./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec3_product37.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e7bb482b Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec3_product37.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 29e70cf9c9b1d0bd005d907ed1d78af9dd0d19752a19f66dfee72f35dd243fc7 --- Real Ultimate output --- This is Ultimate 0.2.3-dev-e7bb482 [2023-11-06 21:53:39,192 INFO L188 SettingsManager]: Resetting all preferences to default values... [2023-11-06 21:53:39,309 INFO L114 SettingsManager]: Loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf [2023-11-06 21:53:39,317 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2023-11-06 21:53:39,318 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2023-11-06 21:53:39,357 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2023-11-06 21:53:39,358 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2023-11-06 21:53:39,359 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2023-11-06 21:53:39,360 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2023-11-06 21:53:39,365 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2023-11-06 21:53:39,366 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2023-11-06 21:53:39,366 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2023-11-06 21:53:39,367 INFO L153 SettingsManager]: * Use SBE=true [2023-11-06 21:53:39,368 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2023-11-06 21:53:39,369 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2023-11-06 21:53:39,369 INFO L153 SettingsManager]: * sizeof long=4 [2023-11-06 21:53:39,370 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2023-11-06 21:53:39,370 INFO L153 SettingsManager]: * sizeof POINTER=4 [2023-11-06 21:53:39,370 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2023-11-06 21:53:39,371 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2023-11-06 21:53:39,371 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2023-11-06 21:53:39,372 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2023-11-06 21:53:39,372 INFO L153 SettingsManager]: * sizeof long double=12 [2023-11-06 21:53:39,373 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2023-11-06 21:53:39,373 INFO L153 SettingsManager]: * Use constant arrays=true [2023-11-06 21:53:39,374 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2023-11-06 21:53:39,374 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2023-11-06 21:53:39,375 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2023-11-06 21:53:39,375 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 21:53:39,376 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2023-11-06 21:53:39,377 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2023-11-06 21:53:39,377 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2023-11-06 21:53:39,378 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2023-11-06 21:53:39,378 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2023-11-06 21:53:39,378 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2023-11-06 21:53:39,378 INFO L153 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2023-11-06 21:53:39,378 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2023-11-06 21:53:39,379 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2023-11-06 21:53:39,379 INFO L153 SettingsManager]: * Independence relation used for large block encoding in concurrent analysis=SYNTACTIC [2023-11-06 21:53:39,379 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 29e70cf9c9b1d0bd005d907ed1d78af9dd0d19752a19f66dfee72f35dd243fc7 [2023-11-06 21:53:39,660 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2023-11-06 21:53:39,682 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2023-11-06 21:53:39,685 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2023-11-06 21:53:39,686 INFO L270 PluginConnector]: Initializing CDTParser... [2023-11-06 21:53:39,687 INFO L274 PluginConnector]: CDTParser initialized [2023-11-06 21:53:39,688 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/../../sv-benchmarks/c/product-lines/minepump_spec3_product37.cil.c [2023-11-06 21:53:43,039 INFO L533 CDTParser]: Created temporary CDT project at NULL [2023-11-06 21:53:43,323 INFO L384 CDTParser]: Found 1 translation units. [2023-11-06 21:53:43,324 INFO L180 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/sv-benchmarks/c/product-lines/minepump_spec3_product37.cil.c [2023-11-06 21:53:43,355 INFO L427 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/data/0ffe22a6b/2c218426769c4762911582a91c51cb2d/FLAGf2fd31461 [2023-11-06 21:53:43,373 INFO L435 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/data/0ffe22a6b/2c218426769c4762911582a91c51cb2d [2023-11-06 21:53:43,379 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2023-11-06 21:53:43,381 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2023-11-06 21:53:43,385 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2023-11-06 21:53:43,385 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2023-11-06 21:53:43,391 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2023-11-06 21:53:43,392 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:43,393 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@402b66c1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43, skipping insertion in model container [2023-11-06 21:53:43,393 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:43,474 INFO L177 MainTranslator]: Built tables and reachable declarations [2023-11-06 21:53:43,768 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/sv-benchmarks/c/product-lines/minepump_spec3_product37.cil.c[17206,17219] [2023-11-06 21:53:43,777 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 21:53:43,795 INFO L202 MainTranslator]: Completed pre-run [2023-11-06 21:53:43,816 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [49] [2023-11-06 21:53:43,819 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [153] [2023-11-06 21:53:43,819 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [519] [2023-11-06 21:53:43,820 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [705] [2023-11-06 21:53:43,820 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [770] [2023-11-06 21:53:43,820 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [865] [2023-11-06 21:53:43,820 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification3_spec.i","") [874] [2023-11-06 21:53:43,821 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [908] [2023-11-06 21:53:43,906 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/sv-benchmarks/c/product-lines/minepump_spec3_product37.cil.c[17206,17219] [2023-11-06 21:53:43,909 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 21:53:43,930 INFO L206 MainTranslator]: Completed translation [2023-11-06 21:53:43,931 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43 WrapperNode [2023-11-06 21:53:43,931 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2023-11-06 21:53:43,932 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2023-11-06 21:53:43,932 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2023-11-06 21:53:43,932 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2023-11-06 21:53:43,940 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:43,960 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:43,992 INFO L138 Inliner]: procedures = 53, calls = 98, calls flagged for inlining = 22, calls inlined = 19, statements flattened = 198 [2023-11-06 21:53:43,993 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2023-11-06 21:53:43,993 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2023-11-06 21:53:43,994 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2023-11-06 21:53:43,994 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2023-11-06 21:53:44,003 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,004 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,006 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,006 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,012 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,036 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,038 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,040 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,042 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2023-11-06 21:53:44,059 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2023-11-06 21:53:44,059 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2023-11-06 21:53:44,060 INFO L274 PluginConnector]: RCFGBuilder initialized [2023-11-06 21:53:44,060 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (1/1) ... [2023-11-06 21:53:44,071 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 21:53:44,084 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 21:53:44,098 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2023-11-06 21:53:44,127 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2023-11-06 21:53:44,144 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2023-11-06 21:53:44,144 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2023-11-06 21:53:44,144 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2023-11-06 21:53:44,144 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2023-11-06 21:53:44,147 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2023-11-06 21:53:44,170 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2023-11-06 21:53:44,170 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2023-11-06 21:53:44,171 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2023-11-06 21:53:44,171 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2023-11-06 21:53:44,171 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 21:53:44,171 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 21:53:44,171 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2023-11-06 21:53:44,171 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2023-11-06 21:53:44,171 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2023-11-06 21:53:44,171 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2023-11-06 21:53:44,171 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2023-11-06 21:53:44,172 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2023-11-06 21:53:44,172 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2023-11-06 21:53:44,341 INFO L236 CfgBuilder]: Building ICFG [2023-11-06 21:53:44,350 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2023-11-06 21:53:44,725 INFO L277 CfgBuilder]: Performing block encoding [2023-11-06 21:53:44,735 INFO L297 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2023-11-06 21:53:44,736 INFO L302 CfgBuilder]: Removed 2 assume(true) statements. [2023-11-06 21:53:44,739 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 09:53:44 BoogieIcfgContainer [2023-11-06 21:53:44,739 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2023-11-06 21:53:44,742 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2023-11-06 21:53:44,742 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2023-11-06 21:53:44,747 INFO L274 PluginConnector]: TraceAbstraction initialized [2023-11-06 21:53:44,747 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 06.11 09:53:43" (1/3) ... [2023-11-06 21:53:44,748 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@14ed347d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 09:53:44, skipping insertion in model container [2023-11-06 21:53:44,749 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 09:53:43" (2/3) ... [2023-11-06 21:53:44,749 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@14ed347d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 09:53:44, skipping insertion in model container [2023-11-06 21:53:44,749 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 09:53:44" (3/3) ... [2023-11-06 21:53:44,751 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec3_product37.cil.c [2023-11-06 21:53:44,777 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2023-11-06 21:53:44,777 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2023-11-06 21:53:44,841 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2023-11-06 21:53:44,849 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@22a3ff96, mLbeIndependenceSettings=[IndependenceType=SYNTACTIC, AbstractionType=NONE, UseConditional=, UseSemiCommutativity=, Solver=, SolverTimeout=] [2023-11-06 21:53:44,849 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2023-11-06 21:53:44,854 INFO L276 IsEmpty]: Start isEmpty. Operand has 87 states, 66 states have (on average 1.393939393939394) internal successors, (92), 74 states have internal predecessors, (92), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2023-11-06 21:53:44,865 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2023-11-06 21:53:44,865 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:44,866 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:44,866 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:44,871 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:44,871 INFO L85 PathProgramCache]: Analyzing trace with hash -817040355, now seen corresponding path program 1 times [2023-11-06 21:53:44,879 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:44,880 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [732243420] [2023-11-06 21:53:44,880 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:44,880 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:45,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:45,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2023-11-06 21:53:45,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:45,116 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:45,116 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:45,117 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [732243420] [2023-11-06 21:53:45,118 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [732243420] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:45,118 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:45,118 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2023-11-06 21:53:45,120 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2060638684] [2023-11-06 21:53:45,121 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:45,125 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2023-11-06 21:53:45,125 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:45,156 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2023-11-06 21:53:45,157 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 21:53:45,160 INFO L87 Difference]: Start difference. First operand has 87 states, 66 states have (on average 1.393939393939394) internal successors, (92), 74 states have internal predecessors, (92), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 21:53:45,200 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:45,200 INFO L93 Difference]: Finished difference Result 166 states and 227 transitions. [2023-11-06 21:53:45,201 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2023-11-06 21:53:45,203 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2023-11-06 21:53:45,204 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:45,215 INFO L225 Difference]: With dead ends: 166 [2023-11-06 21:53:45,215 INFO L226 Difference]: Without dead ends: 78 [2023-11-06 21:53:45,220 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 21:53:45,224 INFO L413 NwaCegarLoop]: 110 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 110 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:45,225 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 110 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 21:53:45,245 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 78 states. [2023-11-06 21:53:45,273 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 78 to 78. [2023-11-06 21:53:45,275 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 78 states, 59 states have (on average 1.3220338983050848) internal successors, (78), 66 states have internal predecessors, (78), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2023-11-06 21:53:45,278 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 78 states to 78 states and 101 transitions. [2023-11-06 21:53:45,280 INFO L78 Accepts]: Start accepts. Automaton has 78 states and 101 transitions. Word has length 25 [2023-11-06 21:53:45,281 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:45,281 INFO L495 AbstractCegarLoop]: Abstraction has 78 states and 101 transitions. [2023-11-06 21:53:45,282 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 21:53:45,282 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 101 transitions. [2023-11-06 21:53:45,285 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2023-11-06 21:53:45,286 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:45,286 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:45,286 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2023-11-06 21:53:45,287 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:45,288 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:45,288 INFO L85 PathProgramCache]: Analyzing trace with hash -929835373, now seen corresponding path program 1 times [2023-11-06 21:53:45,288 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:45,289 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [839318910] [2023-11-06 21:53:45,289 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:45,289 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:45,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:45,433 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 21:53:45,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:45,440 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:45,440 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:45,441 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [839318910] [2023-11-06 21:53:45,441 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [839318910] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:45,441 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:45,441 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 21:53:45,441 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [498643243] [2023-11-06 21:53:45,442 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:45,443 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 21:53:45,443 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:45,444 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 21:53:45,444 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 21:53:45,445 INFO L87 Difference]: Start difference. First operand 78 states and 101 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 21:53:45,466 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:45,466 INFO L93 Difference]: Finished difference Result 122 states and 158 transitions. [2023-11-06 21:53:45,467 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 21:53:45,467 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2023-11-06 21:53:45,467 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:45,469 INFO L225 Difference]: With dead ends: 122 [2023-11-06 21:53:45,469 INFO L226 Difference]: Without dead ends: 69 [2023-11-06 21:53:45,470 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 21:53:45,472 INFO L413 NwaCegarLoop]: 88 mSDtfsCounter, 12 mSDsluCounter, 72 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 160 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:45,473 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [15 Valid, 160 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 21:53:45,474 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 69 states. [2023-11-06 21:53:45,490 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 69 to 69. [2023-11-06 21:53:45,490 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 69 states, 53 states have (on average 1.3396226415094339) internal successors, (71), 60 states have internal predecessors, (71), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2023-11-06 21:53:45,493 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 69 states to 69 states and 89 transitions. [2023-11-06 21:53:45,493 INFO L78 Accepts]: Start accepts. Automaton has 69 states and 89 transitions. Word has length 26 [2023-11-06 21:53:45,493 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:45,494 INFO L495 AbstractCegarLoop]: Abstraction has 69 states and 89 transitions. [2023-11-06 21:53:45,495 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 21:53:45,495 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 89 transitions. [2023-11-06 21:53:45,497 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2023-11-06 21:53:45,498 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:45,498 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:45,498 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2023-11-06 21:53:45,499 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:45,499 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:45,500 INFO L85 PathProgramCache]: Analyzing trace with hash 1035191503, now seen corresponding path program 1 times [2023-11-06 21:53:45,500 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:45,501 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1530309530] [2023-11-06 21:53:45,501 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:45,501 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:45,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:45,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 21:53:45,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:45,850 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:45,855 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:45,855 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1530309530] [2023-11-06 21:53:45,856 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1530309530] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:45,856 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:45,856 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 21:53:45,856 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2056851050] [2023-11-06 21:53:45,858 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:45,859 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 21:53:45,859 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:45,860 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 21:53:45,861 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2023-11-06 21:53:45,862 INFO L87 Difference]: Start difference. First operand 69 states and 89 transitions. Second operand has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 21:53:46,027 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:46,027 INFO L93 Difference]: Finished difference Result 131 states and 172 transitions. [2023-11-06 21:53:46,028 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2023-11-06 21:53:46,028 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2023-11-06 21:53:46,029 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:46,030 INFO L225 Difference]: With dead ends: 131 [2023-11-06 21:53:46,031 INFO L226 Difference]: Without dead ends: 69 [2023-11-06 21:53:46,032 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2023-11-06 21:53:46,033 INFO L413 NwaCegarLoop]: 82 mSDtfsCounter, 169 mSDsluCounter, 102 mSDsCounter, 0 mSdLazyCounter, 41 mSolverCounterSat, 26 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 169 SdHoareTripleChecker+Valid, 184 SdHoareTripleChecker+Invalid, 67 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 26 IncrementalHoareTripleChecker+Valid, 41 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:46,034 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [169 Valid, 184 Invalid, 67 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [26 Valid, 41 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 21:53:46,035 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 69 states. [2023-11-06 21:53:46,047 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 69 to 69. [2023-11-06 21:53:46,047 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 69 states, 53 states have (on average 1.320754716981132) internal successors, (70), 60 states have internal predecessors, (70), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2023-11-06 21:53:46,049 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 69 states to 69 states and 88 transitions. [2023-11-06 21:53:46,049 INFO L78 Accepts]: Start accepts. Automaton has 69 states and 88 transitions. Word has length 30 [2023-11-06 21:53:46,050 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:46,050 INFO L495 AbstractCegarLoop]: Abstraction has 69 states and 88 transitions. [2023-11-06 21:53:46,050 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 21:53:46,051 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 88 transitions. [2023-11-06 21:53:46,052 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2023-11-06 21:53:46,053 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:46,053 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:46,053 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2023-11-06 21:53:46,054 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:46,054 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:46,055 INFO L85 PathProgramCache]: Analyzing trace with hash -2104271006, now seen corresponding path program 1 times [2023-11-06 21:53:46,055 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:46,055 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2084293811] [2023-11-06 21:53:46,056 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:46,056 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:46,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:46,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 21:53:46,200 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:46,242 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 21:53:46,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:46,255 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2023-11-06 21:53:46,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:46,262 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:46,262 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:46,263 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2084293811] [2023-11-06 21:53:46,263 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2084293811] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:46,265 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:46,265 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 21:53:46,265 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2082874337] [2023-11-06 21:53:46,266 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:46,268 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 21:53:46,268 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:46,269 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 21:53:46,269 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 21:53:46,270 INFO L87 Difference]: Start difference. First operand 69 states and 88 transitions. Second operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 5 states have internal predecessors, (33), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2023-11-06 21:53:46,555 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:46,555 INFO L93 Difference]: Finished difference Result 208 states and 266 transitions. [2023-11-06 21:53:46,556 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 21:53:46,556 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 5 states have internal predecessors, (33), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 40 [2023-11-06 21:53:46,556 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:46,559 INFO L225 Difference]: With dead ends: 208 [2023-11-06 21:53:46,559 INFO L226 Difference]: Without dead ends: 146 [2023-11-06 21:53:46,561 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2023-11-06 21:53:46,563 INFO L413 NwaCegarLoop]: 115 mSDtfsCounter, 182 mSDsluCounter, 169 mSDsCounter, 0 mSdLazyCounter, 107 mSolverCounterSat, 45 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 184 SdHoareTripleChecker+Valid, 284 SdHoareTripleChecker+Invalid, 152 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 45 IncrementalHoareTripleChecker+Valid, 107 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:46,564 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [184 Valid, 284 Invalid, 152 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [45 Valid, 107 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 21:53:46,565 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 146 states. [2023-11-06 21:53:46,591 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 146 to 140. [2023-11-06 21:53:46,592 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 140 states, 108 states have (on average 1.2777777777777777) internal successors, (138), 115 states have internal predecessors, (138), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2023-11-06 21:53:46,595 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 140 states to 140 states and 173 transitions. [2023-11-06 21:53:46,595 INFO L78 Accepts]: Start accepts. Automaton has 140 states and 173 transitions. Word has length 40 [2023-11-06 21:53:46,596 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:46,596 INFO L495 AbstractCegarLoop]: Abstraction has 140 states and 173 transitions. [2023-11-06 21:53:46,596 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 5 states have internal predecessors, (33), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2023-11-06 21:53:46,597 INFO L276 IsEmpty]: Start isEmpty. Operand 140 states and 173 transitions. [2023-11-06 21:53:46,598 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2023-11-06 21:53:46,599 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:46,599 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:46,599 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2023-11-06 21:53:46,600 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:46,600 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:46,600 INFO L85 PathProgramCache]: Analyzing trace with hash 1015544271, now seen corresponding path program 1 times [2023-11-06 21:53:46,601 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:46,601 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1308465081] [2023-11-06 21:53:46,601 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:46,601 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:46,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:46,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 21:53:46,795 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:46,830 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2023-11-06 21:53:46,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:46,835 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:46,836 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:46,837 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1308465081] [2023-11-06 21:53:46,837 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1308465081] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:46,837 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:46,838 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 21:53:46,839 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1219738277] [2023-11-06 21:53:46,840 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:46,840 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 21:53:46,841 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:46,841 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 21:53:46,842 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 21:53:46,842 INFO L87 Difference]: Start difference. First operand 140 states and 173 transitions. Second operand has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 21:53:47,187 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:47,188 INFO L93 Difference]: Finished difference Result 378 states and 489 transitions. [2023-11-06 21:53:47,189 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2023-11-06 21:53:47,190 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 44 [2023-11-06 21:53:47,191 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:47,200 INFO L225 Difference]: With dead ends: 378 [2023-11-06 21:53:47,200 INFO L226 Difference]: Without dead ends: 245 [2023-11-06 21:53:47,204 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 8 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=35, Invalid=75, Unknown=0, NotChecked=0, Total=110 [2023-11-06 21:53:47,210 INFO L413 NwaCegarLoop]: 91 mSDtfsCounter, 143 mSDsluCounter, 265 mSDsCounter, 0 mSdLazyCounter, 145 mSolverCounterSat, 31 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 149 SdHoareTripleChecker+Valid, 356 SdHoareTripleChecker+Invalid, 176 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 145 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:47,211 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [149 Valid, 356 Invalid, 176 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 145 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 21:53:47,214 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 245 states. [2023-11-06 21:53:47,267 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 245 to 226. [2023-11-06 21:53:47,268 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 226 states, 175 states have (on average 1.28) internal successors, (224), 184 states have internal predecessors, (224), 25 states have call successors, (25), 23 states have call predecessors, (25), 25 states have return successors, (35), 25 states have call predecessors, (35), 25 states have call successors, (35) [2023-11-06 21:53:47,271 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 226 states to 226 states and 284 transitions. [2023-11-06 21:53:47,272 INFO L78 Accepts]: Start accepts. Automaton has 226 states and 284 transitions. Word has length 44 [2023-11-06 21:53:47,272 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:47,272 INFO L495 AbstractCegarLoop]: Abstraction has 226 states and 284 transitions. [2023-11-06 21:53:47,273 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 21:53:47,273 INFO L276 IsEmpty]: Start isEmpty. Operand 226 states and 284 transitions. [2023-11-06 21:53:47,275 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2023-11-06 21:53:47,276 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:47,276 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:47,276 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2023-11-06 21:53:47,277 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:47,277 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:47,278 INFO L85 PathProgramCache]: Analyzing trace with hash 796689553, now seen corresponding path program 1 times [2023-11-06 21:53:47,278 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:47,278 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [595098025] [2023-11-06 21:53:47,278 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:47,279 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:47,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:47,362 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 21:53:47,366 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:47,398 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2023-11-06 21:53:47,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:47,401 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:47,402 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:47,402 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [595098025] [2023-11-06 21:53:47,402 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [595098025] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:47,402 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:47,402 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 21:53:47,403 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1043909073] [2023-11-06 21:53:47,403 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:47,403 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 21:53:47,404 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:47,404 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 21:53:47,404 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 21:53:47,405 INFO L87 Difference]: Start difference. First operand 226 states and 284 transitions. Second operand has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 21:53:47,602 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:47,602 INFO L93 Difference]: Finished difference Result 459 states and 584 transitions. [2023-11-06 21:53:47,603 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 21:53:47,603 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 44 [2023-11-06 21:53:47,605 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:47,613 INFO L225 Difference]: With dead ends: 459 [2023-11-06 21:53:47,613 INFO L226 Difference]: Without dead ends: 240 [2023-11-06 21:53:47,614 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2023-11-06 21:53:47,622 INFO L413 NwaCegarLoop]: 83 mSDtfsCounter, 56 mSDsluCounter, 271 mSDsCounter, 0 mSdLazyCounter, 124 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 59 SdHoareTripleChecker+Valid, 354 SdHoareTripleChecker+Invalid, 139 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 124 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:47,625 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [59 Valid, 354 Invalid, 139 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 124 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 21:53:47,627 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 240 states. [2023-11-06 21:53:47,671 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 240 to 232. [2023-11-06 21:53:47,674 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 232 states, 181 states have (on average 1.270718232044199) internal successors, (230), 190 states have internal predecessors, (230), 25 states have call successors, (25), 23 states have call predecessors, (25), 25 states have return successors, (35), 25 states have call predecessors, (35), 25 states have call successors, (35) [2023-11-06 21:53:47,677 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 232 states to 232 states and 290 transitions. [2023-11-06 21:53:47,678 INFO L78 Accepts]: Start accepts. Automaton has 232 states and 290 transitions. Word has length 44 [2023-11-06 21:53:47,678 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:47,678 INFO L495 AbstractCegarLoop]: Abstraction has 232 states and 290 transitions. [2023-11-06 21:53:47,678 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 21:53:47,679 INFO L276 IsEmpty]: Start isEmpty. Operand 232 states and 290 transitions. [2023-11-06 21:53:47,686 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2023-11-06 21:53:47,687 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:47,687 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:47,687 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2023-11-06 21:53:47,688 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:47,688 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:47,688 INFO L85 PathProgramCache]: Analyzing trace with hash -20958897, now seen corresponding path program 1 times [2023-11-06 21:53:47,689 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:47,689 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [104441549] [2023-11-06 21:53:47,689 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:47,689 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:47,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:47,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 21:53:47,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:47,846 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2023-11-06 21:53:47,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:47,855 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:47,855 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:47,856 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [104441549] [2023-11-06 21:53:47,856 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [104441549] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:47,857 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:47,857 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 21:53:47,857 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2006164592] [2023-11-06 21:53:47,857 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:47,858 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 21:53:47,858 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:47,859 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 21:53:47,859 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 21:53:47,859 INFO L87 Difference]: Start difference. First operand 232 states and 290 transitions. Second operand has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 21:53:48,106 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:48,107 INFO L93 Difference]: Finished difference Result 423 states and 534 transitions. [2023-11-06 21:53:48,107 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 21:53:48,108 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 44 [2023-11-06 21:53:48,108 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:48,110 INFO L225 Difference]: With dead ends: 423 [2023-11-06 21:53:48,110 INFO L226 Difference]: Without dead ends: 198 [2023-11-06 21:53:48,111 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=25, Invalid=65, Unknown=0, NotChecked=0, Total=90 [2023-11-06 21:53:48,115 INFO L413 NwaCegarLoop]: 62 mSDtfsCounter, 90 mSDsluCounter, 238 mSDsCounter, 0 mSdLazyCounter, 143 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 94 SdHoareTripleChecker+Valid, 300 SdHoareTripleChecker+Invalid, 166 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 143 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:48,115 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [94 Valid, 300 Invalid, 166 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 143 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 21:53:48,117 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 198 states. [2023-11-06 21:53:48,147 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 198 to 193. [2023-11-06 21:53:48,148 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 193 states, 150 states have (on average 1.2466666666666666) internal successors, (187), 158 states have internal predecessors, (187), 21 states have call successors, (21), 19 states have call predecessors, (21), 21 states have return successors, (26), 21 states have call predecessors, (26), 21 states have call successors, (26) [2023-11-06 21:53:48,150 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 193 states to 193 states and 234 transitions. [2023-11-06 21:53:48,151 INFO L78 Accepts]: Start accepts. Automaton has 193 states and 234 transitions. Word has length 44 [2023-11-06 21:53:48,151 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:48,151 INFO L495 AbstractCegarLoop]: Abstraction has 193 states and 234 transitions. [2023-11-06 21:53:48,152 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 21:53:48,152 INFO L276 IsEmpty]: Start isEmpty. Operand 193 states and 234 transitions. [2023-11-06 21:53:48,153 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 47 [2023-11-06 21:53:48,154 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:48,154 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:48,154 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2023-11-06 21:53:48,155 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:48,155 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:48,155 INFO L85 PathProgramCache]: Analyzing trace with hash -766382886, now seen corresponding path program 1 times [2023-11-06 21:53:48,155 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:48,156 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [799483796] [2023-11-06 21:53:48,156 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:48,156 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:48,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,287 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 21:53:48,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 21:53:48,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2023-11-06 21:53:48,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,301 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:48,301 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:48,302 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [799483796] [2023-11-06 21:53:48,302 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [799483796] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:48,302 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:48,302 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 21:53:48,303 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1918227494] [2023-11-06 21:53:48,303 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:48,303 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 21:53:48,303 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:48,304 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 21:53:48,304 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 21:53:48,305 INFO L87 Difference]: Start difference. First operand 193 states and 234 transitions. Second operand has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 21:53:48,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:48,541 INFO L93 Difference]: Finished difference Result 382 states and 463 transitions. [2023-11-06 21:53:48,541 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 21:53:48,542 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 46 [2023-11-06 21:53:48,542 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:48,544 INFO L225 Difference]: With dead ends: 382 [2023-11-06 21:53:48,545 INFO L226 Difference]: Without dead ends: 196 [2023-11-06 21:53:48,546 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2023-11-06 21:53:48,548 INFO L413 NwaCegarLoop]: 70 mSDtfsCounter, 107 mSDsluCounter, 236 mSDsCounter, 0 mSdLazyCounter, 130 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 112 SdHoareTripleChecker+Valid, 306 SdHoareTripleChecker+Invalid, 154 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 130 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:48,550 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [112 Valid, 306 Invalid, 154 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 130 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 21:53:48,552 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 196 states. [2023-11-06 21:53:48,575 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 196 to 191. [2023-11-06 21:53:48,577 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 191 states, 148 states have (on average 1.2364864864864864) internal successors, (183), 156 states have internal predecessors, (183), 21 states have call successors, (21), 19 states have call predecessors, (21), 21 states have return successors, (26), 21 states have call predecessors, (26), 21 states have call successors, (26) [2023-11-06 21:53:48,579 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 191 states to 191 states and 230 transitions. [2023-11-06 21:53:48,580 INFO L78 Accepts]: Start accepts. Automaton has 191 states and 230 transitions. Word has length 46 [2023-11-06 21:53:48,581 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:48,582 INFO L495 AbstractCegarLoop]: Abstraction has 191 states and 230 transitions. [2023-11-06 21:53:48,582 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 21:53:48,582 INFO L276 IsEmpty]: Start isEmpty. Operand 191 states and 230 transitions. [2023-11-06 21:53:48,583 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2023-11-06 21:53:48,583 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:48,583 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:48,584 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2023-11-06 21:53:48,584 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:48,585 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:48,585 INFO L85 PathProgramCache]: Analyzing trace with hash 390915315, now seen corresponding path program 1 times [2023-11-06 21:53:48,585 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:48,585 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1513113099] [2023-11-06 21:53:48,585 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:48,586 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:48,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 21:53:48,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 21:53:48,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,741 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2023-11-06 21:53:48,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:48,747 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:48,747 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:48,747 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1513113099] [2023-11-06 21:53:48,747 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1513113099] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:48,748 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:48,748 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2023-11-06 21:53:48,748 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [462387452] [2023-11-06 21:53:48,748 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:48,749 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2023-11-06 21:53:48,749 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:48,750 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2023-11-06 21:53:48,750 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2023-11-06 21:53:48,751 INFO L87 Difference]: Start difference. First operand 191 states and 230 transitions. Second operand has 10 states, 10 states have (on average 4.1) internal successors, (41), 8 states have internal predecessors, (41), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 21:53:49,391 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:49,392 INFO L93 Difference]: Finished difference Result 382 states and 462 transitions. [2023-11-06 21:53:49,392 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2023-11-06 21:53:49,392 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.1) internal successors, (41), 8 states have internal predecessors, (41), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 48 [2023-11-06 21:53:49,393 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:49,394 INFO L225 Difference]: With dead ends: 382 [2023-11-06 21:53:49,395 INFO L226 Difference]: Without dead ends: 244 [2023-11-06 21:53:49,396 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 34 GetRequests, 12 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 72 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=128, Invalid=424, Unknown=0, NotChecked=0, Total=552 [2023-11-06 21:53:49,397 INFO L413 NwaCegarLoop]: 101 mSDtfsCounter, 299 mSDsluCounter, 445 mSDsCounter, 0 mSdLazyCounter, 459 mSolverCounterSat, 96 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 300 SdHoareTripleChecker+Valid, 546 SdHoareTripleChecker+Invalid, 555 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 96 IncrementalHoareTripleChecker+Valid, 459 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:49,397 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [300 Valid, 546 Invalid, 555 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [96 Valid, 459 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2023-11-06 21:53:49,398 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 244 states. [2023-11-06 21:53:49,424 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 244 to 193. [2023-11-06 21:53:49,425 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 193 states, 149 states have (on average 1.2147651006711409) internal successors, (181), 158 states have internal predecessors, (181), 21 states have call successors, (21), 19 states have call predecessors, (21), 22 states have return successors, (25), 21 states have call predecessors, (25), 21 states have call successors, (25) [2023-11-06 21:53:49,427 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 193 states to 193 states and 227 transitions. [2023-11-06 21:53:49,427 INFO L78 Accepts]: Start accepts. Automaton has 193 states and 227 transitions. Word has length 48 [2023-11-06 21:53:49,427 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:49,427 INFO L495 AbstractCegarLoop]: Abstraction has 193 states and 227 transitions. [2023-11-06 21:53:49,428 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.1) internal successors, (41), 8 states have internal predecessors, (41), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 21:53:49,428 INFO L276 IsEmpty]: Start isEmpty. Operand 193 states and 227 transitions. [2023-11-06 21:53:49,429 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2023-11-06 21:53:49,429 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:49,429 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:49,430 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2023-11-06 21:53:49,430 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:49,430 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:49,430 INFO L85 PathProgramCache]: Analyzing trace with hash 126598332, now seen corresponding path program 1 times [2023-11-06 21:53:49,431 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:49,431 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [699333868] [2023-11-06 21:53:49,431 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:49,431 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:49,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:49,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 21:53:49,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:49,494 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 21:53:49,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:49,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 21:53:49,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:49,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2023-11-06 21:53:49,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:49,536 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:49,536 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:49,536 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [699333868] [2023-11-06 21:53:49,537 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [699333868] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:49,537 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:49,537 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 21:53:49,537 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1238725778] [2023-11-06 21:53:49,537 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:49,538 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 21:53:49,538 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:49,539 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 21:53:49,539 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 21:53:49,539 INFO L87 Difference]: Start difference. First operand 193 states and 227 transitions. Second operand has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 21:53:49,827 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:49,828 INFO L93 Difference]: Finished difference Result 372 states and 443 transitions. [2023-11-06 21:53:49,828 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2023-11-06 21:53:49,828 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 50 [2023-11-06 21:53:49,829 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:49,831 INFO L225 Difference]: With dead ends: 372 [2023-11-06 21:53:49,831 INFO L226 Difference]: Without dead ends: 232 [2023-11-06 21:53:49,832 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=42, Invalid=90, Unknown=0, NotChecked=0, Total=132 [2023-11-06 21:53:49,833 INFO L413 NwaCegarLoop]: 53 mSDtfsCounter, 132 mSDsluCounter, 222 mSDsCounter, 0 mSdLazyCounter, 205 mSolverCounterSat, 37 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 135 SdHoareTripleChecker+Valid, 275 SdHoareTripleChecker+Invalid, 242 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 37 IncrementalHoareTripleChecker+Valid, 205 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:49,833 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [135 Valid, 275 Invalid, 242 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [37 Valid, 205 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 21:53:49,834 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 232 states. [2023-11-06 21:53:49,858 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 232 to 193. [2023-11-06 21:53:49,858 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 193 states, 149 states have (on average 1.2080536912751678) internal successors, (180), 158 states have internal predecessors, (180), 21 states have call successors, (21), 19 states have call predecessors, (21), 22 states have return successors, (25), 21 states have call predecessors, (25), 21 states have call successors, (25) [2023-11-06 21:53:49,860 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 193 states to 193 states and 226 transitions. [2023-11-06 21:53:49,860 INFO L78 Accepts]: Start accepts. Automaton has 193 states and 226 transitions. Word has length 50 [2023-11-06 21:53:49,861 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:49,861 INFO L495 AbstractCegarLoop]: Abstraction has 193 states and 226 transitions. [2023-11-06 21:53:49,861 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 21:53:49,861 INFO L276 IsEmpty]: Start isEmpty. Operand 193 states and 226 transitions. [2023-11-06 21:53:49,862 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2023-11-06 21:53:49,862 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:49,863 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:49,863 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2023-11-06 21:53:49,863 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:49,863 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:49,864 INFO L85 PathProgramCache]: Analyzing trace with hash 41757120, now seen corresponding path program 1 times [2023-11-06 21:53:49,864 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:49,864 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [865837750] [2023-11-06 21:53:49,864 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:49,865 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:49,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:49,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 21:53:49,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:49,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 21:53:50,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 21:53:50,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2023-11-06 21:53:50,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,014 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 21:53:50,015 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:50,015 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [865837750] [2023-11-06 21:53:50,015 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [865837750] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 21:53:50,015 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 21:53:50,015 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 21:53:50,016 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [480031139] [2023-11-06 21:53:50,016 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 21:53:50,016 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 21:53:50,016 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:50,017 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 21:53:50,017 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 21:53:50,017 INFO L87 Difference]: Start difference. First operand 193 states and 226 transitions. Second operand has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 21:53:50,464 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:50,464 INFO L93 Difference]: Finished difference Result 463 states and 569 transitions. [2023-11-06 21:53:50,465 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2023-11-06 21:53:50,465 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 50 [2023-11-06 21:53:50,465 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:50,468 INFO L225 Difference]: With dead ends: 463 [2023-11-06 21:53:50,469 INFO L226 Difference]: Without dead ends: 323 [2023-11-06 21:53:50,470 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 12 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 61 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=106, Invalid=236, Unknown=0, NotChecked=0, Total=342 [2023-11-06 21:53:50,470 INFO L413 NwaCegarLoop]: 51 mSDtfsCounter, 234 mSDsluCounter, 256 mSDsCounter, 0 mSdLazyCounter, 245 mSolverCounterSat, 71 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 238 SdHoareTripleChecker+Valid, 307 SdHoareTripleChecker+Invalid, 316 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 71 IncrementalHoareTripleChecker+Valid, 245 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:50,471 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [238 Valid, 307 Invalid, 316 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [71 Valid, 245 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2023-11-06 21:53:50,472 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 323 states. [2023-11-06 21:53:50,515 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 323 to 303. [2023-11-06 21:53:50,516 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 303 states, 233 states have (on average 1.1974248927038627) internal successors, (279), 247 states have internal predecessors, (279), 36 states have call successors, (36), 29 states have call predecessors, (36), 33 states have return successors, (46), 34 states have call predecessors, (46), 36 states have call successors, (46) [2023-11-06 21:53:50,518 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 303 states to 303 states and 361 transitions. [2023-11-06 21:53:50,519 INFO L78 Accepts]: Start accepts. Automaton has 303 states and 361 transitions. Word has length 50 [2023-11-06 21:53:50,520 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:50,520 INFO L495 AbstractCegarLoop]: Abstraction has 303 states and 361 transitions. [2023-11-06 21:53:50,521 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 21:53:50,521 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 361 transitions. [2023-11-06 21:53:50,522 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 82 [2023-11-06 21:53:50,523 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 21:53:50,523 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:50,523 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2023-11-06 21:53:50,523 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 21:53:50,524 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 21:53:50,524 INFO L85 PathProgramCache]: Analyzing trace with hash -365727847, now seen corresponding path program 1 times [2023-11-06 21:53:50,524 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 21:53:50,524 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [464332653] [2023-11-06 21:53:50,524 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:50,525 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 21:53:50,542 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 21:53:50,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 21:53:50,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,756 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2023-11-06 21:53:50,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2023-11-06 21:53:50,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,794 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2023-11-06 21:53:50,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2023-11-06 21:53:50,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,810 INFO L134 CoverageAnalysis]: Checked inductivity of 26 backedges. 16 proven. 5 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2023-11-06 21:53:50,810 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 21:53:50,810 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [464332653] [2023-11-06 21:53:50,810 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [464332653] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 21:53:50,811 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1355837287] [2023-11-06 21:53:50,811 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 21:53:50,811 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 21:53:50,811 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 21:53:50,815 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 21:53:50,819 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2023-11-06 21:53:50,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 21:53:50,935 INFO L262 TraceCheckSpWp]: Trace formula consists of 291 conjuncts, 13 conjunts are in the unsatisfiable core [2023-11-06 21:53:50,963 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 21:53:51,287 INFO L134 CoverageAnalysis]: Checked inductivity of 26 backedges. 6 proven. 12 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2023-11-06 21:53:51,287 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 21:53:51,721 INFO L134 CoverageAnalysis]: Checked inductivity of 26 backedges. 8 proven. 4 refuted. 0 times theorem prover too weak. 14 trivial. 0 not checked. [2023-11-06 21:53:51,721 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1355837287] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 21:53:51,721 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 21:53:51,722 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 8, 9] total 20 [2023-11-06 21:53:51,722 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1076976318] [2023-11-06 21:53:51,722 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 21:53:51,723 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 20 states [2023-11-06 21:53:51,723 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 21:53:51,724 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 20 interpolants. [2023-11-06 21:53:51,724 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=64, Invalid=316, Unknown=0, NotChecked=0, Total=380 [2023-11-06 21:53:51,725 INFO L87 Difference]: Start difference. First operand 303 states and 361 transitions. Second operand has 20 states, 20 states have (on average 6.25) internal successors, (125), 14 states have internal predecessors, (125), 6 states have call successors, (20), 10 states have call predecessors, (20), 8 states have return successors, (18), 8 states have call predecessors, (18), 6 states have call successors, (18) [2023-11-06 21:53:53,445 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 21:53:53,445 INFO L93 Difference]: Finished difference Result 929 states and 1198 transitions. [2023-11-06 21:53:53,445 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 56 states. [2023-11-06 21:53:53,445 INFO L78 Accepts]: Start accepts. Automaton has has 20 states, 20 states have (on average 6.25) internal successors, (125), 14 states have internal predecessors, (125), 6 states have call successors, (20), 10 states have call predecessors, (20), 8 states have return successors, (18), 8 states have call predecessors, (18), 6 states have call successors, (18) Word has length 81 [2023-11-06 21:53:53,446 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 21:53:53,447 INFO L225 Difference]: With dead ends: 929 [2023-11-06 21:53:53,447 INFO L226 Difference]: Without dead ends: 0 [2023-11-06 21:53:53,452 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 246 GetRequests, 169 SyntacticMatches, 7 SemanticMatches, 70 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1422 ImplicationChecksByTransitivity, 1.2s TimeCoverageRelationStatistics Valid=1113, Invalid=3999, Unknown=0, NotChecked=0, Total=5112 [2023-11-06 21:53:53,453 INFO L413 NwaCegarLoop]: 64 mSDtfsCounter, 436 mSDsluCounter, 608 mSDsCounter, 0 mSdLazyCounter, 829 mSolverCounterSat, 181 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 438 SdHoareTripleChecker+Valid, 672 SdHoareTripleChecker+Invalid, 1010 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 181 IncrementalHoareTripleChecker+Valid, 829 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2023-11-06 21:53:53,453 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [438 Valid, 672 Invalid, 1010 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [181 Valid, 829 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2023-11-06 21:53:53,454 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2023-11-06 21:53:53,454 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2023-11-06 21:53:53,454 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2023-11-06 21:53:53,455 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2023-11-06 21:53:53,456 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 81 [2023-11-06 21:53:53,456 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 21:53:53,456 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2023-11-06 21:53:53,457 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 20 states, 20 states have (on average 6.25) internal successors, (125), 14 states have internal predecessors, (125), 6 states have call successors, (20), 10 states have call predecessors, (20), 8 states have return successors, (18), 8 states have call predecessors, (18), 6 states have call successors, (18) [2023-11-06 21:53:53,457 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2023-11-06 21:53:53,457 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2023-11-06 21:53:53,460 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2023-11-06 21:53:53,478 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2023-11-06 21:53:53,666 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2023-11-06 21:53:53,668 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2023-11-06 21:53:58,698 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 555 561) no Hoare annotation was computed. [2023-11-06 21:53:58,699 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 555 561) the Hoare annotation is: true [2023-11-06 21:53:58,699 INFO L899 garLoopResultBuilder]: For program point L802-1(lines 798 809) no Hoare annotation was computed. [2023-11-06 21:53:58,699 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 798 809) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~methaneLevelCritical~0)| 0)) (.cse3 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 (< ~pumpRunning~0 1) .cse1 .cse2 .cse3) (or .cse0 (not (= ~pumpRunning~0 0)) .cse1 .cse2 .cse3))) [2023-11-06 21:53:58,699 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 798 809) no Hoare annotation was computed. [2023-11-06 21:53:58,700 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 810 818) the Hoare annotation is: true [2023-11-06 21:53:58,700 INFO L899 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 810 818) no Hoare annotation was computed. [2023-11-06 21:53:58,700 INFO L899 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 810 818) no Hoare annotation was computed. [2023-11-06 21:53:58,700 INFO L899 garLoopResultBuilder]: For program point L894(lines 894 900) no Hoare annotation was computed. [2023-11-06 21:53:58,700 INFO L899 garLoopResultBuilder]: For program point L890(lines 890 903) no Hoare annotation was computed. [2023-11-06 21:53:58,701 INFO L895 garLoopResultBuilder]: At program point L890-1(lines 875 907) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0))) (let ((.cse20 (not .cse1)) (.cse22 (= |timeShift___utac_acc__Specification3_spec__1_~tmp~8#1| 0))) (let ((.cse10 (<= 1 ~pumpRunning~0)) (.cse14 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse17 (<= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse4 (not .cse22)) (.cse15 (<= |timeShift___utac_acc__Specification3_spec__1_~tmp___0~2#1| 1)) (.cse12 (or .cse22 .cse20)) (.cse18 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse19 (= ~pumpRunning~0 0)) (.cse16 (<= ~waterLevel~0 1)) (.cse11 (= 1 ~systemActive~0)) (.cse13 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse21 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not .cse21)) (.cse5 (and .cse19 .cse16 .cse11 .cse21 .cse20 .cse13)) (.cse6 (and .cse19 .cse15 .cse16 .cse11 .cse21 .cse12 .cse13 .cse18)) (.cse2 (not .cse11)) (.cse7 (< |old(~pumpRunning~0)| 1)) (.cse3 (< 2 |old(~waterLevel~0)|)) (.cse8 (and .cse19 .cse16 .cse11 .cse20 .cse17 .cse4)) (.cse9 (and .cse10 .cse14 .cse16 .cse11 .cse20 .cse17 .cse4))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse2 .cse5 .cse6) (or .cse1 .cse2 .cse7 .cse3 .cse8 .cse9) (or .cse0 .cse2 (and .cse10 .cse11 .cse12 .cse13) .cse5 .cse3 .cse6) (or (and .cse14 .cse15 .cse16 .cse12 .cse17 .cse18) .cse2 (and .cse19 .cse15 .cse16 .cse11 .cse12 .cse17 .cse18) .cse7 .cse3 .cse8 .cse9)))))) [2023-11-06 21:53:58,701 INFO L899 garLoopResultBuilder]: For program point L535-1(lines 534 553) no Hoare annotation was computed. [2023-11-06 21:53:58,701 INFO L899 garLoopResultBuilder]: For program point L597(lines 597 605) no Hoare annotation was computed. [2023-11-06 21:53:58,702 INFO L895 garLoopResultBuilder]: At program point L882(line 882) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 0)) (.cse5 (<= ~waterLevel~0 1)) (.cse8 (= 1 ~systemActive~0)) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not .cse9)) (.cse2 (and .cse7 .cse5 .cse8 .cse9 .cse3)) (.cse1 (not .cse8)) (.cse4 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 .cse1 .cse2 (and (<= 1 ~pumpRunning~0) .cse3) .cse4) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1 .cse2) (let ((.cse6 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or .cse1 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse5 .cse6) (and .cse7 .cse5 .cse6) (< |old(~pumpRunning~0)| 1) .cse4))))) [2023-11-06 21:53:58,702 INFO L899 garLoopResultBuilder]: For program point L593(lines 593 610) no Hoare annotation was computed. [2023-11-06 21:53:58,702 INFO L899 garLoopResultBuilder]: For program point L882-1(line 882) no Hoare annotation was computed. [2023-11-06 21:53:58,702 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 531 554) no Hoare annotation was computed. [2023-11-06 21:53:58,702 INFO L899 garLoopResultBuilder]: For program point L870(line 870) no Hoare annotation was computed. [2023-11-06 21:53:58,703 INFO L895 garLoopResultBuilder]: At program point L635(line 635) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|)) (< |old(~pumpRunning~0)| 1) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2023-11-06 21:53:58,703 INFO L899 garLoopResultBuilder]: For program point L635-1(line 635) no Hoare annotation was computed. [2023-11-06 21:53:58,703 INFO L895 garLoopResultBuilder]: At program point getWaterLevel_returnLabel#1(lines 842 850) the Hoare annotation is: (let ((.cse2 (= ~methaneLevelCritical~0 0))) (let ((.cse8 (= ~pumpRunning~0 0)) (.cse9 (<= ~waterLevel~0 1)) (.cse12 (= 1 ~systemActive~0)) (.cse6 (or (= |timeShift___utac_acc__Specification3_spec__1_~tmp~8#1| 0) (not .cse2))) (.cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse11 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse13 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not .cse13)) (.cse5 (and .cse8 .cse9 .cse12 .cse13 .cse6 .cse7 .cse11)) (.cse1 (not .cse12)) (.cse3 (< |old(~pumpRunning~0)| 1)) (.cse4 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (= |timeShift_getWaterLevel_#res#1| 1)) (or .cse2 .cse1 .cse3 .cse4) (or .cse0 .cse2 .cse1 .cse4) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1 .cse5) (or .cse0 (and (<= 1 ~pumpRunning~0) .cse6 .cse7) .cse1 .cse5 .cse4) (let ((.cse10 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or (and .cse8 .cse9 .cse6 .cse10 .cse11) (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse9 .cse6 .cse10 .cse11) .cse1 .cse3 .cse4)))))) [2023-11-06 21:53:58,704 INFO L895 garLoopResultBuilder]: At program point L603(line 603) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|)) (< |old(~pumpRunning~0)| 1) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2023-11-06 21:53:58,704 INFO L899 garLoopResultBuilder]: For program point L884(lines 884 904) no Hoare annotation was computed. [2023-11-06 21:53:58,704 INFO L895 garLoopResultBuilder]: At program point __automaton_fail_returnLabel#1(lines 866 873) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or .cse0 (< |old(~pumpRunning~0)| 1) .cse1))) [2023-11-06 21:53:58,704 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 531 554) the Hoare annotation is: (let ((.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse2 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse1) (< |old(~pumpRunning~0)| 1) .cse2) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse1) .cse0 .cse2))) [2023-11-06 21:53:58,705 INFO L895 garLoopResultBuilder]: At program point L608(line 608) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (< |old(~pumpRunning~0)| 1) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse1))) [2023-11-06 21:53:58,705 INFO L895 garLoopResultBuilder]: At program point deactivatePump_returnLabel#1(lines 622 629) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (and (= ~pumpRunning~0 0) (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|)) (< |old(~pumpRunning~0)| 1) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2023-11-06 21:53:58,705 INFO L895 garLoopResultBuilder]: At program point L608-1(lines 589 613) the Hoare annotation is: (let ((.cse7 (= ~pumpRunning~0 0)) (.cse5 (<= ~waterLevel~0 1)) (.cse8 (= 1 ~systemActive~0)) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse9 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not .cse9)) (.cse2 (and .cse7 .cse5 .cse8 .cse9 .cse3)) (.cse1 (not .cse8)) (.cse4 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 .cse1 .cse2 (and (<= 1 ~pumpRunning~0) .cse3) .cse4) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1 .cse2) (let ((.cse6 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or .cse1 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse5 .cse6) (and .cse7 .cse5 .cse6) (< |old(~pumpRunning~0)| 1) .cse4))))) [2023-11-06 21:53:58,706 INFO L899 garLoopResultBuilder]: For program point L542-1(lines 542 548) no Hoare annotation was computed. [2023-11-06 21:53:58,706 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 531 554) no Hoare annotation was computed. [2023-11-06 21:53:58,706 INFO L899 garLoopResultBuilder]: For program point L778(lines 778 782) no Hoare annotation was computed. [2023-11-06 21:53:58,706 INFO L895 garLoopResultBuilder]: At program point isMethaneAlarm_returnLabel#1(lines 630 640) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|)) (< |old(~pumpRunning~0)| 1) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2023-11-06 21:53:58,707 INFO L895 garLoopResultBuilder]: At program point isPumpRunning_returnLabel#1(lines 641 649) the Hoare annotation is: (let ((.cse2 (< 2 |old(~waterLevel~0)|)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or (and (<= 1 ~pumpRunning~0) (= |timeShift___utac_acc__Specification3_spec__1_~tmp~8#1| 0) (not (= |timeShift_isPumpRunning_#res#1| 0)) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse1 .cse2) (or .cse1 (< |old(~pumpRunning~0)| 1) .cse2) (or .cse0 (= ~methaneLevelCritical~0 0) .cse1 .cse2) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1))) [2023-11-06 21:53:58,707 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 870) no Hoare annotation was computed. [2023-11-06 21:53:58,707 INFO L895 garLoopResultBuilder]: At program point L778-2(lines 774 785) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|)) (< |old(~pumpRunning~0)| 1) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2023-11-06 21:53:58,707 INFO L902 garLoopResultBuilder]: At program point L66-1(lines 66 70) the Hoare annotation is: true [2023-11-06 21:53:58,707 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 52 81) no Hoare annotation was computed. [2023-11-06 21:53:58,708 INFO L899 garLoopResultBuilder]: For program point L63(line 63) no Hoare annotation was computed. [2023-11-06 21:53:58,708 INFO L902 garLoopResultBuilder]: At program point L62-2(lines 62 76) the Hoare annotation is: true [2023-11-06 21:53:58,708 INFO L902 garLoopResultBuilder]: At program point L58(line 58) the Hoare annotation is: true [2023-11-06 21:53:58,708 INFO L899 garLoopResultBuilder]: For program point L58-1(line 58) no Hoare annotation was computed. [2023-11-06 21:53:58,708 INFO L902 garLoopResultBuilder]: At program point L77(lines 52 81) the Hoare annotation is: true [2023-11-06 21:53:58,708 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 52 81) the Hoare annotation is: true [2023-11-06 21:53:58,709 INFO L899 garLoopResultBuilder]: For program point L73(line 73) no Hoare annotation was computed. [2023-11-06 21:53:58,709 INFO L899 garLoopResultBuilder]: For program point L66(lines 66 70) no Hoare annotation was computed. [2023-11-06 21:53:58,709 INFO L895 garLoopResultBuilder]: At program point L762(lines 715 763) the Hoare annotation is: false [2023-11-06 21:53:58,709 INFO L902 garLoopResultBuilder]: At program point runTest_returnLabel#1(lines 117 126) the Hoare annotation is: true [2023-11-06 21:53:58,709 INFO L899 garLoopResultBuilder]: For program point L717(lines 716 761) no Hoare annotation was computed. [2023-11-06 21:53:58,710 INFO L899 garLoopResultBuilder]: For program point L746(lines 746 757) no Hoare annotation was computed. [2023-11-06 21:53:58,710 INFO L895 garLoopResultBuilder]: At program point select_features_returnLabel#1(lines 920 926) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 21:53:58,710 INFO L902 garLoopResultBuilder]: At program point main_returnLabel#1(lines 130 152) the Hoare annotation is: true [2023-11-06 21:53:58,710 INFO L895 garLoopResultBuilder]: At program point L738(line 738) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse1 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2 .cse3 .cse4))) [2023-11-06 21:53:58,710 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2023-11-06 21:53:58,711 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2023-11-06 21:53:58,711 INFO L895 garLoopResultBuilder]: At program point L759(lines 716 761) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse1 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (= ~pumpRunning~0 0) .cse0 .cse1 (<= ~waterLevel~0 1) .cse2 .cse3) (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 (<= ~waterLevel~0 2)))) [2023-11-06 21:53:58,711 INFO L899 garLoopResultBuilder]: For program point L726(lines 726 732) no Hoare annotation was computed. [2023-11-06 21:53:58,711 INFO L899 garLoopResultBuilder]: For program point L726-1(lines 726 732) no Hoare annotation was computed. [2023-11-06 21:53:58,711 INFO L899 garLoopResultBuilder]: For program point L718(lines 718 722) no Hoare annotation was computed. [2023-11-06 21:53:58,712 INFO L899 garLoopResultBuilder]: For program point L140(lines 140 147) no Hoare annotation was computed. [2023-11-06 21:53:58,712 INFO L899 garLoopResultBuilder]: For program point L140-2(lines 140 147) no Hoare annotation was computed. [2023-11-06 21:53:58,719 INFO L895 garLoopResultBuilder]: At program point setup_returnLabel#1(lines 109 115) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~0#1| 1) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 21:53:58,721 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2023-11-06 21:53:58,721 INFO L899 garLoopResultBuilder]: For program point L752(lines 752 756) no Hoare annotation was computed. [2023-11-06 21:53:58,722 INFO L895 garLoopResultBuilder]: At program point L752-2(lines 746 757) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse1 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (<= ~waterLevel~0 2))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2 .cse3 .cse4))) [2023-11-06 21:53:58,722 INFO L899 garLoopResultBuilder]: For program point $Ultimate##0(line -1) no Hoare annotation was computed. [2023-11-06 21:53:58,722 INFO L895 garLoopResultBuilder]: At program point select_helpers_returnLabel#1(lines 927 933) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 21:53:58,723 INFO L899 garLoopResultBuilder]: For program point L736(lines 736 742) no Hoare annotation was computed. [2023-11-06 21:53:58,724 INFO L899 garLoopResultBuilder]: For program point L736-1(lines 736 742) no Hoare annotation was computed. [2023-11-06 21:53:58,724 INFO L902 garLoopResultBuilder]: At program point L765(lines 706 769) the Hoare annotation is: true [2023-11-06 21:53:58,724 INFO L895 garLoopResultBuilder]: At program point L728(line 728) the Hoare annotation is: (let ((.cse0 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse1 (= |ULTIMATE.start_main_~tmp~0#1| 1)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and (= ~pumpRunning~0 0) .cse0 .cse1 (<= ~waterLevel~0 1) .cse2 .cse3) (and (<= 1 ~pumpRunning~0) .cse0 .cse1 .cse2 .cse3 (<= ~waterLevel~0 2)))) [2023-11-06 21:53:58,724 INFO L895 garLoopResultBuilder]: At program point valid_product_returnLabel#1(lines 934 942) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 21:53:58,725 INFO L895 garLoopResultBuilder]: At program point activatePump_returnLabel#1(lines 614 621) the Hoare annotation is: (let ((.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (< |old(~pumpRunning~0)| 1)) (or (< 2 ~waterLevel~0) .cse2 .cse0 (and (<= 1 ~pumpRunning~0) (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1|) (<= 1 |processEnvironment__wrappee__highWaterSensor_~tmp~4#1|))) (or .cse2 .cse0 .cse1))) [2023-11-06 21:53:58,725 INFO L899 garLoopResultBuilder]: For program point L855(lines 855 861) no Hoare annotation was computed. [2023-11-06 21:53:58,725 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 563 587) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (< 1 ~waterLevel~0) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 21:53:58,726 INFO L895 garLoopResultBuilder]: At program point isHighWaterSensorDry_returnLabel#1(lines 851 864) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse5 (= 1 ~systemActive~0)) (.cse6 (= |old(~pumpRunning~0)| 0))) (let ((.cse1 (< 1 ~waterLevel~0)) (.cse2 (not .cse6)) (.cse0 (not .cse5)) (.cse3 (and (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1|) .cse4 (<= ~waterLevel~0 1) .cse5 .cse6))) (and (or .cse0 .cse1 (< |old(~pumpRunning~0)| 1)) (or .cse2 .cse0 .cse1 .cse3) (or (< 2 ~waterLevel~0) .cse2 .cse0 (and .cse4 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)) .cse3)))) [2023-11-06 21:53:58,728 INFO L895 garLoopResultBuilder]: At program point L577(line 577) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or (not (= ~waterLevel~0 1)) (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1|) .cse0 .cse1) (or (< 2 ~waterLevel~0) .cse0 .cse1 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~4#1| 0) (<= ~waterLevel~0 1))) (or .cse1 (< 1 ~waterLevel~0) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 21:53:58,728 INFO L895 garLoopResultBuilder]: At program point isHighWaterLevel_returnLabel#1(lines 686 704) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse5 (= 1 ~systemActive~0)) (.cse6 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not .cse6)) (.cse2 (and (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1|) .cse4 (<= ~waterLevel~0 1) .cse5 .cse6 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1| 0) (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~6#1|))) (.cse1 (not .cse5)) (.cse3 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or (< 2 ~waterLevel~0) .cse0 .cse1 .cse2 (and .cse4 (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1|) (<= 1 |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~0#1|))) (or .cse1 .cse3 (< |old(~pumpRunning~0)| 1))))) [2023-11-06 21:53:58,728 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 563 587) no Hoare annotation was computed. [2023-11-06 21:53:58,728 INFO L899 garLoopResultBuilder]: For program point L571(lines 571 579) no Hoare annotation was computed. [2023-11-06 21:53:58,728 INFO L899 garLoopResultBuilder]: For program point L567(lines 567 584) no Hoare annotation was computed. [2023-11-06 21:53:58,729 INFO L899 garLoopResultBuilder]: For program point L695(lines 695 699) no Hoare annotation was computed. [2023-11-06 21:53:58,729 INFO L899 garLoopResultBuilder]: For program point L695-2(lines 695 699) no Hoare annotation was computed. [2023-11-06 21:53:58,729 INFO L895 garLoopResultBuilder]: At program point L582(line 582) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (< 1 ~waterLevel~0) (< |old(~pumpRunning~0)| 1)))) [2023-11-06 21:53:58,729 INFO L899 garLoopResultBuilder]: For program point L582-1(lines 563 587) no Hoare annotation was computed. [2023-11-06 21:53:58,729 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 786 797) no Hoare annotation was computed. [2023-11-06 21:53:58,730 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 786 797) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (= |old(~waterLevel~0)| ~waterLevel~0))) (and (or (< ~pumpRunning~0 1) .cse0 .cse1 (< 2 |old(~waterLevel~0)|)) (or (< 1 |old(~waterLevel~0)|) (not (= ~pumpRunning~0 0)) .cse0 .cse1))) [2023-11-06 21:53:58,730 INFO L899 garLoopResultBuilder]: For program point L790-1(lines 786 797) no Hoare annotation was computed. [2023-11-06 21:53:58,732 INFO L445 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 21:53:58,735 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2023-11-06 21:53:58,788 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 06.11 09:53:58 BoogieIcfgContainer [2023-11-06 21:53:58,788 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2023-11-06 21:53:58,789 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2023-11-06 21:53:58,789 INFO L270 PluginConnector]: Initializing Witness Printer... [2023-11-06 21:53:58,789 INFO L274 PluginConnector]: Witness Printer initialized [2023-11-06 21:53:58,790 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 09:53:44" (3/4) ... [2023-11-06 21:53:58,792 INFO L137 WitnessPrinter]: Generating witness for correct program [2023-11-06 21:53:58,796 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2023-11-06 21:53:58,796 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2023-11-06 21:53:58,797 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2023-11-06 21:53:58,797 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2023-11-06 21:53:58,797 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2023-11-06 21:53:58,797 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 21:53:58,797 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2023-11-06 21:53:58,806 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 18 nodes and edges [2023-11-06 21:53:58,806 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2023-11-06 21:53:58,807 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2023-11-06 21:53:58,808 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 21:53:58,808 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 21:53:58,836 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 21:53:58,837 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 21:53:58,837 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0)) || ((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2))) [2023-11-06 21:53:58,838 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,839 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel))) || ((1 <= pumpRunning) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)))) && ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,840 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) || !((tmp == 0))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\old(waterLevel) == waterLevel))) || ((((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((methaneLevelCritical == 0) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0)))) || (((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) && (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((1 <= pumpRunning) && (1 == systemActive)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) || ((((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((((((((pumpRunning == \old(pumpRunning)) && (tmp___0 <= 1)) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0)))) || (((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) [2023-11-06 21:53:58,840 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,841 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((methaneLevelCritical == 0) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((!((\old(pumpRunning) == 0)) || (((1 <= pumpRunning) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || (2 < \old(waterLevel)))) && (((((((((pumpRunning == 0) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,841 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1)) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 0))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)))) [2023-11-06 21:53:58,841 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,842 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((1 <= pumpRunning) && (tmp == 0)) && !((\result == 0))) && (\old(waterLevel) == waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 21:53:58,842 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)) && (tmp___0 == 0)) && (1 <= tmp))) || (1 < waterLevel)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)) && (tmp___0 == 0)) && (1 <= tmp))) || (((pumpRunning == 0) && (1 <= \result)) && (1 <= tmp___0)))) && ((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1))) [2023-11-06 21:53:58,842 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((1 <= pumpRunning) && (1 <= \result)) && (1 <= tmp)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) [2023-11-06 21:53:58,842 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,875 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 21:53:58,875 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 21:53:58,875 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0)) || ((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2))) [2023-11-06 21:53:58,876 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,876 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel))) || ((1 <= pumpRunning) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)))) && ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,877 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) || !((tmp == 0))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\old(waterLevel) == waterLevel))) || ((((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((methaneLevelCritical == 0) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0)))) || (((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) && (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((1 <= pumpRunning) && (1 == systemActive)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) || ((((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((((((((pumpRunning == \old(pumpRunning)) && (tmp___0 <= 1)) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0)))) || (((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) [2023-11-06 21:53:58,877 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,877 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((methaneLevelCritical == 0) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((!((\old(pumpRunning) == 0)) || (((1 <= pumpRunning) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || (2 < \old(waterLevel)))) && (((((((((pumpRunning == 0) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,878 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1)) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 0))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)))) [2023-11-06 21:53:58,878 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,878 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((1 <= pumpRunning) && (tmp == 0)) && !((\result == 0))) && (\old(waterLevel) == waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 21:53:58,878 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)) && (tmp___0 == 0)) && (1 <= tmp))) || (1 < waterLevel)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)) && (tmp___0 == 0)) && (1 <= tmp))) || (((pumpRunning == 0) && (1 <= \result)) && (1 <= tmp___0)))) && ((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1))) [2023-11-06 21:53:58,879 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((1 <= pumpRunning) && (1 <= \result)) && (1 <= tmp)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) [2023-11-06 21:53:58,879 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) [2023-11-06 21:53:58,894 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.graphml [2023-11-06 21:53:58,894 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.yaml [2023-11-06 21:53:58,895 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2023-11-06 21:53:58,895 INFO L158 Benchmark]: Toolchain (without parser) took 15513.99ms. Allocated memory was 142.6MB in the beginning and 262.1MB in the end (delta: 119.5MB). Free memory was 98.2MB in the beginning and 94.4MB in the end (delta: 3.8MB). Peak memory consumption was 124.2MB. Max. memory is 16.1GB. [2023-11-06 21:53:58,896 INFO L158 Benchmark]: CDTParser took 0.22ms. Allocated memory is still 111.1MB. Free memory was 61.1MB in the beginning and 60.9MB in the end (delta: 134.3kB). There was no memory consumed. Max. memory is 16.1GB. [2023-11-06 21:53:58,896 INFO L158 Benchmark]: CACSL2BoogieTranslator took 546.21ms. Allocated memory is still 142.6MB. Free memory was 97.9MB in the beginning and 78.9MB in the end (delta: 19.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2023-11-06 21:53:58,897 INFO L158 Benchmark]: Boogie Procedure Inliner took 60.93ms. Allocated memory is still 142.6MB. Free memory was 78.9MB in the beginning and 76.6MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 21:53:58,897 INFO L158 Benchmark]: Boogie Preprocessor took 49.24ms. Allocated memory is still 142.6MB. Free memory was 76.6MB in the beginning and 75.1MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 21:53:58,897 INFO L158 Benchmark]: RCFGBuilder took 679.99ms. Allocated memory is still 142.6MB. Free memory was 74.8MB in the beginning and 101.3MB in the end (delta: -26.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2023-11-06 21:53:58,898 INFO L158 Benchmark]: TraceAbstraction took 14046.37ms. Allocated memory was 142.6MB in the beginning and 262.1MB in the end (delta: 119.5MB). Free memory was 100.8MB in the beginning and 101.7MB in the end (delta: -871.8kB). Peak memory consumption was 143.7MB. Max. memory is 16.1GB. [2023-11-06 21:53:58,898 INFO L158 Benchmark]: Witness Printer took 106.05ms. Allocated memory is still 262.1MB. Free memory was 101.7MB in the beginning and 94.4MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2023-11-06 21:53:58,900 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.22ms. Allocated memory is still 111.1MB. Free memory was 61.1MB in the beginning and 60.9MB in the end (delta: 134.3kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 546.21ms. Allocated memory is still 142.6MB. Free memory was 97.9MB in the beginning and 78.9MB in the end (delta: 19.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 60.93ms. Allocated memory is still 142.6MB. Free memory was 78.9MB in the beginning and 76.6MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 49.24ms. Allocated memory is still 142.6MB. Free memory was 76.6MB in the beginning and 75.1MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 679.99ms. Allocated memory is still 142.6MB. Free memory was 74.8MB in the beginning and 101.3MB in the end (delta: -26.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * TraceAbstraction took 14046.37ms. Allocated memory was 142.6MB in the beginning and 262.1MB in the end (delta: 119.5MB). Free memory was 100.8MB in the beginning and 101.7MB in the end (delta: -871.8kB). Peak memory consumption was 143.7MB. Max. memory is 16.1GB. * Witness Printer took 106.05ms. Allocated memory is still 262.1MB. Free memory was 101.7MB in the beginning and 94.4MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [49] - GenericResultAtLocation [Line: 153]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [153] - GenericResultAtLocation [Line: 519]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [519] - GenericResultAtLocation [Line: 705]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [705] - GenericResultAtLocation [Line: 770]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [770] - GenericResultAtLocation [Line: 865]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [865] - GenericResultAtLocation [Line: 874]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification3_spec.i","") [874] - GenericResultAtLocation [Line: 908]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [908] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 870]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 87 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 13.9s, OverallIterations: 12, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 4.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 5.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1893 SdHoareTripleChecker+Valid, 2.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1860 mSDsluCounter, 3854 SdHoareTripleChecker+Invalid, 2.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2884 mSDsCounter, 549 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 2429 IncrementalHoareTripleChecker+Invalid, 2978 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 549 mSolverCounterUnsat, 970 mSDtfsCounter, 2429 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 424 GetRequests, 253 SyntacticMatches, 7 SemanticMatches, 164 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1579 ImplicationChecksByTransitivity, 1.9s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=303occurred in iteration=11, InterpolantAutomatonStates: 150, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.4s AutomataMinimizationTime, 12 MinimizatonAttempts, 153 StatesRemovedByMinimization, 8 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 40 LocationsWithAnnotation, 1075 PreInvPairs, 1342 NumberOfFragments, 1646 HoareAnnotationTreeSize, 1075 FomulaSimplifications, 14170 FormulaSimplificationTreeSizeReduction, 1.0s HoareSimplificationTime, 40 FomulaSimplificationsInter, 11443 FormulaSimplificationTreeSizeReductionInter, 3.9s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 2.7s InterpolantComputationTime, 609 NumberOfCodeBlocks, 609 NumberOfCodeBlocksAsserted, 13 NumberOfCheckSat, 676 ConstructedInterpolants, 0 QuantifiedInterpolants, 1363 SizeOfPredicates, 4 NumberOfNonLiveVariables, 291 ConjunctsInSsa, 13 ConjunctsInUnsatCore, 14 InterpolantComputations, 11 PerfectInterpolantSequences, 57/78 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 875]: Loop Invariant Derived loop invariant: ((((((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) || !((tmp == 0))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\old(waterLevel) == waterLevel))) || ((((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((methaneLevelCritical == 0) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0)))) || (((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) && (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((1 <= pumpRunning) && (1 == systemActive)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) || ((((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((((((((pumpRunning == \old(pumpRunning)) && (tmp___0 <= 1)) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (tmp___0 <= 1)) && (waterLevel <= 1)) && (1 == systemActive)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) || ((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0)))) || (((((((1 <= pumpRunning) && (pumpRunning == \old(pumpRunning))) && (waterLevel <= 1)) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) - InvariantResult [Line: 109]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 52]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 716]: Loop Invariant Derived loop invariant: (((((((pumpRunning == 0) && (\result == 1)) && (tmp == 1)) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0)) || ((((((1 <= pumpRunning) && (\result == 1)) && (tmp == 1)) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2))) - InvariantResult [Line: 706]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 866]: Loop Invariant Derived loop invariant: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) - InvariantResult [Line: 920]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 715]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 614]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((1 <= pumpRunning) && (1 <= \result)) && (1 <= tmp)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) - InvariantResult [Line: 842]: Loop Invariant Derived loop invariant: ((((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((methaneLevelCritical == 0) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((!((\old(pumpRunning) == 0)) || (((1 <= pumpRunning) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel))) || !((1 == systemActive))) || (((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || (2 < \old(waterLevel)))) && (((((((((pumpRunning == 0) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || (((((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && ((tmp == 0) || !((methaneLevelCritical == 0)))) && (waterLevel <= \old(waterLevel))) && (\result <= 1))) || !((1 == systemActive))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) - InvariantResult [Line: 934]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 630]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 774]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 927]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 130]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 589]: Loop Invariant Derived loop invariant: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel))) || ((1 <= pumpRunning) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)))) && ((((!((1 == systemActive)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) - InvariantResult [Line: 641]: Loop Invariant Derived loop invariant: ((((((((((1 <= pumpRunning) && (tmp == 0)) && !((\result == 0))) && (\old(waterLevel) == waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 851]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1)) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((pumpRunning == 0) && (\result == 0))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)))) - InvariantResult [Line: 62]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 622]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (\old(pumpRunning) < 1)) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 686]: Loop Invariant Derived loop invariant: (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)) && (tmp___0 == 0)) && (1 <= tmp))) || (1 < waterLevel)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)) && (tmp___0 == 0)) && (1 <= tmp))) || (((pumpRunning == 0) && (1 <= \result)) && (1 <= tmp___0)))) && ((!((1 == systemActive)) || (1 < waterLevel)) || (\old(pumpRunning) < 1))) - InvariantResult [Line: 117]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2023-11-06 21:53:58,956 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9a8e23fa-b692-4403-9e6f-5150a4b82f07/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE