) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((((((pumpRunning == \old(pumpRunning) && tmp == waterLevel) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical) || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((((pumpRunning == 0 && tmp == waterLevel) && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 570]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 561]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 369]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 67]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && aux-isPumpRunning()-aux == pumpRunning)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive) || (((pumpRunning == 0 && 2 <= waterLevel) && waterLevel <= 2) && aux-isPumpRunning()-aux == pumpRunning))) && (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && aux-isPumpRunning()-aux == pumpRunning) || ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || methaneLevelCritical == 0) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((!(methaneLevelCritical == 0) && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) || (((methaneLevelCritical == 0 && \old(waterLevel) == waterLevel) && ((((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && pumpRunning == switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)) || (((((pumpRunning == \old(pumpRunning) && pumpRunning == 0) && (\old(waterLevel) == waterLevel || waterLevel == 1)) && 1 <= switchedOnBeforeTS) && aux-isPumpRunning()-aux == pumpRunning) && !(0 == systemActive)))) && waterLevel < 3)) - InvariantResult [Line: 395]: Loop Invariant Derived loop invariant: (((((!(\old(pumpRunning) == 0) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) && (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && (((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || pumpRunning == switchedOnBeforeTS) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 373]: Loop Invariant Derived loop invariant: (((((!(waterLevel <= 0) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning))) && ((((!(waterLevel == 1) || !(methaneLevelCritical == 0)) || 0 == systemActive) || !(1 <= switchedOnBeforeTS)) || !(switchedOnBeforeTS == \old(pumpRunning)))) && ((((!(\old(pumpRunning) == 0) || (((tmp == 0 || 2 <= waterLevel) && pumpRunning == switchedOnBeforeTS) && (tmp == 0 || tmp == 1))) || 0 == systemActive) || !(waterLevel < 3)) || !(switchedOnBeforeTS == \old(pumpRunning))) - InvariantResult [Line: 591]: Loop Invariant Derived loop invariant: (((((((((splverifierCounter == 0 && 1 <= switchedOnBeforeTS) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive)) || ((((1 <= pumpRunning && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && !(0 == systemActive))) && tmp == 1) || ((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel == 1) && !(0 == systemActive))) || (((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && waterLevel < 3) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || (((((pumpRunning == 0 && 2 <= waterLevel) && splverifierCounter == 0) && waterLevel <= 2) && tmp == 1) && !(0 == systemActive))) || (((((pumpRunning == 0 && splverifierCounter == 0) && tmp == 1) && 1 <= switchedOnBeforeTS) && waterLevel < 3) && !(0 == systemActive)) - InvariantResult [Line: 344]: Loop Invariant Derived loop invariant: (((((((((((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical) || (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || methaneLevelCritical == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && ((((methaneLevelCritical == 0 || !(1 <= \old(pumpRunning))) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((pumpRunning == 0 && waterLevel == 1) && pumpRunning == switchedOnBeforeTS))) && (((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || (((pumpRunning == 0 && ((!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || ((((pumpRunning == \old(pumpRunning) && waterLevel <= 0) && ((\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)) || \old(waterLevel) == waterLevel)) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((((!(1 <= \old(pumpRunning)) || (((pumpRunning == 0 && waterLevel == 1) && 1 <= switchedOnBeforeTS) && tmp == methaneLevelCritical)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || (((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS) && tmp == methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((((pumpRunning == 0 && methaneLevelCritical == 0) && \old(pumpRunning) == 0) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS) && !(0 == systemActive))) || ((((((1 <= pumpRunning && methaneLevelCritical == 0) && 2 <= waterLevel) && \old(pumpRunning) == 0) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((((!(\old(pumpRunning) == 0) || methaneLevelCritical == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || ((((((1 <= pumpRunning && 2 <= waterLevel) && \old(pumpRunning) == 0) && !(methaneLevelCritical == 0)) && waterLevel <= 2) && \old(waterLevel) == waterLevel) && !(0 == systemActive))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) - InvariantResult [Line: 421]: Loop Invariant Derived loop invariant: (((((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || ((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(\old(waterLevel) <= 0)) || !(1 <= \old(switchedOnBeforeTS))) && ((((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || ((pumpRunning == \old(pumpRunning) && waterLevel == 1) && pumpRunning == switchedOnBeforeTS)) || !(2 <= \old(waterLevel)))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) == 1)) || (((pumpRunning == \old(pumpRunning) && \old(waterLevel) == waterLevel + 1) && 0 < \old(waterLevel)) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS)))) && (((!(\old(pumpRunning) == 0) || ((\old(waterLevel) == waterLevel && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel))))) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) || ((waterLevel == 1 && pumpRunning == switchedOnBeforeTS) && ((pumpRunning == 0 || (!(0 < \old(waterLevel)) && \old(waterLevel) == waterLevel)) || (\old(waterLevel) == waterLevel + 1 && 0 < \old(waterLevel)))))) && ((((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && ((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(waterLevel) <= 1)) || !(\old(pumpRunning) == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && pumpRunning == switchedOnBeforeTS)) || 0 == systemActive) - InvariantResult [Line: 216]: Loop Invariant Derived loop invariant: (((((((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3)) && (((!(\old(pumpRunning) == 0) || 0 == systemActive) || !(1 <= \old(switchedOnBeforeTS))) || !(\old(waterLevel) < 3))) && (((!(\old(switchedOnBeforeTS) == \old(pumpRunning)) || !(\old(pumpRunning) == 0)) || 0 == systemActive) || !(\old(waterLevel) < 3))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 2)) || 0 == systemActive)) && (((!(1 <= \old(pumpRunning)) || 0 == systemActive) || !(\old(waterLevel) <= 2)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || 0 == systemActive) - InvariantResult [Line: 233]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-11-23 14:56:19,075 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_5b7594f8-ee69-4712-8b04-6fefeb2212cd/bin/utaipan-Q6hlc19bkW/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE