./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec3_product45.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e7bb482b Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec3_product45.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 4c4adbf609ddd472cb6a462753c6f5cc9af64c97af02da4060f4102700285790 --- Real Ultimate output --- This is Ultimate 0.2.3-dev-e7bb482 [2023-11-06 22:32:42,930 INFO L188 SettingsManager]: Resetting all preferences to default values... [2023-11-06 22:32:43,065 INFO L114 SettingsManager]: Loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf [2023-11-06 22:32:43,076 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2023-11-06 22:32:43,080 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2023-11-06 22:32:43,123 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2023-11-06 22:32:43,125 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2023-11-06 22:32:43,126 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2023-11-06 22:32:43,127 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2023-11-06 22:32:43,133 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2023-11-06 22:32:43,134 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2023-11-06 22:32:43,134 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2023-11-06 22:32:43,135 INFO L153 SettingsManager]: * Use SBE=true [2023-11-06 22:32:43,137 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2023-11-06 22:32:43,138 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2023-11-06 22:32:43,138 INFO L153 SettingsManager]: * sizeof long=4 [2023-11-06 22:32:43,139 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2023-11-06 22:32:43,139 INFO L153 SettingsManager]: * sizeof POINTER=4 [2023-11-06 22:32:43,140 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2023-11-06 22:32:43,140 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2023-11-06 22:32:43,141 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2023-11-06 22:32:43,142 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2023-11-06 22:32:43,142 INFO L153 SettingsManager]: * sizeof long double=12 [2023-11-06 22:32:43,143 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2023-11-06 22:32:43,143 INFO L153 SettingsManager]: * Use constant arrays=true [2023-11-06 22:32:43,144 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2023-11-06 22:32:43,145 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2023-11-06 22:32:43,145 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2023-11-06 22:32:43,146 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 22:32:43,147 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2023-11-06 22:32:43,148 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2023-11-06 22:32:43,149 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2023-11-06 22:32:43,149 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2023-11-06 22:32:43,149 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2023-11-06 22:32:43,150 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2023-11-06 22:32:43,150 INFO L153 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2023-11-06 22:32:43,150 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2023-11-06 22:32:43,151 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2023-11-06 22:32:43,151 INFO L153 SettingsManager]: * Independence relation used for large block encoding in concurrent analysis=SYNTACTIC [2023-11-06 22:32:43,152 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 4c4adbf609ddd472cb6a462753c6f5cc9af64c97af02da4060f4102700285790 [2023-11-06 22:32:43,538 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2023-11-06 22:32:43,590 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2023-11-06 22:32:43,593 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2023-11-06 22:32:43,595 INFO L270 PluginConnector]: Initializing CDTParser... [2023-11-06 22:32:43,595 INFO L274 PluginConnector]: CDTParser initialized [2023-11-06 22:32:43,597 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/../../sv-benchmarks/c/product-lines/minepump_spec3_product45.cil.c [2023-11-06 22:32:46,828 INFO L533 CDTParser]: Created temporary CDT project at NULL [2023-11-06 22:32:47,172 INFO L384 CDTParser]: Found 1 translation units. [2023-11-06 22:32:47,179 INFO L180 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/sv-benchmarks/c/product-lines/minepump_spec3_product45.cil.c [2023-11-06 22:32:47,196 INFO L427 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/data/6bc352d84/1d01e187174c4b0998996f54bf991fb8/FLAGf91705c49 [2023-11-06 22:32:47,214 INFO L435 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/data/6bc352d84/1d01e187174c4b0998996f54bf991fb8 [2023-11-06 22:32:47,217 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2023-11-06 22:32:47,219 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2023-11-06 22:32:47,223 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2023-11-06 22:32:47,223 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2023-11-06 22:32:47,229 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2023-11-06 22:32:47,230 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,231 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@17acf968 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47, skipping insertion in model container [2023-11-06 22:32:47,232 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,311 INFO L177 MainTranslator]: Built tables and reachable declarations [2023-11-06 22:32:47,583 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/sv-benchmarks/c/product-lines/minepump_spec3_product45.cil.c[8617,8630] [2023-11-06 22:32:47,644 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 22:32:47,657 INFO L202 MainTranslator]: Completed pre-run [2023-11-06 22:32:47,667 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification3_spec.i","") [49] [2023-11-06 22:32:47,669 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [87] [2023-11-06 22:32:47,670 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [186] [2023-11-06 22:32:47,670 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [288] [2023-11-06 22:32:47,671 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [485] [2023-11-06 22:32:47,671 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [550] [2023-11-06 22:32:47,671 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [585] [2023-11-06 22:32:47,672 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [594] [2023-11-06 22:32:47,701 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/sv-benchmarks/c/product-lines/minepump_spec3_product45.cil.c[8617,8630] [2023-11-06 22:32:47,741 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 22:32:47,764 INFO L206 MainTranslator]: Completed translation [2023-11-06 22:32:47,765 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47 WrapperNode [2023-11-06 22:32:47,765 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2023-11-06 22:32:47,766 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2023-11-06 22:32:47,767 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2023-11-06 22:32:47,767 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2023-11-06 22:32:47,776 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,793 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,826 INFO L138 Inliner]: procedures = 54, calls = 100, calls flagged for inlining = 22, calls inlined = 19, statements flattened = 197 [2023-11-06 22:32:47,826 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2023-11-06 22:32:47,827 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2023-11-06 22:32:47,828 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2023-11-06 22:32:47,828 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2023-11-06 22:32:47,839 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,839 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,842 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,842 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,850 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,856 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,858 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,860 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,864 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2023-11-06 22:32:47,865 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2023-11-06 22:32:47,865 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2023-11-06 22:32:47,865 INFO L274 PluginConnector]: RCFGBuilder initialized [2023-11-06 22:32:47,866 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (1/1) ... [2023-11-06 22:32:47,874 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 22:32:47,892 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:32:47,905 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2023-11-06 22:32:47,961 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2023-11-06 22:32:47,976 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2023-11-06 22:32:47,976 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2023-11-06 22:32:47,976 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2023-11-06 22:32:47,977 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2023-11-06 22:32:47,979 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2023-11-06 22:32:47,979 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2023-11-06 22:32:47,980 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2023-11-06 22:32:47,980 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2023-11-06 22:32:47,981 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2023-11-06 22:32:47,981 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2023-11-06 22:32:47,981 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2023-11-06 22:32:47,981 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__methaneQuery [2023-11-06 22:32:47,982 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__methaneQuery [2023-11-06 22:32:47,982 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2023-11-06 22:32:47,982 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2023-11-06 22:32:47,983 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2023-11-06 22:32:47,983 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2023-11-06 22:32:47,984 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2023-11-06 22:32:47,984 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2023-11-06 22:32:47,984 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2023-11-06 22:32:48,082 INFO L236 CfgBuilder]: Building ICFG [2023-11-06 22:32:48,084 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2023-11-06 22:32:48,485 INFO L277 CfgBuilder]: Performing block encoding [2023-11-06 22:32:48,494 INFO L297 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2023-11-06 22:32:48,494 INFO L302 CfgBuilder]: Removed 2 assume(true) statements. [2023-11-06 22:32:48,497 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:32:48 BoogieIcfgContainer [2023-11-06 22:32:48,497 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2023-11-06 22:32:48,500 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2023-11-06 22:32:48,500 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2023-11-06 22:32:48,504 INFO L274 PluginConnector]: TraceAbstraction initialized [2023-11-06 22:32:48,504 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 06.11 10:32:47" (1/3) ... [2023-11-06 22:32:48,505 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6435b435 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 10:32:48, skipping insertion in model container [2023-11-06 22:32:48,506 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 10:32:47" (2/3) ... [2023-11-06 22:32:48,506 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6435b435 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 10:32:48, skipping insertion in model container [2023-11-06 22:32:48,506 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:32:48" (3/3) ... [2023-11-06 22:32:48,508 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec3_product45.cil.c [2023-11-06 22:32:48,527 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2023-11-06 22:32:48,527 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2023-11-06 22:32:48,591 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2023-11-06 22:32:48,600 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@7fef91bf, mLbeIndependenceSettings=[IndependenceType=SYNTACTIC, AbstractionType=NONE, UseConditional=, UseSemiCommutativity=, Solver=, SolverTimeout=] [2023-11-06 22:32:48,600 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2023-11-06 22:32:48,606 INFO L276 IsEmpty]: Start isEmpty. Operand has 95 states, 71 states have (on average 1.380281690140845) internal successors, (98), 79 states have internal predecessors, (98), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2023-11-06 22:32:48,618 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2023-11-06 22:32:48,618 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:48,619 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:48,620 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:48,626 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:48,627 INFO L85 PathProgramCache]: Analyzing trace with hash 1088804663, now seen corresponding path program 1 times [2023-11-06 22:32:48,638 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:48,638 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [696106312] [2023-11-06 22:32:48,639 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:48,639 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:48,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:48,930 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2023-11-06 22:32:48,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:48,942 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:48,967 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:48,968 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [696106312] [2023-11-06 22:32:48,968 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [696106312] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:48,969 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:48,969 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2023-11-06 22:32:48,971 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2108297064] [2023-11-06 22:32:48,982 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:48,993 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2023-11-06 22:32:48,994 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:49,028 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2023-11-06 22:32:49,029 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 22:32:49,032 INFO L87 Difference]: Start difference. First operand has 95 states, 71 states have (on average 1.380281690140845) internal successors, (98), 79 states have internal predecessors, (98), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:32:49,074 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:49,074 INFO L93 Difference]: Finished difference Result 182 states and 247 transitions. [2023-11-06 22:32:49,075 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2023-11-06 22:32:49,077 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2023-11-06 22:32:49,077 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:49,088 INFO L225 Difference]: With dead ends: 182 [2023-11-06 22:32:49,088 INFO L226 Difference]: Without dead ends: 86 [2023-11-06 22:32:49,093 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 22:32:49,097 INFO L413 NwaCegarLoop]: 120 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 120 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:49,098 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 120 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:32:49,116 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 86 states. [2023-11-06 22:32:49,145 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 86 to 86. [2023-11-06 22:32:49,147 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 86 states, 64 states have (on average 1.3125) internal successors, (84), 71 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 11 states have call predecessors, (13), 13 states have call successors, (13) [2023-11-06 22:32:49,151 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 86 states to 86 states and 111 transitions. [2023-11-06 22:32:49,152 INFO L78 Accepts]: Start accepts. Automaton has 86 states and 111 transitions. Word has length 25 [2023-11-06 22:32:49,153 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:49,153 INFO L495 AbstractCegarLoop]: Abstraction has 86 states and 111 transitions. [2023-11-06 22:32:49,154 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:32:49,154 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 111 transitions. [2023-11-06 22:32:49,166 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2023-11-06 22:32:49,166 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:49,167 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:49,167 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2023-11-06 22:32:49,167 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:49,168 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:49,169 INFO L85 PathProgramCache]: Analyzing trace with hash 913970031, now seen corresponding path program 1 times [2023-11-06 22:32:49,169 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:49,169 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1592817097] [2023-11-06 22:32:49,169 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:49,170 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:49,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 22:32:49,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,308 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:49,309 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:49,309 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1592817097] [2023-11-06 22:32:49,309 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1592817097] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:49,310 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:49,310 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 22:32:49,310 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [407652850] [2023-11-06 22:32:49,311 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:49,312 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 22:32:49,313 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:49,314 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 22:32:49,314 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:32:49,315 INFO L87 Difference]: Start difference. First operand 86 states and 111 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:32:49,340 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:49,341 INFO L93 Difference]: Finished difference Result 138 states and 178 transitions. [2023-11-06 22:32:49,342 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 22:32:49,342 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2023-11-06 22:32:49,342 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:49,344 INFO L225 Difference]: With dead ends: 138 [2023-11-06 22:32:49,345 INFO L226 Difference]: Without dead ends: 77 [2023-11-06 22:32:49,346 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:32:49,348 INFO L413 NwaCegarLoop]: 98 mSDtfsCounter, 12 mSDsluCounter, 82 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 180 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:49,349 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [15 Valid, 180 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:32:49,351 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2023-11-06 22:32:49,364 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 77. [2023-11-06 22:32:49,365 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 77 states, 58 states have (on average 1.3275862068965518) internal successors, (77), 65 states have internal predecessors, (77), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2023-11-06 22:32:49,367 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 99 transitions. [2023-11-06 22:32:49,368 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 99 transitions. Word has length 26 [2023-11-06 22:32:49,368 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:49,368 INFO L495 AbstractCegarLoop]: Abstraction has 77 states and 99 transitions. [2023-11-06 22:32:49,369 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:32:49,369 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2023-11-06 22:32:49,371 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2023-11-06 22:32:49,371 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:49,371 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:49,372 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2023-11-06 22:32:49,372 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:49,373 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:49,373 INFO L85 PathProgramCache]: Analyzing trace with hash 1563838683, now seen corresponding path program 1 times [2023-11-06 22:32:49,373 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:49,374 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1270062814] [2023-11-06 22:32:49,374 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:49,374 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:49,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:32:49,510 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,514 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:49,514 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:49,515 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1270062814] [2023-11-06 22:32:49,515 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1270062814] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:49,515 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:49,515 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2023-11-06 22:32:49,516 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1331045477] [2023-11-06 22:32:49,516 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:49,517 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2023-11-06 22:32:49,517 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:49,518 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2023-11-06 22:32:49,518 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:32:49,518 INFO L87 Difference]: Start difference. First operand 77 states and 99 transitions. Second operand has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:32:49,545 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:49,545 INFO L93 Difference]: Finished difference Result 147 states and 192 transitions. [2023-11-06 22:32:49,546 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2023-11-06 22:32:49,546 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2023-11-06 22:32:49,547 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:49,548 INFO L225 Difference]: With dead ends: 147 [2023-11-06 22:32:49,549 INFO L226 Difference]: Without dead ends: 77 [2023-11-06 22:32:49,550 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2023-11-06 22:32:49,552 INFO L413 NwaCegarLoop]: 97 mSDtfsCounter, 81 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 81 SdHoareTripleChecker+Valid, 97 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:49,553 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [81 Valid, 97 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:32:49,554 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2023-11-06 22:32:49,570 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 77. [2023-11-06 22:32:49,571 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 77 states, 58 states have (on average 1.3103448275862069) internal successors, (76), 65 states have internal predecessors, (76), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2023-11-06 22:32:49,572 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 98 transitions. [2023-11-06 22:32:49,573 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 98 transitions. Word has length 30 [2023-11-06 22:32:49,573 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:49,573 INFO L495 AbstractCegarLoop]: Abstraction has 77 states and 98 transitions. [2023-11-06 22:32:49,574 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.0) internal successors, (27), 3 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2023-11-06 22:32:49,574 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 98 transitions. [2023-11-06 22:32:49,576 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2023-11-06 22:32:49,576 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:49,577 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:49,577 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2023-11-06 22:32:49,577 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:49,578 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:49,578 INFO L85 PathProgramCache]: Analyzing trace with hash 1485355981, now seen corresponding path program 1 times [2023-11-06 22:32:49,578 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:49,579 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [244593641] [2023-11-06 22:32:49,579 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:49,579 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:49,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:32:49,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 22:32:49,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2023-11-06 22:32:49,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:49,759 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:49,759 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:49,760 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [244593641] [2023-11-06 22:32:49,760 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [244593641] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:49,760 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:49,761 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 22:32:49,761 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [455460418] [2023-11-06 22:32:49,761 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:49,762 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 22:32:49,762 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:49,763 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 22:32:49,763 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 22:32:49,764 INFO L87 Difference]: Start difference. First operand 77 states and 98 transitions. Second operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 5 states have internal predecessors, (33), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2023-11-06 22:32:50,067 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:50,067 INFO L93 Difference]: Finished difference Result 230 states and 292 transitions. [2023-11-06 22:32:50,068 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 22:32:50,069 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 5 states have internal predecessors, (33), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 40 [2023-11-06 22:32:50,069 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:50,078 INFO L225 Difference]: With dead ends: 230 [2023-11-06 22:32:50,078 INFO L226 Difference]: Without dead ends: 160 [2023-11-06 22:32:50,087 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2023-11-06 22:32:50,094 INFO L413 NwaCegarLoop]: 114 mSDtfsCounter, 202 mSDsluCounter, 171 mSDsCounter, 0 mSdLazyCounter, 124 mSolverCounterSat, 58 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 204 SdHoareTripleChecker+Valid, 285 SdHoareTripleChecker+Invalid, 182 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 58 IncrementalHoareTripleChecker+Valid, 124 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:50,099 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [204 Valid, 285 Invalid, 182 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [58 Valid, 124 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:32:50,101 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 160 states. [2023-11-06 22:32:50,167 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 160 to 154. [2023-11-06 22:32:50,170 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 154 states, 117 states have (on average 1.264957264957265) internal successors, (148), 125 states have internal predecessors, (148), 18 states have call successors, (18), 15 states have call predecessors, (18), 18 states have return successors, (23), 19 states have call predecessors, (23), 18 states have call successors, (23) [2023-11-06 22:32:50,176 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 154 states to 154 states and 189 transitions. [2023-11-06 22:32:50,177 INFO L78 Accepts]: Start accepts. Automaton has 154 states and 189 transitions. Word has length 40 [2023-11-06 22:32:50,177 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:50,178 INFO L495 AbstractCegarLoop]: Abstraction has 154 states and 189 transitions. [2023-11-06 22:32:50,179 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 5 states have internal predecessors, (33), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2023-11-06 22:32:50,179 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 189 transitions. [2023-11-06 22:32:50,184 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 47 [2023-11-06 22:32:50,184 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:50,185 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:50,185 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2023-11-06 22:32:50,185 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:50,186 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:50,186 INFO L85 PathProgramCache]: Analyzing trace with hash -1430117211, now seen corresponding path program 1 times [2023-11-06 22:32:50,186 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:50,187 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1104616718] [2023-11-06 22:32:50,187 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:50,188 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:50,229 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:32:50,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:50,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,367 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2023-11-06 22:32:50,369 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,372 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:50,373 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:50,373 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1104616718] [2023-11-06 22:32:50,373 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1104616718] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:50,373 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:50,373 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 22:32:50,374 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1883792793] [2023-11-06 22:32:50,374 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:50,374 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 22:32:50,375 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:50,375 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 22:32:50,376 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 22:32:50,376 INFO L87 Difference]: Start difference. First operand 154 states and 189 transitions. Second operand has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:32:50,710 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:50,711 INFO L93 Difference]: Finished difference Result 399 states and 509 transitions. [2023-11-06 22:32:50,711 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2023-11-06 22:32:50,712 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 46 [2023-11-06 22:32:50,712 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:50,715 INFO L225 Difference]: With dead ends: 399 [2023-11-06 22:32:50,716 INFO L226 Difference]: Without dead ends: 252 [2023-11-06 22:32:50,717 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2023-11-06 22:32:50,718 INFO L413 NwaCegarLoop]: 82 mSDtfsCounter, 139 mSDsluCounter, 257 mSDsCounter, 0 mSdLazyCounter, 168 mSolverCounterSat, 37 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 146 SdHoareTripleChecker+Valid, 339 SdHoareTripleChecker+Invalid, 205 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 37 IncrementalHoareTripleChecker+Valid, 168 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:50,719 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [146 Valid, 339 Invalid, 205 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [37 Valid, 168 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:32:50,720 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 252 states. [2023-11-06 22:32:50,762 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 252 to 244. [2023-11-06 22:32:50,763 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 244 states, 185 states have (on average 1.2540540540540541) internal successors, (232), 196 states have internal predecessors, (232), 30 states have call successors, (30), 26 states have call predecessors, (30), 28 states have return successors, (40), 30 states have call predecessors, (40), 30 states have call successors, (40) [2023-11-06 22:32:50,766 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 244 states to 244 states and 302 transitions. [2023-11-06 22:32:50,766 INFO L78 Accepts]: Start accepts. Automaton has 244 states and 302 transitions. Word has length 46 [2023-11-06 22:32:50,767 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:50,767 INFO L495 AbstractCegarLoop]: Abstraction has 244 states and 302 transitions. [2023-11-06 22:32:50,767 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 5 states have internal predecessors, (39), 2 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 22:32:50,768 INFO L276 IsEmpty]: Start isEmpty. Operand 244 states and 302 transitions. [2023-11-06 22:32:50,769 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2023-11-06 22:32:50,770 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:50,770 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:50,770 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2023-11-06 22:32:50,770 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:50,771 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:50,771 INFO L85 PathProgramCache]: Analyzing trace with hash 1782384523, now seen corresponding path program 1 times [2023-11-06 22:32:50,771 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:50,771 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [125417854] [2023-11-06 22:32:50,772 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:50,772 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:50,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,895 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:32:50,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:32:50,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:50,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2023-11-06 22:32:50,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:50,942 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:50,943 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:50,943 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [125417854] [2023-11-06 22:32:50,943 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [125417854] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:50,943 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:50,944 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2023-11-06 22:32:50,944 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1026721222] [2023-11-06 22:32:50,944 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:50,945 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2023-11-06 22:32:50,945 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:50,946 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2023-11-06 22:32:50,946 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2023-11-06 22:32:50,946 INFO L87 Difference]: Start difference. First operand 244 states and 302 transitions. Second operand has 8 states, 8 states have (on average 5.125) internal successors, (41), 6 states have internal predecessors, (41), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 22:32:51,722 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:51,722 INFO L93 Difference]: Finished difference Result 590 states and 761 transitions. [2023-11-06 22:32:51,723 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2023-11-06 22:32:51,723 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.125) internal successors, (41), 6 states have internal predecessors, (41), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 50 [2023-11-06 22:32:51,724 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:51,732 INFO L225 Difference]: With dead ends: 590 [2023-11-06 22:32:51,733 INFO L226 Difference]: Without dead ends: 443 [2023-11-06 22:32:51,735 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 12 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 96 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=141, Invalid=365, Unknown=0, NotChecked=0, Total=506 [2023-11-06 22:32:51,740 INFO L413 NwaCegarLoop]: 65 mSDtfsCounter, 368 mSDsluCounter, 252 mSDsCounter, 0 mSdLazyCounter, 305 mSolverCounterSat, 135 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 373 SdHoareTripleChecker+Valid, 317 SdHoareTripleChecker+Invalid, 440 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 135 IncrementalHoareTripleChecker+Valid, 305 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:51,744 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [373 Valid, 317 Invalid, 440 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [135 Valid, 305 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2023-11-06 22:32:51,747 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 443 states. [2023-11-06 22:32:51,840 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 443 to 405. [2023-11-06 22:32:51,841 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 306 states have (on average 1.2287581699346406) internal successors, (376), 326 states have internal predecessors, (376), 50 states have call successors, (50), 39 states have call predecessors, (50), 48 states have return successors, (77), 51 states have call predecessors, (77), 50 states have call successors, (77) [2023-11-06 22:32:51,845 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 503 transitions. [2023-11-06 22:32:51,846 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 503 transitions. Word has length 50 [2023-11-06 22:32:51,847 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:51,847 INFO L495 AbstractCegarLoop]: Abstraction has 405 states and 503 transitions. [2023-11-06 22:32:51,848 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.125) internal successors, (41), 6 states have internal predecessors, (41), 3 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 22:32:51,848 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 503 transitions. [2023-11-06 22:32:51,853 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2023-11-06 22:32:51,854 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:51,854 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:51,855 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2023-11-06 22:32:51,855 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:51,856 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:51,856 INFO L85 PathProgramCache]: Analyzing trace with hash 1648371017, now seen corresponding path program 1 times [2023-11-06 22:32:51,857 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:51,857 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [289919320] [2023-11-06 22:32:51,857 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:51,857 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:51,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:51,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:32:51,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:51,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:32:51,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:52,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,010 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2023-11-06 22:32:52,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,013 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:52,013 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:52,014 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [289919320] [2023-11-06 22:32:52,014 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [289919320] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:52,014 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:52,014 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 22:32:52,015 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1636577921] [2023-11-06 22:32:52,015 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:52,016 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 22:32:52,016 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:52,016 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 22:32:52,017 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 22:32:52,017 INFO L87 Difference]: Start difference. First operand 405 states and 503 transitions. Second operand has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:32:52,418 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:52,419 INFO L93 Difference]: Finished difference Result 727 states and 905 transitions. [2023-11-06 22:32:52,419 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2023-11-06 22:32:52,420 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 50 [2023-11-06 22:32:52,420 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:52,424 INFO L225 Difference]: With dead ends: 727 [2023-11-06 22:32:52,424 INFO L226 Difference]: Without dead ends: 415 [2023-11-06 22:32:52,426 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2023-11-06 22:32:52,427 INFO L413 NwaCegarLoop]: 68 mSDtfsCounter, 140 mSDsluCounter, 214 mSDsCounter, 0 mSdLazyCounter, 248 mSolverCounterSat, 42 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 143 SdHoareTripleChecker+Valid, 282 SdHoareTripleChecker+Invalid, 290 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 42 IncrementalHoareTripleChecker+Valid, 248 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:52,427 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [143 Valid, 282 Invalid, 290 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [42 Valid, 248 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2023-11-06 22:32:52,429 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 415 states. [2023-11-06 22:32:52,486 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 415 to 405. [2023-11-06 22:32:52,487 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 306 states have (on average 1.2254901960784315) internal successors, (375), 326 states have internal predecessors, (375), 50 states have call successors, (50), 39 states have call predecessors, (50), 48 states have return successors, (77), 51 states have call predecessors, (77), 50 states have call successors, (77) [2023-11-06 22:32:52,491 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 502 transitions. [2023-11-06 22:32:52,491 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 502 transitions. Word has length 50 [2023-11-06 22:32:52,492 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:52,492 INFO L495 AbstractCegarLoop]: Abstraction has 405 states and 502 transitions. [2023-11-06 22:32:52,492 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.833333333333333) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:32:52,493 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 502 transitions. [2023-11-06 22:32:52,494 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2023-11-06 22:32:52,494 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:52,494 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:52,495 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2023-11-06 22:32:52,495 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:52,495 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:52,496 INFO L85 PathProgramCache]: Analyzing trace with hash 1867225735, now seen corresponding path program 1 times [2023-11-06 22:32:52,496 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:52,496 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1192857078] [2023-11-06 22:32:52,496 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:52,496 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:52,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,561 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:32:52,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,568 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:32:52,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:52,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2023-11-06 22:32:52,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:52,650 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 22:32:52,653 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:52,654 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1192857078] [2023-11-06 22:32:52,654 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1192857078] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:52,654 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:52,654 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 22:32:52,655 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1362464002] [2023-11-06 22:32:52,655 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:52,661 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 22:32:52,662 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:52,662 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 22:32:52,663 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 22:32:52,663 INFO L87 Difference]: Start difference. First operand 405 states and 502 transitions. Second operand has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:32:53,057 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:53,059 INFO L93 Difference]: Finished difference Result 832 states and 1043 transitions. [2023-11-06 22:32:53,059 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2023-11-06 22:32:53,059 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 50 [2023-11-06 22:32:53,061 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:53,065 INFO L225 Difference]: With dead ends: 832 [2023-11-06 22:32:53,065 INFO L226 Difference]: Without dead ends: 434 [2023-11-06 22:32:53,067 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=42, Invalid=90, Unknown=0, NotChecked=0, Total=132 [2023-11-06 22:32:53,069 INFO L413 NwaCegarLoop]: 68 mSDtfsCounter, 145 mSDsluCounter, 279 mSDsCounter, 0 mSdLazyCounter, 297 mSolverCounterSat, 41 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 148 SdHoareTripleChecker+Valid, 347 SdHoareTripleChecker+Invalid, 338 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 41 IncrementalHoareTripleChecker+Valid, 297 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:53,069 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [148 Valid, 347 Invalid, 338 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [41 Valid, 297 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:32:53,071 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 434 states. [2023-11-06 22:32:53,143 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 434 to 408. [2023-11-06 22:32:53,145 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 408 states, 311 states have (on average 1.2186495176848875) internal successors, (379), 330 states have internal predecessors, (379), 49 states have call successors, (49), 38 states have call predecessors, (49), 47 states have return successors, (76), 50 states have call predecessors, (76), 49 states have call successors, (76) [2023-11-06 22:32:53,150 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 408 states to 408 states and 504 transitions. [2023-11-06 22:32:53,150 INFO L78 Accepts]: Start accepts. Automaton has 408 states and 504 transitions. Word has length 50 [2023-11-06 22:32:53,150 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:53,151 INFO L495 AbstractCegarLoop]: Abstraction has 408 states and 504 transitions. [2023-11-06 22:32:53,151 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.857142857142857) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (5), 3 states have call predecessors, (5), 2 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2023-11-06 22:32:53,151 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 504 transitions. [2023-11-06 22:32:53,152 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 60 [2023-11-06 22:32:53,152 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:53,153 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:53,153 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2023-11-06 22:32:53,153 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:53,153 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:53,154 INFO L85 PathProgramCache]: Analyzing trace with hash 88017873, now seen corresponding path program 1 times [2023-11-06 22:32:53,154 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:53,154 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1730386780] [2023-11-06 22:32:53,154 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:53,154 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:53,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:53,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:32:53,335 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:53,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:32:53,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:53,432 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:53,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:53,479 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:53,484 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:53,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2023-11-06 22:32:53,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:53,511 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:32:53,511 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:53,511 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1730386780] [2023-11-06 22:32:53,511 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1730386780] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:53,511 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:53,512 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2023-11-06 22:32:53,512 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [420928622] [2023-11-06 22:32:53,512 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:53,513 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2023-11-06 22:32:53,513 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:53,514 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2023-11-06 22:32:53,514 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=109, Unknown=0, NotChecked=0, Total=132 [2023-11-06 22:32:53,514 INFO L87 Difference]: Start difference. First operand 408 states and 504 transitions. Second operand has 12 states, 12 states have (on average 3.8333333333333335) internal successors, (46), 7 states have internal predecessors, (46), 2 states have call successors, (6), 3 states have call predecessors, (6), 4 states have return successors, (5), 5 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:32:54,607 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:54,607 INFO L93 Difference]: Finished difference Result 1174 states and 1506 transitions. [2023-11-06 22:32:54,607 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 30 states. [2023-11-06 22:32:54,608 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 12 states have (on average 3.8333333333333335) internal successors, (46), 7 states have internal predecessors, (46), 2 states have call successors, (6), 3 states have call predecessors, (6), 4 states have return successors, (5), 5 states have call predecessors, (5), 2 states have call successors, (5) Word has length 59 [2023-11-06 22:32:54,609 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:54,616 INFO L225 Difference]: With dead ends: 1174 [2023-11-06 22:32:54,616 INFO L226 Difference]: Without dead ends: 773 [2023-11-06 22:32:54,619 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 47 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 34 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 261 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=243, Invalid=1017, Unknown=0, NotChecked=0, Total=1260 [2023-11-06 22:32:54,622 INFO L413 NwaCegarLoop]: 113 mSDtfsCounter, 245 mSDsluCounter, 735 mSDsCounter, 0 mSdLazyCounter, 921 mSolverCounterSat, 88 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 251 SdHoareTripleChecker+Valid, 848 SdHoareTripleChecker+Invalid, 1009 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 88 IncrementalHoareTripleChecker+Valid, 921 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:54,622 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [251 Valid, 848 Invalid, 1009 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [88 Valid, 921 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2023-11-06 22:32:54,624 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 773 states. [2023-11-06 22:32:54,739 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 773 to 758. [2023-11-06 22:32:54,741 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 758 states, 568 states have (on average 1.1883802816901408) internal successors, (675), 602 states have internal predecessors, (675), 97 states have call successors, (97), 76 states have call predecessors, (97), 92 states have return successors, (166), 98 states have call predecessors, (166), 97 states have call successors, (166) [2023-11-06 22:32:54,747 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 758 states to 758 states and 938 transitions. [2023-11-06 22:32:54,748 INFO L78 Accepts]: Start accepts. Automaton has 758 states and 938 transitions. Word has length 59 [2023-11-06 22:32:54,749 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:54,749 INFO L495 AbstractCegarLoop]: Abstraction has 758 states and 938 transitions. [2023-11-06 22:32:54,749 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 12 states have (on average 3.8333333333333335) internal successors, (46), 7 states have internal predecessors, (46), 2 states have call successors, (6), 3 states have call predecessors, (6), 4 states have return successors, (5), 5 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:32:54,750 INFO L276 IsEmpty]: Start isEmpty. Operand 758 states and 938 transitions. [2023-11-06 22:32:54,752 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 61 [2023-11-06 22:32:54,752 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:54,752 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:54,752 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2023-11-06 22:32:54,753 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:54,753 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:54,753 INFO L85 PathProgramCache]: Analyzing trace with hash -229819681, now seen corresponding path program 1 times [2023-11-06 22:32:54,753 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:54,754 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [551100219] [2023-11-06 22:32:54,754 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:54,754 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:54,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:54,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:32:54,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:54,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2023-11-06 22:32:54,897 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:54,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:54,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:54,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:54,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:54,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2023-11-06 22:32:54,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:54,929 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 22:32:54,929 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:54,929 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [551100219] [2023-11-06 22:32:54,929 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [551100219] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:54,930 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:54,930 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2023-11-06 22:32:54,930 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1757753776] [2023-11-06 22:32:54,930 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:54,932 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2023-11-06 22:32:54,932 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:54,933 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2023-11-06 22:32:54,933 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2023-11-06 22:32:54,933 INFO L87 Difference]: Start difference. First operand 758 states and 938 transitions. Second operand has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:32:55,428 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:55,428 INFO L93 Difference]: Finished difference Result 1515 states and 1875 transitions. [2023-11-06 22:32:55,429 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2023-11-06 22:32:55,430 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) Word has length 60 [2023-11-06 22:32:55,430 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:55,436 INFO L225 Difference]: With dead ends: 1515 [2023-11-06 22:32:55,436 INFO L226 Difference]: Without dead ends: 764 [2023-11-06 22:32:55,439 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 14 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 20 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=59, Invalid=151, Unknown=0, NotChecked=0, Total=210 [2023-11-06 22:32:55,440 INFO L413 NwaCegarLoop]: 107 mSDtfsCounter, 197 mSDsluCounter, 345 mSDsCounter, 0 mSdLazyCounter, 374 mSolverCounterSat, 56 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 200 SdHoareTripleChecker+Valid, 452 SdHoareTripleChecker+Invalid, 430 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 56 IncrementalHoareTripleChecker+Valid, 374 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:55,441 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [200 Valid, 452 Invalid, 430 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [56 Valid, 374 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2023-11-06 22:32:55,443 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 764 states. [2023-11-06 22:32:55,543 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 764 to 758. [2023-11-06 22:32:55,545 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 758 states, 568 states have (on average 1.1742957746478873) internal successors, (667), 602 states have internal predecessors, (667), 97 states have call successors, (97), 76 states have call predecessors, (97), 92 states have return successors, (147), 98 states have call predecessors, (147), 97 states have call successors, (147) [2023-11-06 22:32:55,551 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 758 states to 758 states and 911 transitions. [2023-11-06 22:32:55,555 INFO L78 Accepts]: Start accepts. Automaton has 758 states and 911 transitions. Word has length 60 [2023-11-06 22:32:55,558 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:55,558 INFO L495 AbstractCegarLoop]: Abstraction has 758 states and 911 transitions. [2023-11-06 22:32:55,558 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 5 states have internal predecessors, (47), 2 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 2 states have call successors, (5) [2023-11-06 22:32:55,558 INFO L276 IsEmpty]: Start isEmpty. Operand 758 states and 911 transitions. [2023-11-06 22:32:55,565 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2023-11-06 22:32:55,566 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:55,566 INFO L195 NwaCegarLoop]: trace histogram [4, 4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:55,566 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2023-11-06 22:32:55,567 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:55,567 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:55,567 INFO L85 PathProgramCache]: Analyzing trace with hash -168137563, now seen corresponding path program 1 times [2023-11-06 22:32:55,568 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:55,568 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1490223741] [2023-11-06 22:32:55,568 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:55,568 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:55,588 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 22:32:55,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2023-11-06 22:32:55,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,796 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:55,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,801 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:55,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2023-11-06 22:32:55,807 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2023-11-06 22:32:55,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,820 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2023-11-06 22:32:55,822 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:55,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2023-11-06 22:32:55,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:55,830 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2023-11-06 22:32:55,831 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:55,831 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1490223741] [2023-11-06 22:32:55,831 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1490223741] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:55,831 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 22:32:55,831 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2023-11-06 22:32:55,832 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1476846657] [2023-11-06 22:32:55,832 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:55,832 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2023-11-06 22:32:55,833 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:55,833 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2023-11-06 22:32:55,833 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2023-11-06 22:32:55,834 INFO L87 Difference]: Start difference. First operand 758 states and 911 transitions. Second operand has 8 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 2 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2023-11-06 22:32:56,179 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:56,179 INFO L93 Difference]: Finished difference Result 1513 states and 1844 transitions. [2023-11-06 22:32:56,179 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2023-11-06 22:32:56,180 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 2 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 97 [2023-11-06 22:32:56,180 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:56,186 INFO L225 Difference]: With dead ends: 1513 [2023-11-06 22:32:56,186 INFO L226 Difference]: Without dead ends: 762 [2023-11-06 22:32:56,192 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=36, Invalid=74, Unknown=0, NotChecked=0, Total=110 [2023-11-06 22:32:56,193 INFO L413 NwaCegarLoop]: 66 mSDtfsCounter, 177 mSDsluCounter, 271 mSDsCounter, 0 mSdLazyCounter, 260 mSolverCounterSat, 57 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 185 SdHoareTripleChecker+Valid, 337 SdHoareTripleChecker+Invalid, 317 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 57 IncrementalHoareTripleChecker+Valid, 260 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:56,193 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [185 Valid, 337 Invalid, 317 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [57 Valid, 260 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 22:32:56,195 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 762 states. [2023-11-06 22:32:56,267 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 762 to 762. [2023-11-06 22:32:56,269 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 762 states, 570 states have (on average 1.1666666666666667) internal successors, (665), 604 states have internal predecessors, (665), 97 states have call successors, (97), 76 states have call predecessors, (97), 94 states have return successors, (150), 98 states have call predecessors, (150), 97 states have call successors, (150) [2023-11-06 22:32:56,275 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 762 states to 762 states and 912 transitions. [2023-11-06 22:32:56,276 INFO L78 Accepts]: Start accepts. Automaton has 762 states and 912 transitions. Word has length 97 [2023-11-06 22:32:56,276 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:56,276 INFO L495 AbstractCegarLoop]: Abstraction has 762 states and 912 transitions. [2023-11-06 22:32:56,276 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 8.25) internal successors, (66), 5 states have internal predecessors, (66), 2 states have call successors, (8), 5 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2023-11-06 22:32:56,276 INFO L276 IsEmpty]: Start isEmpty. Operand 762 states and 912 transitions. [2023-11-06 22:32:56,285 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2023-11-06 22:32:56,285 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:56,285 INFO L195 NwaCegarLoop]: trace histogram [4, 4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:56,286 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2023-11-06 22:32:56,286 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:56,289 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:56,289 INFO L85 PathProgramCache]: Analyzing trace with hash -2079180121, now seen corresponding path program 1 times [2023-11-06 22:32:56,289 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:56,289 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [503703548] [2023-11-06 22:32:56,290 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:56,290 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:56,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,362 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2023-11-06 22:32:56,367 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,443 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2023-11-06 22:32:56,446 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,504 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:56,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:56,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2023-11-06 22:32:56,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2023-11-06 22:32:56,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,573 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2023-11-06 22:32:56,574 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,576 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:56,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2023-11-06 22:32:56,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,581 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 17 proven. 11 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2023-11-06 22:32:56,581 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:56,581 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [503703548] [2023-11-06 22:32:56,581 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [503703548] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 22:32:56,582 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [119311048] [2023-11-06 22:32:56,582 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:56,582 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:32:56,582 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:32:56,589 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 22:32:56,629 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2023-11-06 22:32:56,793 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:56,796 INFO L262 TraceCheckSpWp]: Trace formula consists of 328 conjuncts, 4 conjunts are in the unsatisfiable core [2023-11-06 22:32:56,804 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 22:32:56,896 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2023-11-06 22:32:56,897 INFO L323 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2023-11-06 22:32:56,897 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [119311048] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 22:32:56,897 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2023-11-06 22:32:56,897 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [13] total 15 [2023-11-06 22:32:56,897 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [934445478] [2023-11-06 22:32:56,898 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 22:32:56,898 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2023-11-06 22:32:56,898 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:56,899 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2023-11-06 22:32:56,899 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=31, Invalid=179, Unknown=0, NotChecked=0, Total=210 [2023-11-06 22:32:56,899 INFO L87 Difference]: Start difference. First operand 762 states and 912 transitions. Second operand has 4 states, 4 states have (on average 16.5) internal successors, (66), 4 states have internal predecessors, (66), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 1 states have call predecessors, (7), 2 states have call successors, (7) [2023-11-06 22:32:57,002 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:32:57,003 INFO L93 Difference]: Finished difference Result 1371 states and 1660 transitions. [2023-11-06 22:32:57,003 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2023-11-06 22:32:57,004 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 16.5) internal successors, (66), 4 states have internal predecessors, (66), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 1 states have call predecessors, (7), 2 states have call successors, (7) Word has length 97 [2023-11-06 22:32:57,004 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:32:57,008 INFO L225 Difference]: With dead ends: 1371 [2023-11-06 22:32:57,009 INFO L226 Difference]: Without dead ends: 616 [2023-11-06 22:32:57,012 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 126 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=35, Invalid=205, Unknown=0, NotChecked=0, Total=240 [2023-11-06 22:32:57,013 INFO L413 NwaCegarLoop]: 96 mSDtfsCounter, 8 mSDsluCounter, 184 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 9 SdHoareTripleChecker+Valid, 280 SdHoareTripleChecker+Invalid, 9 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 22:32:57,013 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [9 Valid, 280 Invalid, 9 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 22:32:57,015 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 616 states. [2023-11-06 22:32:57,081 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 616 to 616. [2023-11-06 22:32:57,083 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 616 states, 460 states have (on average 1.1652173913043478) internal successors, (536), 488 states have internal predecessors, (536), 81 states have call successors, (81), 64 states have call predecessors, (81), 74 states have return successors, (110), 78 states have call predecessors, (110), 81 states have call successors, (110) [2023-11-06 22:32:57,087 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 616 states to 616 states and 727 transitions. [2023-11-06 22:32:57,088 INFO L78 Accepts]: Start accepts. Automaton has 616 states and 727 transitions. Word has length 97 [2023-11-06 22:32:57,088 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:32:57,088 INFO L495 AbstractCegarLoop]: Abstraction has 616 states and 727 transitions. [2023-11-06 22:32:57,088 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 16.5) internal successors, (66), 4 states have internal predecessors, (66), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 1 states have call predecessors, (7), 2 states have call successors, (7) [2023-11-06 22:32:57,089 INFO L276 IsEmpty]: Start isEmpty. Operand 616 states and 727 transitions. [2023-11-06 22:32:57,091 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2023-11-06 22:32:57,091 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 22:32:57,092 INFO L195 NwaCegarLoop]: trace histogram [4, 4, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:32:57,109 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2023-11-06 22:32:57,309 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:32:57,309 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 22:32:57,310 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 22:32:57,310 INFO L85 PathProgramCache]: Analyzing trace with hash 1353786525, now seen corresponding path program 1 times [2023-11-06 22:32:57,310 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 22:32:57,310 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1238859384] [2023-11-06 22:32:57,310 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:57,310 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 22:32:57,333 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,450 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2023-11-06 22:32:57,452 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,461 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2023-11-06 22:32:57,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2023-11-06 22:32:57,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2023-11-06 22:32:57,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:57,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2023-11-06 22:32:57,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,660 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2023-11-06 22:32:57,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 22:32:57,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2023-11-06 22:32:57,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,674 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 17 proven. 11 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2023-11-06 22:32:57,689 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 22:32:57,689 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1238859384] [2023-11-06 22:32:57,689 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1238859384] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 22:32:57,689 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [670707323] [2023-11-06 22:32:57,689 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 22:32:57,690 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:32:57,690 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 22:32:57,691 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 22:32:57,704 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2023-11-06 22:32:57,823 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 22:32:57,825 INFO L262 TraceCheckSpWp]: Trace formula consists of 328 conjuncts, 13 conjunts are in the unsatisfiable core [2023-11-06 22:32:57,833 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 22:32:58,098 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 17 proven. 12 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2023-11-06 22:32:58,098 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 22:32:58,528 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 8 proven. 4 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2023-11-06 22:32:58,528 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [670707323] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 22:32:58,529 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 22:32:58,529 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 8, 9] total 22 [2023-11-06 22:32:58,529 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2136735237] [2023-11-06 22:32:58,529 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 22:32:58,530 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 22 states [2023-11-06 22:32:58,530 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 22:32:58,531 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 22 interpolants. [2023-11-06 22:32:58,532 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=68, Invalid=394, Unknown=0, NotChecked=0, Total=462 [2023-11-06 22:32:58,532 INFO L87 Difference]: Start difference. First operand 616 states and 727 transitions. Second operand has 22 states, 22 states have (on average 6.318181818181818) internal successors, (139), 15 states have internal predecessors, (139), 7 states have call successors, (23), 10 states have call predecessors, (23), 10 states have return successors, (23), 10 states have call predecessors, (23), 7 states have call successors, (23) [2023-11-06 22:33:00,505 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 22:33:00,505 INFO L93 Difference]: Finished difference Result 1299 states and 1586 transitions. [2023-11-06 22:33:00,506 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 57 states. [2023-11-06 22:33:00,506 INFO L78 Accepts]: Start accepts. Automaton has has 22 states, 22 states have (on average 6.318181818181818) internal successors, (139), 15 states have internal predecessors, (139), 7 states have call successors, (23), 10 states have call predecessors, (23), 10 states have return successors, (23), 10 states have call predecessors, (23), 7 states have call successors, (23) Word has length 97 [2023-11-06 22:33:00,507 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 22:33:00,507 INFO L225 Difference]: With dead ends: 1299 [2023-11-06 22:33:00,507 INFO L226 Difference]: Without dead ends: 0 [2023-11-06 22:33:00,514 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 284 GetRequests, 204 SyntacticMatches, 7 SemanticMatches, 73 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1496 ImplicationChecksByTransitivity, 1.3s TimeCoverageRelationStatistics Valid=1233, Invalid=4317, Unknown=0, NotChecked=0, Total=5550 [2023-11-06 22:33:00,515 INFO L413 NwaCegarLoop]: 48 mSDtfsCounter, 1194 mSDsluCounter, 476 mSDsCounter, 0 mSdLazyCounter, 820 mSolverCounterSat, 467 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1196 SdHoareTripleChecker+Valid, 524 SdHoareTripleChecker+Invalid, 1287 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 467 IncrementalHoareTripleChecker+Valid, 820 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2023-11-06 22:33:00,515 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [1196 Valid, 524 Invalid, 1287 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [467 Valid, 820 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2023-11-06 22:33:00,517 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2023-11-06 22:33:00,517 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2023-11-06 22:33:00,517 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2023-11-06 22:33:00,518 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2023-11-06 22:33:00,518 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 97 [2023-11-06 22:33:00,518 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 22:33:00,518 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2023-11-06 22:33:00,518 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 22 states, 22 states have (on average 6.318181818181818) internal successors, (139), 15 states have internal predecessors, (139), 7 states have call successors, (23), 10 states have call predecessors, (23), 10 states have return successors, (23), 10 states have call predecessors, (23), 7 states have call successors, (23) [2023-11-06 22:33:00,519 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2023-11-06 22:33:00,519 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2023-11-06 22:33:00,521 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2023-11-06 22:33:00,541 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2023-11-06 22:33:00,728 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 22:33:00,730 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2023-11-06 22:33:05,481 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 318 324) no Hoare annotation was computed. [2023-11-06 22:33:05,481 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 318 324) the Hoare annotation is: true [2023-11-06 22:33:05,482 INFO L899 garLoopResultBuilder]: For program point L123-1(lines 119 130) no Hoare annotation was computed. [2023-11-06 22:33:05,482 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 119 130) the Hoare annotation is: (let ((.cse3 (= ~methaneLevelCritical~0 0)) (.cse5 (= |old(~methaneLevelCritical~0)| 0))) (let ((.cse1 (not .cse5)) (.cse7 (not (= ~pumpRunning~0 1))) (.cse0 (< 2 ~waterLevel~0)) (.cse2 (not (= ~pumpRunning~0 0))) (.cse4 (not (= 1 ~systemActive~0))) (.cse6 (not .cse3))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse0 .cse4 .cse5 .cse6 .cse7) (or .cse0 .cse1 .cse3 .cse4 .cse7) (or .cse0 .cse2 .cse4 .cse5 .cse6)))) [2023-11-06 22:33:05,482 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 119 130) no Hoare annotation was computed. [2023-11-06 22:33:05,482 INFO L895 garLoopResultBuilder]: At program point L366(line 366) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (and (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 1)) .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:33:05,482 INFO L899 garLoopResultBuilder]: For program point L73(lines 73 79) no Hoare annotation was computed. [2023-11-06 22:33:05,483 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 294 317) no Hoare annotation was computed. [2023-11-06 22:33:05,483 INFO L895 garLoopResultBuilder]: At program point L358(line 358) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (and (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 1)) .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:33:05,483 INFO L899 garLoopResultBuilder]: For program point L358-1(line 358) no Hoare annotation was computed. [2023-11-06 22:33:05,483 INFO L899 garLoopResultBuilder]: For program point L69(lines 69 82) no Hoare annotation was computed. [2023-11-06 22:33:05,483 INFO L895 garLoopResultBuilder]: At program point L69-1(lines 54 86) the Hoare annotation is: (let ((.cse1 (= ~methaneLevelCritical~0 0)) (.cse3 (= ~pumpRunning~0 0)) (.cse7 (<= ~waterLevel~0 1)) (.cse14 (<= |timeShift___utac_acc__Specification3_spec__1_~tmp___0~0#1| 1)) (.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse15 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse16 (= 1 ~systemActive~0)) (.cse17 (= |old(~pumpRunning~0)| 0)) (.cse11 (= |timeShift___utac_acc__Specification3_spec__1_~tmp~0#1| 0))) (let ((.cse5 (not .cse11)) (.cse10 (not (= |old(~pumpRunning~0)| 1))) (.cse8 (<= ~waterLevel~0 |old(~waterLevel~0)|)) (.cse9 (= ~pumpRunning~0 1)) (.cse6 (< 2 |old(~waterLevel~0)|)) (.cse0 (not .cse17)) (.cse2 (not .cse16)) (.cse12 (and .cse3 .cse7 .cse16 .cse17 .cse14 .cse11 .cse4 .cse15)) (.cse13 (not .cse1))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6) (or .cse1 .cse2 (and .cse7 .cse8 .cse5 .cse9) .cse10 .cse6 (and .cse3 .cse7 .cse8 .cse5)) (or (and .cse11 .cse4 .cse9) .cse0 .cse2 .cse12 .cse13 .cse6) (or (and .cse3 .cse7 .cse14 .cse11 .cse8 .cse15) .cse2 .cse13 .cse10 (and .cse7 .cse14 .cse11 .cse8 .cse15 .cse9) .cse6) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse2 .cse12 .cse13)))) [2023-11-06 22:33:05,484 INFO L895 garLoopResultBuilder]: At program point L61(line 61) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= ~waterLevel~0 1)) (.cse11 (= 1 ~systemActive~0)) (.cse12 (= |old(~pumpRunning~0)| 0)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse10 (= ~methaneLevelCritical~0 0))) (let ((.cse7 (not .cse10)) (.cse8 (and .cse4 .cse10 .cse0 .cse11 .cse12 .cse9)) (.cse2 (= ~pumpRunning~0 1)) (.cse6 (not .cse12)) (.cse3 (not .cse11)) (.cse5 (< 2 |old(~waterLevel~0)|))) (and (let ((.cse1 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or (and .cse0 .cse1 .cse2) .cse3 (not (= |old(~pumpRunning~0)| 1)) (and .cse4 .cse0 .cse1) .cse5)) (or (< 1 |old(~waterLevel~0)|) .cse6 .cse3 .cse7 .cse8) (or .cse6 .cse3 .cse7 .cse8 .cse5 (and .cse9 .cse2)) (or .cse6 (and .cse4 .cse9) .cse10 .cse3 .cse5)))) [2023-11-06 22:33:05,484 INFO L899 garLoopResultBuilder]: For program point L61-1(line 61) no Hoare annotation was computed. [2023-11-06 22:33:05,486 INFO L895 garLoopResultBuilder]: At program point getWaterLevel_returnLabel#1(lines 163 171) the Hoare annotation is: (let ((.cse8 (= ~pumpRunning~0 0)) (.cse3 (= ~methaneLevelCritical~0 0)) (.cse9 (<= ~waterLevel~0 1)) (.cse12 (= 1 ~systemActive~0)) (.cse5 (= |timeShift___utac_acc__Specification3_spec__1_~tmp~0#1| 0)) (.cse6 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse11 (<= |timeShift_getWaterLevel_#res#1| 1)) (.cse13 (= |old(~pumpRunning~0)| 0))) (let ((.cse0 (not .cse13)) (.cse2 (and .cse8 .cse3 .cse9 .cse12 .cse13 .cse5 .cse6 .cse11)) (.cse1 (not .cse12)) (.cse7 (= ~pumpRunning~0 1)) (.cse4 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (= |timeShift_getWaterLevel_#res#1| 1)) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1 .cse2) (or .cse0 .cse3 .cse1 .cse4) (or (and .cse5 .cse6 .cse7) .cse0 .cse1 .cse4 .cse2) (let ((.cse10 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or (and .cse8 .cse3 .cse9 .cse5 .cse10 .cse11) .cse1 (and .cse3 .cse9 .cse5 .cse10 .cse11 .cse7) (not (= |old(~pumpRunning~0)| 1)) .cse4))))) [2023-11-06 22:33:05,486 INFO L895 garLoopResultBuilder]: At program point L371(line 371) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse0 .cse1))) [2023-11-06 22:33:05,486 INFO L895 garLoopResultBuilder]: At program point L371-1(lines 352 376) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse0 (<= ~waterLevel~0 1)) (.cse11 (= 1 ~systemActive~0)) (.cse12 (= |old(~pumpRunning~0)| 0)) (.cse9 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse10 (= ~methaneLevelCritical~0 0))) (let ((.cse7 (not .cse10)) (.cse8 (and .cse4 .cse10 .cse0 .cse11 .cse12 .cse9)) (.cse2 (= ~pumpRunning~0 1)) (.cse6 (not .cse12)) (.cse3 (not .cse11)) (.cse5 (< 2 |old(~waterLevel~0)|))) (and (let ((.cse1 (<= ~waterLevel~0 |old(~waterLevel~0)|))) (or (and .cse0 .cse1 .cse2) .cse3 (not (= |old(~pumpRunning~0)| 1)) (and .cse4 .cse0 .cse1) .cse5)) (or (< 1 |old(~waterLevel~0)|) .cse6 .cse3 .cse7 .cse8) (or .cse6 .cse3 .cse7 .cse8 .cse5 (and .cse9 .cse2)) (or .cse6 (and .cse4 .cse9) .cse10 .cse3 .cse5)))) [2023-11-06 22:33:05,486 INFO L899 garLoopResultBuilder]: For program point L305-1(lines 305 311) no Hoare annotation was computed. [2023-11-06 22:33:05,486 INFO L899 garLoopResultBuilder]: For program point L590(line 590) no Hoare annotation was computed. [2023-11-06 22:33:05,486 INFO L899 garLoopResultBuilder]: For program point L99(lines 99 103) no Hoare annotation was computed. [2023-11-06 22:33:05,487 INFO L895 garLoopResultBuilder]: At program point L99-2(lines 95 106) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or (and (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|) (= ~pumpRunning~0 1)) .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:33:05,487 INFO L895 garLoopResultBuilder]: At program point __automaton_fail_returnLabel#1(lines 586 593) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1))) [2023-11-06 22:33:05,487 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 294 317) the Hoare annotation is: (let ((.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~pumpRunning~0)| 1)) .cse1 (and .cse2 (= ~pumpRunning~0 1))) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse2) .cse0 .cse1))) [2023-11-06 22:33:05,487 INFO L899 garLoopResultBuilder]: For program point L298-1(lines 297 316) no Hoare annotation was computed. [2023-11-06 22:33:05,487 INFO L899 garLoopResultBuilder]: For program point L360(lines 360 368) no Hoare annotation was computed. [2023-11-06 22:33:05,487 INFO L899 garLoopResultBuilder]: For program point L356(lines 356 373) no Hoare annotation was computed. [2023-11-06 22:33:05,487 INFO L895 garLoopResultBuilder]: At program point deactivatePump_returnLabel#1(lines 402 409) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0))) (.cse1 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not (= |old(~pumpRunning~0)| 1)) (and (= ~pumpRunning~0 0) (<= ~waterLevel~0 1) (<= ~waterLevel~0 |old(~waterLevel~0)|)) .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse0 .cse1))) [2023-11-06 22:33:05,488 INFO L899 garLoopResultBuilder]: For program point L63(lines 63 83) no Hoare annotation was computed. [2023-11-06 22:33:05,488 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 294 317) no Hoare annotation was computed. [2023-11-06 22:33:05,488 INFO L895 garLoopResultBuilder]: At program point isPumpRunning_returnLabel#1(lines 421 429) the Hoare annotation is: (let ((.cse2 (< 2 |old(~waterLevel~0)|)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (and (= |timeShift_isPumpRunning_#res#1| 1) (= |timeShift___utac_acc__Specification3_spec__1_~tmp~0#1| 0) (= |old(~waterLevel~0)| ~waterLevel~0) (= ~pumpRunning~0 1)) .cse2) (or .cse1 (not (= |old(~pumpRunning~0)| 1)) .cse2) (or .cse0 (= ~methaneLevelCritical~0 0) .cse1 .cse2) (or (< 1 |old(~waterLevel~0)|) .cse0 .cse1))) [2023-11-06 22:33:05,488 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 590) no Hoare annotation was computed. [2023-11-06 22:33:05,488 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 189 218) no Hoare annotation was computed. [2023-11-06 22:33:05,488 INFO L902 garLoopResultBuilder]: At program point L214(lines 189 218) the Hoare annotation is: true [2023-11-06 22:33:05,488 INFO L899 garLoopResultBuilder]: For program point L210(line 210) no Hoare annotation was computed. [2023-11-06 22:33:05,488 INFO L899 garLoopResultBuilder]: For program point L203(lines 203 207) no Hoare annotation was computed. [2023-11-06 22:33:05,489 INFO L902 garLoopResultBuilder]: At program point L203-1(lines 203 207) the Hoare annotation is: true [2023-11-06 22:33:05,489 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 189 218) the Hoare annotation is: true [2023-11-06 22:33:05,489 INFO L899 garLoopResultBuilder]: For program point L200(line 200) no Hoare annotation was computed. [2023-11-06 22:33:05,489 INFO L902 garLoopResultBuilder]: At program point L199-2(lines 199 213) the Hoare annotation is: true [2023-11-06 22:33:05,489 INFO L902 garLoopResultBuilder]: At program point L195(line 195) the Hoare annotation is: true [2023-11-06 22:33:05,489 INFO L899 garLoopResultBuilder]: For program point L195-1(line 195) no Hoare annotation was computed. [2023-11-06 22:33:05,489 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 131 139) the Hoare annotation is: true [2023-11-06 22:33:05,489 INFO L899 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 131 139) no Hoare annotation was computed. [2023-11-06 22:33:05,489 INFO L899 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 131 139) no Hoare annotation was computed. [2023-11-06 22:33:05,490 INFO L895 garLoopResultBuilder]: At program point L539(lines 496 541) the Hoare annotation is: (let ((.cse0 (= ~methaneLevelCritical~0 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse5 (= ~pumpRunning~0 0)) (.cse6 (<= ~waterLevel~0 1)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= ~pumpRunning~0 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse1 (not .cse0) .cse2 .cse3) (and .cse5 .cse6 .cse1 .cse2) (and .cse6 .cse1 .cse2 .cse4))) [2023-11-06 22:33:05,490 INFO L899 garLoopResultBuilder]: For program point L506(lines 506 512) no Hoare annotation was computed. [2023-11-06 22:33:05,490 INFO L899 garLoopResultBuilder]: For program point L506-1(lines 506 512) no Hoare annotation was computed. [2023-11-06 22:33:05,490 INFO L899 garLoopResultBuilder]: For program point L275(lines 275 282) no Hoare annotation was computed. [2023-11-06 22:33:05,490 INFO L899 garLoopResultBuilder]: For program point L498(lines 498 502) no Hoare annotation was computed. [2023-11-06 22:33:05,490 INFO L899 garLoopResultBuilder]: For program point L275-2(lines 275 282) no Hoare annotation was computed. [2023-11-06 22:33:05,490 INFO L902 garLoopResultBuilder]: At program point runTest_returnLabel#1(lines 252 261) the Hoare annotation is: true [2023-11-06 22:33:05,490 INFO L895 garLoopResultBuilder]: At program point select_features_returnLabel#1(lines 562 568) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:33:05,490 INFO L902 garLoopResultBuilder]: At program point main_returnLabel#1(lines 265 287) the Hoare annotation is: true [2023-11-06 22:33:05,490 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2023-11-06 22:33:05,490 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2023-11-06 22:33:05,491 INFO L899 garLoopResultBuilder]: For program point L532(lines 532 536) no Hoare annotation was computed. [2023-11-06 22:33:05,491 INFO L895 garLoopResultBuilder]: At program point L532-2(lines 526 537) the Hoare annotation is: (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 (= ~pumpRunning~0 1)) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2))) [2023-11-06 22:33:05,491 INFO L895 garLoopResultBuilder]: At program point setup_returnLabel#1(lines 244 250) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:33:05,491 INFO L899 garLoopResultBuilder]: For program point L516(lines 516 522) no Hoare annotation was computed. [2023-11-06 22:33:05,491 INFO L899 garLoopResultBuilder]: For program point L516-1(lines 516 522) no Hoare annotation was computed. [2023-11-06 22:33:05,491 INFO L902 garLoopResultBuilder]: At program point L545(lines 486 549) the Hoare annotation is: true [2023-11-06 22:33:05,491 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2023-11-06 22:33:05,491 INFO L895 garLoopResultBuilder]: At program point L508(line 508) the Hoare annotation is: (let ((.cse0 (= ~methaneLevelCritical~0 0)) (.cse3 (<= ~waterLevel~0 2)) (.cse5 (= ~pumpRunning~0 0)) (.cse6 (<= ~waterLevel~0 1)) (.cse1 (= 1 ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse4 (= ~pumpRunning~0 1))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse5 .cse1 (not .cse0) .cse2 .cse3) (and .cse5 .cse6 .cse1 .cse2) (and .cse6 .cse1 .cse2 .cse4))) [2023-11-06 22:33:05,491 INFO L899 garLoopResultBuilder]: For program point $Ultimate##0(line -1) no Hoare annotation was computed. [2023-11-06 22:33:05,492 INFO L895 garLoopResultBuilder]: At program point select_helpers_returnLabel#1(lines 569 575) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:33:05,492 INFO L895 garLoopResultBuilder]: At program point L542(lines 495 543) the Hoare annotation is: false [2023-11-06 22:33:05,492 INFO L899 garLoopResultBuilder]: For program point L497(lines 496 541) no Hoare annotation was computed. [2023-11-06 22:33:05,492 INFO L899 garLoopResultBuilder]: For program point L526(lines 526 537) no Hoare annotation was computed. [2023-11-06 22:33:05,492 INFO L895 garLoopResultBuilder]: At program point valid_product_returnLabel#1(lines 576 584) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 22:33:05,492 INFO L895 garLoopResultBuilder]: At program point L518(line 518) the Hoare annotation is: (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and .cse0 .cse1 .cse2 (= ~pumpRunning~0 1)) (and (= ~pumpRunning~0 0) .cse0 .cse1 .cse2))) [2023-11-06 22:33:05,492 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 107 118) no Hoare annotation was computed. [2023-11-06 22:33:05,492 INFO L899 garLoopResultBuilder]: For program point L111-1(lines 107 118) no Hoare annotation was computed. [2023-11-06 22:33:05,492 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 107 118) the Hoare annotation is: (let ((.cse5 (< 1 |old(~waterLevel~0)|)) (.cse2 (not (= ~pumpRunning~0 1))) (.cse6 (not (= ~pumpRunning~0 0))) (.cse1 (= ~methaneLevelCritical~0 0)) (.cse0 (not (= 1 ~systemActive~0))) (.cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse4 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 (not .cse1) .cse2 .cse3 .cse4) (or .cse5 .cse6 .cse0 .cse3) (or .cse5 .cse0 .cse2 .cse3) (or .cse6 .cse1 .cse0 .cse3 .cse4))) [2023-11-06 22:33:05,493 INFO L899 garLoopResultBuilder]: For program point L475(lines 475 479) no Hoare annotation was computed. [2023-11-06 22:33:05,493 INFO L899 garLoopResultBuilder]: For program point L475-2(lines 475 479) no Hoare annotation was computed. [2023-11-06 22:33:05,493 INFO L895 garLoopResultBuilder]: At program point L345(line 345) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) .cse0))) [2023-11-06 22:33:05,493 INFO L899 garLoopResultBuilder]: For program point L345-1(lines 326 350) no Hoare annotation was computed. [2023-11-06 22:33:05,493 INFO L899 garLoopResultBuilder]: For program point L176(lines 176 182) no Hoare annotation was computed. [2023-11-06 22:33:05,493 INFO L895 garLoopResultBuilder]: At program point activatePump__wrappee__highWaterSensor_returnLabel#1(lines 377 384) the Hoare annotation is: (let ((.cse3 (< 1 ~waterLevel~0)) (.cse0 (< 2 ~waterLevel~0)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (and (= |processEnvironment__wrappee__methaneQuery_activatePump_~tmp~4#1| 0) (= |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1| 0) (<= 1 |processEnvironment__wrappee__methaneQuery_~tmp~2#1|) (= ~pumpRunning~0 1) (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_#res#1|))) (or .cse2 .cse3 (not (= |old(~pumpRunning~0)| 1))) (or .cse1 .cse2 .cse3) (or .cse0 .cse1 (= ~methaneLevelCritical~0 0) .cse2))) [2023-11-06 22:33:05,494 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 326 350) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1)) (= ~pumpRunning~0 1)) (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse0))) [2023-11-06 22:33:05,494 INFO L895 garLoopResultBuilder]: At program point isHighWaterSensorDry_returnLabel#1(lines 172 185) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 0)) (.cse5 (= 1 ~systemActive~0)) (.cse6 (= |old(~pumpRunning~0)| 0))) (let ((.cse2 (not .cse6)) (.cse0 (not .cse5)) (.cse3 (and (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1|) .cse4 (<= ~waterLevel~0 1) .cse5 .cse6)) (.cse1 (< 1 ~waterLevel~0))) (and (or .cse0 .cse1 (not (= |old(~pumpRunning~0)| 1))) (or (< 2 ~waterLevel~0) .cse2 .cse0 .cse3 (and .cse4 (= |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1| 0))) (or .cse2 .cse0 .cse3 .cse1)))) [2023-11-06 22:33:05,494 INFO L895 garLoopResultBuilder]: At program point isHighWaterLevel_returnLabel#1(lines 466 484) the Hoare annotation is: (let ((.cse5 (= ~methaneLevelCritical~0 0))) (let ((.cse9 (= |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_~tmp___0~1#1| 0)) (.cse10 (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1|)) (.cse11 (= ~pumpRunning~0 0)) (.cse12 (<= ~waterLevel~0 1)) (.cse13 (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_~tmp~5#1|)) (.cse14 (= 1 ~systemActive~0)) (.cse15 (= |old(~pumpRunning~0)| 0)) (.cse3 (not .cse5)) (.cse16 (= |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_#res#1| 0))) (let ((.cse2 (< 1 ~waterLevel~0)) (.cse6 (and .cse9 .cse10 .cse11 .cse12 .cse13 .cse14 .cse15 .cse3 .cse16)) (.cse7 (< 2 ~waterLevel~0)) (.cse0 (not .cse15)) (.cse1 (not .cse14)) (.cse8 (and .cse11 (= |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1| 0) (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_~tmp___0~1#1|) (= |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_~tmp~5#1| 0) (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_#res#1|))) (.cse4 (and .cse9 .cse10 .cse11 .cse5 .cse12 .cse13 .cse14 .cse15 .cse16))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse1 .cse2 (not (= |old(~pumpRunning~0)| 1))) (or .cse0 .cse5 .cse1 .cse2 .cse6) (or .cse7 .cse0 .cse5 .cse1 .cse8 .cse6) (or .cse7 .cse0 .cse1 .cse3 .cse8 .cse4))))) [2023-11-06 22:33:05,494 INFO L895 garLoopResultBuilder]: At program point L340(line 340) the Hoare annotation is: (let ((.cse0 (not (= 1 ~systemActive~0)))) (and (or (< 2 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1|) (= ~pumpRunning~0 0) (<= ~waterLevel~0 1) (= |processEnvironment__wrappee__methaneQuery_~tmp~2#1| 0) (= |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_#res#1| 0)) .cse0) (or .cse0 (< 1 ~waterLevel~0) (not (= |old(~pumpRunning~0)| 1))))) [2023-11-06 22:33:05,494 INFO L899 garLoopResultBuilder]: For program point L334(lines 334 342) no Hoare annotation was computed. [2023-11-06 22:33:05,495 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__methaneQueryEXIT(lines 326 350) no Hoare annotation was computed. [2023-11-06 22:33:05,495 INFO L899 garLoopResultBuilder]: For program point L330(lines 330 347) no Hoare annotation was computed. [2023-11-06 22:33:05,495 INFO L899 garLoopResultBuilder]: For program point L392(lines 392 398) no Hoare annotation was computed. [2023-11-06 22:33:05,495 INFO L895 garLoopResultBuilder]: At program point L390(line 390) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (< 1 ~waterLevel~0))) (and (or (< 2 ~waterLevel~0) .cse0 .cse1 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1| 0) (<= 1 |processEnvironment__wrappee__methaneQuery_~tmp~2#1|) (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_#res#1|))) (or .cse1 .cse2 (not (= |old(~pumpRunning~0)| 1))) (or .cse0 .cse1 .cse2))) [2023-11-06 22:33:05,495 INFO L895 garLoopResultBuilder]: At program point L392-2(lines 385 401) the Hoare annotation is: (let ((.cse7 (< 1 ~waterLevel~0)) (.cse0 (< 2 ~waterLevel~0)) (.cse1 (not (= |old(~pumpRunning~0)| 0))) (.cse6 (= ~methaneLevelCritical~0 0)) (.cse2 (not (= 1 ~systemActive~0))) (.cse3 (= |processEnvironment__wrappee__methaneQuery_isHighWaterSensorDry_#res#1| 0)) (.cse4 (<= 1 |processEnvironment__wrappee__methaneQuery_~tmp~2#1|)) (.cse5 (<= 1 |processEnvironment__wrappee__methaneQuery_isHighWaterLevel_#res#1|))) (and (or .cse0 .cse1 .cse2 (and (= |processEnvironment__wrappee__methaneQuery_activatePump_~tmp~4#1| 0) .cse3 .cse4 (= ~pumpRunning~0 1) .cse5) (not .cse6)) (or .cse2 .cse7 (not (= |old(~pumpRunning~0)| 1))) (or .cse1 .cse2 .cse7) (or .cse0 .cse1 .cse6 .cse2 (and (= |processEnvironment__wrappee__methaneQuery_activatePump_~tmp~4#1| ~methaneLevelCritical~0) (= ~pumpRunning~0 0) .cse3 .cse4 .cse5)))) [2023-11-06 22:33:05,495 INFO L899 garLoopResultBuilder]: For program point L390-1(line 390) no Hoare annotation was computed. [2023-11-06 22:33:05,495 INFO L902 garLoopResultBuilder]: At program point L415(line 415) the Hoare annotation is: true [2023-11-06 22:33:05,496 INFO L899 garLoopResultBuilder]: For program point L415-1(line 415) no Hoare annotation was computed. [2023-11-06 22:33:05,496 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmEXIT(lines 410 420) no Hoare annotation was computed. [2023-11-06 22:33:05,496 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 410 420) the Hoare annotation is: true [2023-11-06 22:33:05,496 INFO L899 garLoopResultBuilder]: For program point isMethaneAlarmFINAL(lines 410 420) no Hoare annotation was computed. [2023-11-06 22:33:05,498 INFO L445 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 22:33:05,501 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2023-11-06 22:33:05,547 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 06.11 10:33:05 BoogieIcfgContainer [2023-11-06 22:33:05,547 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2023-11-06 22:33:05,548 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2023-11-06 22:33:05,548 INFO L270 PluginConnector]: Initializing Witness Printer... [2023-11-06 22:33:05,548 INFO L274 PluginConnector]: Witness Printer initialized [2023-11-06 22:33:05,549 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 10:32:48" (3/4) ... [2023-11-06 22:33:05,551 INFO L137 WitnessPrinter]: Generating witness for correct program [2023-11-06 22:33:05,556 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2023-11-06 22:33:05,556 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2023-11-06 22:33:05,556 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2023-11-06 22:33:05,556 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2023-11-06 22:33:05,556 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2023-11-06 22:33:05,557 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2023-11-06 22:33:05,557 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__methaneQuery [2023-11-06 22:33:05,557 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneAlarm [2023-11-06 22:33:05,566 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 18 nodes and edges [2023-11-06 22:33:05,567 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2023-11-06 22:33:05,567 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2023-11-06 22:33:05,568 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 22:33:05,569 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 22:33:05,601 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,602 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)))) && (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) || ((\old(waterLevel) == waterLevel) && (pumpRunning == 1)))) && ((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,603 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && !((tmp == 0)))) || (2 < \old(waterLevel))) && ((((((methaneLevelCritical == 0) || !((1 == systemActive))) || ((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))) && (pumpRunning == 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) && ((((((((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp___0 <= 1)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || !((methaneLevelCritical == 0))) || (2 < \old(waterLevel)))) && (((((((((((pumpRunning == 0) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || !((\old(pumpRunning) == 1))) || ((((((waterLevel <= 1) && (tmp___0 <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || (2 < \old(waterLevel)))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp___0 <= 1)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || !((methaneLevelCritical == 0)))) [2023-11-06 22:33:05,603 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((((((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (2 < \old(waterLevel))) || ((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || ((((((methaneLevelCritical == 0) && (waterLevel <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((tmp == 0) && (\result == 0)) && (1 <= tmp)) && (pumpRunning == 1)) && (1 <= \result))) || !((methaneLevelCritical == 0))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((tmp == methaneLevelCritical) && (pumpRunning == 0)) && (\result == 0)) && (1 <= tmp)) && (1 <= \result)))) [2023-11-06 22:33:05,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((tmp == 0) && (\result == 0)) && (1 <= tmp)) && (pumpRunning == 1)) && (1 <= \result))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive)))) [2023-11-06 22:33:05,604 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 0)))) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0))) || (1 < waterLevel))) [2023-11-06 22:33:05,605 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((\result == 1) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:33:05,605 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || !((methaneLevelCritical == 0))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\result == 0)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (\result == 0)) && (1 <= tmp___0)) && (tmp == 0)) && (1 <= \result))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\result == 0)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (((((pumpRunning == 0) && (\result == 0)) && (1 <= tmp___0)) && (tmp == 0)) && (1 <= \result))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)))) [2023-11-06 22:33:05,606 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,645 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,645 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)))) && (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) || ((\old(waterLevel) == waterLevel) && (pumpRunning == 1)))) && ((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,646 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && !((tmp == 0)))) || (2 < \old(waterLevel))) && ((((((methaneLevelCritical == 0) || !((1 == systemActive))) || ((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))) && (pumpRunning == 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) && ((((((((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp___0 <= 1)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || !((methaneLevelCritical == 0))) || (2 < \old(waterLevel)))) && (((((((((((pumpRunning == 0) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || !((\old(pumpRunning) == 1))) || ((((((waterLevel <= 1) && (tmp___0 <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || (2 < \old(waterLevel)))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp___0 <= 1)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || !((methaneLevelCritical == 0)))) [2023-11-06 22:33:05,646 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,647 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((((((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (2 < \old(waterLevel))) || ((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || ((((((methaneLevelCritical == 0) && (waterLevel <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,647 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((tmp == 0) && (\result == 0)) && (1 <= tmp)) && (pumpRunning == 1)) && (1 <= \result))) || !((methaneLevelCritical == 0))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((tmp == methaneLevelCritical) && (pumpRunning == 0)) && (\result == 0)) && (1 <= tmp)) && (1 <= \result)))) [2023-11-06 22:33:05,647 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((tmp == 0) && (\result == 0)) && (1 <= tmp)) && (pumpRunning == 1)) && (1 <= \result))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive)))) [2023-11-06 22:33:05,647 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 0)))) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0))) || (1 < waterLevel))) [2023-11-06 22:33:05,648 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((\result == 1) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) [2023-11-06 22:33:05,648 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || !((methaneLevelCritical == 0))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\result == 0)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (\result == 0)) && (1 <= tmp___0)) && (tmp == 0)) && (1 <= \result))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\result == 0)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (((((pumpRunning == 0) && (\result == 0)) && (1 <= tmp___0)) && (tmp == 0)) && (1 <= \result))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)))) [2023-11-06 22:33:05,648 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) [2023-11-06 22:33:05,668 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.graphml [2023-11-06 22:33:05,669 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.yaml [2023-11-06 22:33:05,669 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2023-11-06 22:33:05,670 INFO L158 Benchmark]: Toolchain (without parser) took 18450.55ms. Allocated memory was 151.0MB in the beginning and 257.9MB in the end (delta: 107.0MB). Free memory was 106.4MB in the beginning and 204.2MB in the end (delta: -97.8MB). Peak memory consumption was 10.1MB. Max. memory is 16.1GB. [2023-11-06 22:33:05,670 INFO L158 Benchmark]: CDTParser took 0.35ms. Allocated memory is still 151.0MB. Free memory is still 125.4MB. There was no memory consumed. Max. memory is 16.1GB. [2023-11-06 22:33:05,670 INFO L158 Benchmark]: CACSL2BoogieTranslator took 542.90ms. Allocated memory is still 151.0MB. Free memory was 105.9MB in the beginning and 87.0MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2023-11-06 22:33:05,671 INFO L158 Benchmark]: Boogie Procedure Inliner took 60.24ms. Allocated memory is still 151.0MB. Free memory was 87.0MB in the beginning and 85.0MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 22:33:05,671 INFO L158 Benchmark]: Boogie Preprocessor took 36.63ms. Allocated memory is still 151.0MB. Free memory was 85.0MB in the beginning and 83.3MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 22:33:05,672 INFO L158 Benchmark]: RCFGBuilder took 632.16ms. Allocated memory is still 151.0MB. Free memory was 83.3MB in the beginning and 66.6MB in the end (delta: 16.8MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2023-11-06 22:33:05,672 INFO L158 Benchmark]: TraceAbstraction took 17047.38ms. Allocated memory was 151.0MB in the beginning and 257.9MB in the end (delta: 107.0MB). Free memory was 65.6MB in the beginning and 211.5MB in the end (delta: -145.9MB). Peak memory consumption was 102.4MB. Max. memory is 16.1GB. [2023-11-06 22:33:05,672 INFO L158 Benchmark]: Witness Printer took 121.14ms. Allocated memory is still 257.9MB. Free memory was 211.5MB in the beginning and 204.2MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2023-11-06 22:33:05,675 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.35ms. Allocated memory is still 151.0MB. Free memory is still 125.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 542.90ms. Allocated memory is still 151.0MB. Free memory was 105.9MB in the beginning and 87.0MB in the end (delta: 18.9MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 60.24ms. Allocated memory is still 151.0MB. Free memory was 87.0MB in the beginning and 85.0MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 36.63ms. Allocated memory is still 151.0MB. Free memory was 85.0MB in the beginning and 83.3MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 632.16ms. Allocated memory is still 151.0MB. Free memory was 83.3MB in the beginning and 66.6MB in the end (delta: 16.8MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 17047.38ms. Allocated memory was 151.0MB in the beginning and 257.9MB in the end (delta: 107.0MB). Free memory was 65.6MB in the beginning and 211.5MB in the end (delta: -145.9MB). Peak memory consumption was 102.4MB. Max. memory is 16.1GB. * Witness Printer took 121.14ms. Allocated memory is still 257.9MB. Free memory was 211.5MB in the beginning and 204.2MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification3_spec.i","") [49] - GenericResultAtLocation [Line: 87]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [87] - GenericResultAtLocation [Line: 186]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [186] - GenericResultAtLocation [Line: 288]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [288] - GenericResultAtLocation [Line: 485]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [485] - GenericResultAtLocation [Line: 550]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [550] - GenericResultAtLocation [Line: 585]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [585] - GenericResultAtLocation [Line: 594]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [594] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 590]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 95 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 16.9s, OverallIterations: 13, TraceHistogramMax: 4, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 6.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 4.8s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2951 SdHoareTripleChecker+Valid, 3.4s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2908 mSDsluCounter, 4408 SdHoareTripleChecker+Invalid, 2.8s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 3266 mSDsCounter, 981 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 3528 IncrementalHoareTripleChecker+Invalid, 4509 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 981 mSolverCounterUnsat, 1142 mSDtfsCounter, 3528 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 629 GetRequests, 422 SyntacticMatches, 7 SemanticMatches, 200 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1917 ImplicationChecksByTransitivity, 2.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=762occurred in iteration=11, InterpolantAutomatonStates: 175, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.8s AutomataMinimizationTime, 13 MinimizatonAttempts, 109 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 43 LocationsWithAnnotation, 2383 PreInvPairs, 2626 NumberOfFragments, 1934 HoareAnnotationTreeSize, 2383 FomulaSimplifications, 3726 FormulaSimplificationTreeSizeReduction, 0.3s HoareSimplificationTime, 43 FomulaSimplificationsInter, 7573 FormulaSimplificationTreeSizeReductionInter, 4.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 3.2s InterpolantComputationTime, 921 NumberOfCodeBlocks, 921 NumberOfCodeBlocksAsserted, 15 NumberOfCheckSat, 1002 ConstructedInterpolants, 0 QuantifiedInterpolants, 1696 SizeOfPredicates, 6 NumberOfNonLiveVariables, 656 ConjunctsInSsa, 17 ConjunctsInUnsatCore, 16 InterpolantComputations, 12 PerfectInterpolantSequences, 208/246 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 54]: Loop Invariant Derived loop invariant: ((((((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && !((tmp == 0)))) || (2 < \old(waterLevel))) && ((((((methaneLevelCritical == 0) || !((1 == systemActive))) || ((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))) && (pumpRunning == 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel))) && !((tmp == 0))))) && ((((((((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp___0 <= 1)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || !((methaneLevelCritical == 0))) || (2 < \old(waterLevel)))) && (((((((((((pumpRunning == 0) && (waterLevel <= 1)) && (tmp___0 <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || !((\old(pumpRunning) == 1))) || ((((((waterLevel <= 1) && (tmp___0 <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || (2 < \old(waterLevel)))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp___0 <= 1)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1))) || !((methaneLevelCritical == 0)))) - InvariantResult [Line: 496]: Loop Invariant Derived loop invariant: ((((((((methaneLevelCritical == 0) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (pumpRunning == 1)) || (((((pumpRunning == 0) && (1 == systemActive)) && !((methaneLevelCritical == 0))) && (splverifierCounter == 0)) && (waterLevel <= 2))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0))) || ((((waterLevel <= 1) && (1 == systemActive)) && (splverifierCounter == 0)) && (pumpRunning == 1))) - InvariantResult [Line: 244]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 586]: Loop Invariant Derived loop invariant: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 486]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 562]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 163]: Loop Invariant Derived loop invariant: (((((((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 1))) || !((1 == systemActive))) || (\result == 1)) && ((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || ((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((((((tmp == 0) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (2 < \old(waterLevel))) || ((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (\result <= 1)))) && ((((((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) || !((1 == systemActive))) || ((((((methaneLevelCritical == 0) && (waterLevel <= 1)) && (tmp == 0)) && (waterLevel <= \old(waterLevel))) && (\result <= 1)) && (pumpRunning == 1))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 576]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 495]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 189]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 569]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 377]: Loop Invariant Derived loop invariant: (((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((tmp == 0) && (\result == 0)) && (1 <= tmp)) && (pumpRunning == 1)) && (1 <= \result))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive)))) - InvariantResult [Line: 352]: Loop Invariant Derived loop invariant: ((((((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && (((((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel)))) && (((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || ((((((pumpRunning == 0) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel))) || ((\old(waterLevel) == waterLevel) && (pumpRunning == 1)))) && ((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 265]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 172]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 0)))) && (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (((((1 <= \result) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 == systemActive)) && (\old(pumpRunning) == 0))) || (1 < waterLevel))) - InvariantResult [Line: 421]: Loop Invariant Derived loop invariant: ((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || ((((\result == 1) && (tmp == 0)) && (\old(waterLevel) == waterLevel)) && (pumpRunning == 1))) || (2 < \old(waterLevel))) && ((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) && (((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) && (((1 < \old(waterLevel)) || !((\old(pumpRunning) == 0))) || !((1 == systemActive)))) - InvariantResult [Line: 402]: Loop Invariant Derived loop invariant: ((((!((1 == systemActive)) || !((\old(pumpRunning) == 1))) || (((pumpRunning == 0) && (waterLevel <= 1)) && (waterLevel <= \old(waterLevel)))) || (2 < \old(waterLevel))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 95]: Loop Invariant Derived loop invariant: (((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (2 < \old(waterLevel))) && ((((((waterLevel <= 1) && (waterLevel <= \old(waterLevel))) && (pumpRunning == 1)) || !((1 == systemActive))) || !((\old(pumpRunning) == 1))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 199]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 466]: Loop Invariant Derived loop invariant: ((((((((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || !((methaneLevelCritical == 0))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((((!((\old(pumpRunning) == 0)) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (1 < waterLevel)) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\result == 0)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((pumpRunning == 0) && (\result == 0)) && (1 <= tmp___0)) && (tmp == 0)) && (1 <= \result))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && !((methaneLevelCritical == 0))) && (\result == 0)))) && ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || !((methaneLevelCritical == 0))) || (((((pumpRunning == 0) && (\result == 0)) && (1 <= tmp___0)) && (tmp == 0)) && (1 <= \result))) || (((((((((tmp___0 == 0) && (1 <= \result)) && (pumpRunning == 0)) && (methaneLevelCritical == 0)) && (waterLevel <= 1)) && (1 <= tmp)) && (1 == systemActive)) && (\old(pumpRunning) == 0)) && (\result == 0)))) - InvariantResult [Line: 252]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 385]: Loop Invariant Derived loop invariant: ((((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || !((1 == systemActive))) || (((((tmp == 0) && (\result == 0)) && (1 <= tmp)) && (pumpRunning == 1)) && (1 <= \result))) || !((methaneLevelCritical == 0))) && ((!((1 == systemActive)) || (1 < waterLevel)) || !((\old(pumpRunning) == 1)))) && ((!((\old(pumpRunning) == 0)) || !((1 == systemActive))) || (1 < waterLevel))) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || (methaneLevelCritical == 0)) || !((1 == systemActive))) || (((((tmp == methaneLevelCritical) && (pumpRunning == 0)) && (\result == 0)) && (1 <= tmp)) && (1 <= \result)))) RESULT: Ultimate proved your program to be correct! [2023-11-06 22:33:05,726 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_500af8e7-2eea-4a72-b8e0-10e1b8ec5813/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE